Arpad's PHP Library
<?php
define('OBSF_JSPATH', 'misc/obsf.js'); // change me
define('OBSF_DELIM', '___OBSF___');
define('OBSF_IDENT_SCRIPT', '___SCRIPT___');
/**
* Stores HTML in the session and forces a secondary request via JavaScript to obtain it.
*
* This script doesn't really obfuscate HTML, but it will replace scripts intended to do so.
* Instead it works by storing the input temporarily on the server, and using a client-side
* script to fetch it separately. It returns a SPAN element for each input, which is filled by a
* JavaScript function when the rest of the page has finished loading.
*
* 2005/9/30:
* Added support for input containing JavaScript elements and onload events. External scripts
* in other languages are also supported, but inline scripts are always evaluated as JavaScript.
*
* @param in
* The data to store
* @param mailto
* Make this a mailto: link
* @return
* The resulting HTML
* @author
* Arpad Ray
* @version
* 2005/9/30
*/
function obfuscate_ajax($in, $mailto = false)
{
$key = md5(uniqid(rand(), 1));
$out = '<span class="_obsf" id="' . $key . "\"></span>\n";
if (!isset($GLOBALS['_obsf_page'])) {
$out .= '<script type="text/javascript" src="' . OBSF_JSPATH .'"></script>';
$GLOBALS['_obsf_page'] = 1;
}
if (!isset($_SESSION['_obsf'])) {
$_SESSION['_obsf'] = array();
}
$GLOBALS['_obsf_script_key'] = 0;
$GLOBALS['_obsf_current'] = $key;
$js_pattern = '#<script(?:\s*(\w+)=["\']?(.+?)["\']?)*\s*>(.+?)</script>#is';
$in = preg_replace_callback($js_pattern, '_obsf_register_script', $in);
$onload_pattern = '#<(.+?)onload=(["\']?)(.+?)\\2(.*?)>#is';
$in = preg_replace_callback($onload_pattern, '_obsf_register_onload', $in);
$_SESSION['_obsf'][$key] = ($mailto ? "<a href='mailto:$in'>$in</a>" : $in);
return $out;
}
function _obsf_register_script($matches)
{
$count = count($matches);
$cont = end($matches);
$cont = preg_replace('/document\.write\((.*?)\)/is',
'document.getElementById("' . $GLOBALS['_obsf_current'] . '").innerHTML+=$1', $cont);
$catts = array();
for ($j = 1; $j + 2 < $count; $j += 2) {
$catts[$matches[$j]] = $matches[$j + 1];
}
$_SESSION['_obsf_scripts'][$GLOBALS['_obsf_current']][] = array($cont, $catts);
return OBSF_DELIM . OBSF_IDENT_SCRIPT . $GLOBALS['_obsf_script_key']++ . OBSF_DELIM;
}
function _obsf_register_onload($matches)
{
$onload = $matches[3];
$rem = $matches[1] . $matches[4];
if (!preg_match('/\bid=["\']?(.+?)["\']?/i', $rem, $idm)) {
$id = md5(uniqid(rand(), 1));
$rem .= ' id="' . $id . '"';
} else {
$id = $idm[1];
}
$rem = '<' . $rem . '>';
$onload = strtr($onload, array('this.' => 'document.getElementById("' . $id . '").'));
$rem = $rem . _obsf_register_script(array($onload));
return $rem;
}
?>
<?php
$exp1 = obfuscate_ajax('foo@bar.com', 1);
echo '<pre id="foob"></pre><strong>Link:</strong> ', $exp1, '<br /><br />';
$exp2 = obfuscate_ajax('some more random "text"');
echo '<strong>String:</strong> ', $exp2, '<br /><br />';
$exp3 = obfuscate_ajax('<span onload="this.innerHTML=\'foo\';">bar </span><script>document.write("hi!");</script> herro');
echo '<strong>Javascript:</strong> ', $exp3, '<br /><br />';
$source = htmlspecialchars($exp1);
echo '<strong>Source for link:</strong><pre>', $source, '</pre>';
$source = htmlspecialchars($exp2);
echo '<strong>Source for string:</strong><pre>', $source, '</pre>';
$source = htmlspecialchars($exp3);
echo '<strong>Source for javascript:</strong><pre>', $source, '</pre>';
?>
Link:
String:
Javascript:
Source for link:
DownloadsString:
Javascript:
Source for link:
<span class="_obsf" id="0a49729d21ab4cf851d58398b7c34439"></span> <script type="text/javascript" src="misc/obsf.js"></script>Source for string:
<span class="_obsf" id="d04d43123b576f03b486ce8931c7b1d8"></span>Source for javascript:
<span class="_obsf" id="714b8f20951ccb9166538577b3941ba9"></span>
 | obfuscate_ajax.zip | 4.26 KB |
 | obfuscate_ajax.php | 2.92 KB |
| obfuscate_ajax.example.php | 758 B |