javascript - 如何隐藏iframe的src网址？(How hide src url of iframe?)

Question

How hide src url of loaded iframe, is it possible?

(如何隐藏已加载iframe的src网址，这可能吗？)

Maybe there is a secret?

(也许有一个秘密？)

Is it possible to upload html to cache in iframe and after hide url?

(是否可以将HTML上传到iframe中以及隐藏网址之后进行缓存？)

  ask by SLDEV translate from so

Answer 1

Another good feature is to hide the location paths of your important scripts.

(另一个好功能是隐藏重要脚本的位置路径。)

I found a great npm plugin for this https://www.npmjs.com/package/location-hide

(我为此https://www.npmjs.com/package/location-hide找到了一个很棒的npm插件)

This works also for php href, src, content it will use everything inside src=""

(这也适用于php href，src，内容，它将使用src =“中的所有内容)

It turns

(事实证明)

<script src="test/folder/sample.js" type="text/javascript"></script>  
<link href="test/stylesheet/perfect-scrollbar.css" rel="stylesheet">

into

(进入)

<script src="TNANIuTOLZfmLYwaPDIYhcZDVOWKodqYhysaTeQHFPDhYlDLCOtxZqYmkKAhaSwSgbsYOWlpBzVSBtMZKSfwRqvPSqWVlBBuzHR" type="text/javascript"></script>  
<link href="gyXeFnOEvZbgTjLvdZRnsyrfhaXqffkDjcdATTouqpIenCalLRXKamuXEtiKbPGCsNrdQIaqTMTNWsLyLFuxygKytaruWzSjKYMq" rel="stylesheet">  

And it generate new jquery include codes like this to include your scripts with javascript in a external file

(并生成新的jquery包含这样的代码，以将脚本和javascript包含在外部文件中)

$('[src='TNANIuTOLZfmLYwaPDIYhcZDVOWKodqYhysaTeQHFPDhYlDLCOtxZqYmkKAhaSwSgbsYOWlpBzVSBtMZKSfwRqvPSqWVlBBuzHR']').attr("src", "test/folder/sample.js")  
$('[href='gyXeFnOEvZbgTjLvdZRnsyrfhaXqffkDjcdATTouqpIenCalLRXKamuXEtiKbPGCsNrdQIaqTMTNWsLyLFuxygKytaruWzSjKYMq']').attr("src", "test/stylesheet/perfect-scrollbar.css") 

Also I would suggest you that you include all of your external javascript codes in 1 single js file.

(另外，我建议您将所有外部javascript代码包含在1个单个js文件中。)

This file you place in the root of your index file that you can make this

(您可以将此文件放置在索引文件的根目录中，以便进行此操作)

<script src="./allinone_external_file.js" type="text/javascript"></script>

Then make right htaccess that nobody can acces this file.

(然后进行正确的htaccess操作，使任何人都无法访问该文件。)

You can also make a fake import script for the source code that every body can see.

(您还可以为每个人都可以看到的源代码制作一个伪造的导入脚本。)

But this file is only a redirect for the real external js file.

(但是，此文件只是真正的外部js文件的重定向。)

you make this multiple times as example + use other obfuscation tools.

(您将其作为示例多次使用+使用其他混淆工具。)

This will protect you from people searching exploits with your javascript codes.

(这样可以保护您免受使用JavaScript代码搜索漏洞的人们的攻击。)

I know its no big deal and maybe you can see the jquery include codes if you know how.

(我知道这没什么大不了的，如果您知道怎么做，也许您可??以看到jquery包含代码。)

But anyway it′sa great protection.

(但是无论如何，这是一个很好的保护。)