Simon Willison’s Weblog

The good and the ugly

PHP.net has a new feature on their search page—a really nice implementation of an auto complete text widget in Javascript. Even better, the search page is valid XHTML 1.0 Strict and uses CSS for the layout. Let’s hope this is an indication of things to the come for the rest of the site, which still mostly consists of tag soup.

Here’s the ugly bit: the javascript for the auto complete function is deliberately obfuscated. Now I know that this decision is completely up to the author of the script, but personally I find it exasperating. PHP is an open source project, and obfuscation in this way is the antithesis of the open source ideal. A big part about open source is that people shouldn’t have to invent something twice—why waste duplicated effort when sharing code costs nothing and benefits everyone? I’m sure the author had their reasons for hiding the code in this way but to me it seems like a wasted opportunity to teach site visitors a useful new trick. A bug concerning the obfuscation has already been raised in PHP’s bug tracker but was closed without a full explanation.

Obfuscation of client side code such as Javascript is a pretty futile exercise in any case. Most of the effect of the obfuscation can be easily reversed using a tool such as Jesse Ruderman’s view variables bookmarklet, which displays all variables on a page (including ones that contain decoded content from obfuscated variables) and pretty-prints functions to make them more readable.

It’s impossible to prevent “theft” of your Javascript, but if you really want to stop people from using it the best you can do is to place a copyright notice in the code and ask people to contact you for licensing options. If it’s on the web, people can take it. Clear copyright messages are a far more ethical deterrent than ineffective tricks.

Update: It turns out the obfuscation was the result of compressing the Javascript for efficiency reasons—see my apology for further information.