Copy protect images and web pages

JavaScript detection and debugging errors


What is JavaScript?

JavaScript is a client-side scripting language developed by Netscape to enable interactive web sites. It is also extensively used within web browser software and although it shares many of the features of the Java language it was developed independently. JavaScript can interact with HTML code enabling web designers to create dynamic content, manipulate images and more. JavaScript is an open source language that anyone can use without purchasing a license. It is supported in all modern web browsers.

What can JavaScript do?

JavaScript can be used to create and read cookies, detect browser version, operating system, plugin version, manipulate complex calculations and more, such as a fairly competitive game of chess that can be run from a web page without any more than JavaScript and HTML (only 13k of code).

What can JavaScript not do?

JavaScript does not have any graphics capabilities of its own, except for the ability to format and display HTML (which however does include images, tables, frames, forms, fonts, and other html elements).

JavaScript cannot directly access files on the user's system or the client-side LAN... the only exception is access to the browser's cookie files. JavaScript has no networking support and while it does know how to request information via the web browser, it cannot engage in network activity of its own. Nor can it implement multiprocessing or multithreading.

Most of the limitations on JavaScript have been set for security reasons. JavaScript is currently the safest scripting language available as all known security loops have been closed.

What if JavaScript is disabled?

If JavaScript is disabled in a web browser, your visitor won't get far because JavaScript is needed to create the embed tags that activate the Copysafe Web plugin. If the plugin is not activated your encrypted images will not be displayed because the security applet hasn't been given the go ahead. While this may seem secure it is a situation that we want to avoid, so it's best to detect the anomaly and deal with it.

How to detect JavaScript

The simplest detection that works in plain HTML is the NOSCRIPT tag placed in the header of the web page:

<NOSCRIPT>This page uses JavaScript. Your browser either doesn't support JavaScript or you have it turned off. </NOSCRIPT>

While the above warning is a polite way of advising that your web pages will function better if they enabled JavaScript, it doesn't yet do anything to protect content on your page that is not encrypted. So with further modification you can forcefully redirect the visitor by using the following code:

<NOSCRIPT>This page uses JavaScript.
<meta http-equiv="refresh" content="0;url=/javascript-warn.html"></NOSCRIPT>

The NOSCRIPT message/redirect can appear before the <HTML> tag for the most immediate response.

The problem faced in detecting JavaScript is that it is client-side scripting and loads after any server side script has played it's part. A useful example that can work server side uses ASP.NET

Pre-empting the situation and detecting the lack of JavaScript is preferred. This can be done by using a combination of JavaScript and ASP, PHP or CGI, but not on the same page. Your home page or catalogue menu can create a cookie using JavaScript which can then be read by the protected page using ASP. If the cookie is not found the ASP can redirect your visitor for advice and counseling. Here is the JavaScript cookie code that will expire at the end of the visitor's session:

function makeCookie(name, data){
var name= "jscript";
var data = "true";
var cookieStr = name + "=" + data
document.cookie = cookieStr}

The cookie can be triggered by an onload statement in the page's BODY tag:

<BODY onLoad= "makeCookie();">

On your protected page you can use ASP to read the cookie and take action if needed:

<%
If Request.Cookies("jscript") = "true" then
    'do nothing
else
     response.redirect("/javascript-warn.html")
end if
%>

Which is the best method? We recommend using all that are possible on your site/server.

Return to top