问题
Why are browsers allowed to display source code for HTML/CSS/JavaScript files? I've been told that obfuscation is not the ultimate answer to provide protection. So once the code is sent to the client-side, anyone can steal the front-end data? Can't all popular browsers provide a password mechanism so that unauthorized users can't see the source code? Companies invest a lot of time, money, and other resources in developing professional sites, yet it seems there is a lot of business out there for thieves.
Note that I am not asking if source code can be hidden or what tool can be used to do that. There have been questions/discussions about that already. The client-side source code can be visible to browsers, but what I don't get is WHY they are allowed to show it to the user. Can't they process the files in the background instead of saying "Here is the code for the viewed page. Go ahead and check it out!"?
UPDATE: Thanks for the answers. I see there are other ways of getting the client-side code. So putting restrictions on browsers won't solve the problem. Plain-text, mmmm. The underlying front-end framework of the Internet could have gravitated more toward helping developers protect their work. :)
回答1:
Ultimately, even if browsers did remove the Show Source Code option, it would be absolutely trivial (as in a single wget command, or a couple of lines of C#) to write a program that would get the markup, js, and CSS.
A web server is serving a document - so you are giving your document to the user. Why would you expect the document to be somehow hidden from the user?
EDIT I think you need to understand a little bit more about the history of the internet, and what it was and wasn't designed for. HTTP is not "The Internet", any more than FTP, TelNet, or World of Warcraft are "The Internet". When the internet was invented, HTML, CSS and JavaScript simply did not exist, so consideration of protecting intellectual property was not an issue. ARPANET (the precursor to the modern internet) was designed to allow access to super-computers for remote workers - the web was not remotely a consideration.
回答2:
Because hiding the code is a waste of time?
Let's assume you've got a world where web browsers all prohibit you from seeing the HTML, CSS and JavaScript. If I want to see the code, all I have to do is Telnet to your server and insert the HTTP codes in by hand and I'll see the code. Or I write a script in [insert the scripting language of your choice], taking about five minutes out of my day, that will do it for me. Or I use programs like wget or fetch or the like.
Why would a browser maker bother?
回答3:
The HTML+CSS+Javascript is all sent as plain text, therefore there would be little point in the browsers preventing a user from viewing this as anyone wanting to misuse the raw data, would find it trivial to access it without the browser. In fact they could even retrieve it with telnet alone.
回答4:
- Because HTML/CSS/JAvascript is not source code, it is some sort of result code.
- Why cannot all browsers provide a password mechanism so that unauthorized users can't see the source code? Because they don't have to do it, and since it's business, the more 'features' they provide, the more popular they are.
- You do not need to be a browser to see html/css/javasript.
来源:https://stackoverflow.com/questions/5348809/why-are-browsers-allowed-to-display-client-side-source-code