Of Stack

js shields F12 review elements and prohibits modification of implementation code such as page code

  • 2021-08-28 19:25:25
  • OfStack

As we all know, in the case of reviewing elements, everyone can randomly change the code of 1 part of the page and inject malicious JS, etc. It is not difficult to avoid this situation. Although you can still see 1 part of H5 source code, you can't modify it

1. Masking F12 review elements 


document.onkeydown = function(){
  if(window.event && window.event.keyCode == 123) {
    alert("F12 Disabled ");
    event.keyCode=0;
    event.returnValue=false;
  }
  if(window.event && window.event.keyCode == 13) {
    window.event.keyCode = 505;
  }
  if(window.event && window.event.keyCode == 8) {
    alert(str+"\n Please use the Del Key to delete characters! ");
    window.event.returnValue=false;
  }
}

If you want to disable the right click without prompting, you can use the following code 


document.onkeydown = function(){
  if(window.event && window.event.keyCode == 123) {    
    event.keyCode=0;
    event.returnValue=false;
  }
  if(window.event && window.event.keyCode == 13) {
    window.event.keyCode = 505;
  }
  if(window.event && window.event.keyCode == 8) {
    alert(str+"\n Please use the Del Key to delete characters! ");
    window.event.returnValue=false;
  }
}

There are other gameplay methods that let users press F12 to close the web page or jump to other pages 


<script type="text/javascript">
document.onkeydown = function(){
 
  if(window.event && window.event.keyCode == 123) {
    window.close(); // Close the current window ( Anti-smoking )
    event.keyCode=0;
    event.returnValue=false;
  }
  if(window.event && window.event.keyCode == 13) {
    window.event.keyCode = 505;
  }
  if(window.event && window.event.keyCode == 8) {
    alert(str+"\n Please use the Del Key to delete characters! ");
    window.event.returnValue=false;
  }
 
}
</script>

Hold down F12 blank page or jump to another page 


<script type="text/javascript">
document.onkeydown = function(){
 
  if(window.event && window.event.keyCode == 123) {
    window.location="about:blank"; // Jump the current window to a blank page 
    event.keyCode=0;
    event.returnValue=false;
  }
  if(window.event && window.event.keyCode == 13) {
    window.event.keyCode = 505;
  }
  if(window.event && window.event.keyCode == 8) {
    alert(str+"\n Please use the Del Key to delete characters! ");
    window.event.returnValue=false;
  }
 
}
</script>

Besides blocking this, we have other interesting settings:

2. Mask the right-click menu 


document.oncontextmenu = function (event){
if(window.event){
event = window.event;
}try{
var the = event.srcElement;
if (!((the.tagName == "INPUT" && the.type.toLowerCase() == "text") || the.tagName == "TEXTAREA")){
return false;
}
return true;
}catch (e){
return false;
}
}

STEP 3 Shield paste 


document.onpaste = function (event){
if(window.event){
event = window.event;
}try{
var the = event.srcElement;
if (!((the.tagName == "INPUT" && the.type.toLowerCase() == "text") || the.tagName == "TEXTAREA")){
return false;
}
return true;
}catch (e){
return false;
}
}

4. Mask replication 


document.oncopy = function (event){
if(window.event){
event = window.event;
}try{
var the = event.srcElement;
if(!((the.tagName == "INPUT" && the.type.toLowerCase() == "text") || the.tagName == "TEXTAREA")){
return false;
}
return true;
}catch (e){
return false;
}
}

STEP 5 Shield shearing 


document.oncut = function (event){
if(window.event){
event = window.event;
}try{
var the = event.srcElement;
if(!((the.tagName == "INPUT" && the.type.toLowerCase() == "text") || the.tagName == "TEXTAREA")){
return false;
}
return true;
}catch (e){
return false;
}
}

This is very suitable for novel websites, after all, copyright is precious, and it is not good to be taken by others at will by copy

6. Mask Select 


document.onselectstart = function (event){
if(window.event){
event = window.event;
}try{
var the = event.srcElement;
if (!((the.tagName == "INPUT" && the.type.toLowerCase() == "text") || the.tagName == "TEXTAREA")){
return false;
}
return true;
} catch (e) {
return false;
}
}

Of course, after js shields chrome F12, the page automatically jumps. Please refer to this article

https://www.ofstack.com/article/196910.htm

js Detects whether the user opens the debugging tool (chrome) 


(function(){ var re=/x/; var i=0; console.log(re); re.toString=function(){ window.close(); return ' No. 1 '+(++i)+' Open the console a second time '; } })();

JavaScript detects whether the console (debugging tool) is turned on

Valid in chrome after testing

Many people prevent others from lying on the source code, and use the detection key F12, but these are basically useless

Now introduce a method, very useful, can detect whether you open the console program, can be regarded as JavaScript a few odd tricks

Add this code to your website, the principle is unclear =- 


document.onkeydown = function(){
  if(window.event && window.event.keyCode == 123) {    
    event.keyCode=0;
    event.returnValue=false;
  }
  if(window.event && window.event.keyCode == 13) {
    window.event.keyCode = 505;
  }
  if(window.event && window.event.keyCode == 8) {
    alert(str+"\n Please use the Del Key to delete characters! ");
    window.event.returnValue=false;
  }
}
0

Then when you open the console, a dialog box will pop up

js detects whether the developer tool Devtools is turned on for debugging prevention

I wrote an article before, "Javascript detects whether the developer tool Devtools is open". It mainly talks about how to detect whether the developer tool is open through js. To prevent others from maliciously debugging our code, That code was also sorted out by checking a lot of data. At that time, it was compatible with chrome, firefox, ie, But with the update of browser version, It has basically no effect. Recently, I found that there are still quite a few people browsing that article, so let out another piece of code here, which is an upgraded version. There are restrictions on firefox in the previous version. I have tested the current chrome 69, firefox and IE in this version provided below, and there are no problems existing on firefox before. Post the code directly below: 


document.onkeydown = function(){
  if(window.event && window.event.keyCode == 123) {    
    event.keyCode=0;
    event.returnValue=false;
  }
  if(window.event && window.event.keyCode == 13) {
    window.event.keyCode = 505;
  }
  if(window.event && window.event.keyCode == 8) {
    alert(str+"\n Please use the Del Key to delete characters! ");
    window.event.returnValue=false;
  }
}
1

What is the principle of this code, to tell the truth I do not understand too much, also went to consult a number of bosses, can not fully say the principle, if there are friends who understand, please be generous with advice, although do not know the principle, but the effect is indeed leverage, this is my website from huichan intercepted, here have to admire those who do huichan, too powerful. Because the code is encrypted before, I decrypt the names of 1 methods at will. Don't spray if you don't like it.

Of course, for developers who are familiar with debugging, There is no obstacle at all, But after all, it can also guard against a small group of malicious people, Fortunately, the code written hard was quietly moved away by others, which is really annoying, but it is not enough to rely solely on such an anti-debugging code. We still need to do a lot, such as 1 basic js compression confusion encryption, etc. Later, I will sort out 1 js encryption confusion and decryption articles, please look forward to it....

Related articles: