browserclient-sidefrontendsource-code-protection

Why are browsers allowed to display client-side source code?


Why are browsers allowed to display source code for HTML/CSS/JavaScript files? I've been told that obfuscation is not the ultimate answer to provide protection. So once the code is sent to the client-side, anyone can steal the front-end data? Can't all popular browsers provide a password mechanism so that unauthorized users can't see the source code? Companies invest a lot of time, money, and other resources in developing professional sites, yet it seems there is a lot of business out there for thieves.

Note that I am not asking if source code can be hidden or what tool can be used to do that. There have been questions/discussions about that already. The client-side source code can be visible to browsers, but what I don't get is WHY they are allowed to show it to the user. Can't they process the files in the background instead of saying "Here is the code for the viewed page. Go ahead and check it out!"?

UPDATE: Thanks for the answers. I see there are other ways of getting the client-side code. So putting restrictions on browsers won't solve the problem. Plain-text, mmmm. The underlying front-end framework of the Internet could have gravitated more toward helping developers protect their work. :)


Solution

  • Ultimately, even if browsers did remove the Show Source Code option, it would be absolutely trivial (as in a single wget command, or a couple of lines of C#) to write a program that would get the markup, js, and CSS.

    A web server is serving a document - so you are giving your document to the user. Why would you expect the document to be somehow hidden from the user?

    EDIT I think you need to understand a little bit more about the history of the internet, and what it was and wasn't designed for. HTTP is not "The Internet", any more than FTP, TelNet, or World of Warcraft are "The Internet". When the internet was invented, HTML, CSS and JavaScript simply did not exist, so consideration of protecting intellectual property was not an issue. ARPANET (the precursor to the modern internet) was designed to allow access to super-computers for remote workers - the web was not remotely a consideration.