Obfuscate javascript with inline PHP?

Question

I'm searching for a javascript obfuscator. Though I've found many obfuscators, no one so far seems to be able to handle (ie ignore) inline php code. Example of what I mean by inline php code:

var my_javascript_variable = <?php echo $my_php_variable; ?>;

Is this possible to obuscate, and if so, does anyone know of such a tool?

You can minify the above with whatever tool you usually use. You just have to run it (I mean serve the page, run the PHP), and take the output and minify that. You could do that on a protected page and output the minified result onto an accessible page. — Peter Ajtai, Jun 30 '10 at 14:21
What about to separate dynamic parts of your javascript with static parts and then obfuscate and/or minimize only static part and leave dynamic part unobfuscated? — uthark, Jun 30 '10 at 14:33

score 2 · Accepted Answer · answered Jun 30 '10 at 14:16

2

Not aware of any obfuscator capable of doing this, but you could simply make your JavaScript code reference a Config Object instead of the PHP code. Then you can obfuscate the main JavaScript code, e.g.

// Config object with anything that has to be assigned through PHP
var Config = { 'foo': '<?php echo $foo?>'  }

// and some obfuscated code that uses the Config object
var _0x76dc=["\x66\x6F\x6F"];alert(Config[_0x76dc[0]]);

answered Jun 30 '10 at 14:16

Gordon

312,688
75
539
559

That's a neat suggestion. Seems to work too. It's the best solution yet, so I will go with it! – Biggles Jul 01 '10 at 12:50
wouldn't $foo variable still be visable? – inside83 Jun 01 '21 at 07:52

robjmills · Answer 2 · 2010-06-30T14:22:06.013

2

I'd suggest not actually obfuscating in the first place but to minify (using yui compressor / jsmin or similar) instead but thats just my opinion

edited Jun 30 '10 at 14:22

answered Jun 30 '10 at 14:17

robjmills

18,438
15
77
121

1

Obfuscating for security doesn't work, especially with JS. Compression does make sense. – Pete Jun 30 '10 at 14:25

score 1 · Answer 3 · answered Dec 31 '20 at 11:52

Run your inline php and javascript into ob_start();
Insert ob_start(); at the beginning of your javascript inside the <script> tag

<?php ob_start();  ?>

Your inline php and javscript goes here

Insert ob_get_clean(); where you want to end the encryption of your inline php and javscript

<?php $jsCode = ob_get_clean(); ?>

Then run $jsCode through your php obfuscator class.
However, I'm yet to find a good working PHP javascript Obfuscator which can not be deobfuscated via http://deobfuscatejavascript.com/

could you please give a complete example? also, which php obfuscator would you recommend? thanks — inside83, May 29 '21 at 04:13

score 0 · Answer 4 · answered Jun 30 '10 at 14:29

0

Check out SD JavaScript Obufuscator. It is designed to handle Javascript standalone or embedded in various HTML-like languages (HTML, XML, ASP, PHP).

answered Jun 30 '10 at 14:29

Ira Baxter

93,541
22
172
341

score 0 · Answer 5 · answered Aug 20 '18 at 23:41

Google Closure compiler can do this. (Because) It would not touch strings. Therefore

var my_javascript_variable = "<?php echo $my_php_variable; ?>";

or

var my_javascript_variable = Number("<?php echo $my_php_variable; ?>");

(for integers) will work.

source: https://stackoverflow.com/a/10455479/6702598

score 0 · Answer 6 · answered Nov 18 '20 at 14:22

you can replace your PHP variable with something else such as _thisismyphpdontmoveit and then obfuscator the code with _thisismyphpdontmoveit after being obfuscated you can press ctrl+F to search _thisismyphpdontmoveit and replace them with your PHP variable. This is my way to obfuscate JavaScript with inline PHP I don't know if it will work for you but some of them work for me

Obfuscate javascript with inline PHP?

6 Answers6