Jon Austin wrote: >This is a fallacy; the client's browser need to see plain text or it >will never be able to render the HTML! (SSL being the exception - the >browser knows how to handle it) > >What you are doing is actually 'encoding' the HTML sent to the client; >this is at best obfuscation and will not stop someone who is >determined. > > This is exactly what html guardian does. All it is is a couple of line of code that applies an increment/decrement to each character code to output as a string to the browser. In the browser is a javascript function that takes this string and reverses the changes to the character codes. It add some very simple javascript to "prevent" right clicking (also encoded by their function).
It would be pretty easy to pipe all the out from an application into a variable and then do this sort of thing to the contents of the variable as the last action in a template (onRequestEnd.cfm/app_layout.cfm/whatevertakesyourfancy.cfm) Be aware, that this type of application requires that site users have javascript enabled and is easily reverse engineered in about 10 minutes, which is what I just did to be able to give this response. Regards Stephen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:185422 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
