Domain Lock locks code to a specific domain name or IP address. This is a good transformation to avoid someone stealing the protected code and running it on their own domain or locally. This is also a good transformation to enforce license agreements. Countermeasures can be specified (optionally) to be executed when the code runs in any other domain/IP.
Consider combining this transformation with obfuscation transformations to harden the resulting code making it more resilient to automated de-obfuscator tools and harder to understand by a human. You may also find useful to combine this transformation with other locks:
Input Examples
mywebsite.com - Code will break if not running inside the mywebsite.com domainmywebsite.com, www.mywebsite.com - Code will break if not running inside either mywebsite.com or www.mywebsite.com*.mywebsite.com - Code will break if not running inside of its sub-domains?.mywebsite.com - Code will break if not running inside mywebsite.com or one of its sub-domains192.168.* - Code will break if not running in an IP inside the 192.168. networkfile://Users/you/* - Code will break if not running inside your user directory// @jscrambler define domainLock {domains: [example.com], countermeasures: {breakApplication: 1, customCallback: report.callbackFunction}} as dl1
// @jscrambler enable dl1
| Name | Required | Default Value | Description |
|---|---|---|---|
| domains | Yes | N/A | List of domains/IPs where the code is allowed to run (Supports wildcard to match sub-domains, IP network, and IP host range). |
| countermeasures | Yes | {"deleteCookies": false,"breakApplication": true,"realTimeNotifications": false,"dataExfiltrationPrevention": false,"selfDestruct": false} | List of available countermeasures |
| Name | Description |
|---|---|
| customCallback | Name of the function to be called as a countermeasure. |
| deleteCookies | Deletes all the cookies accessible via JavaScript. |
| redirect | Redirects the user to a specific URL. |
| breakApplication | Breaks the application's functionality. |
| realTimeNotifications | Sends a notification when a violation occurs. |
| dataExfiltrationPrevention | Prevents a malicious actor from carrying out an unauthorized data transfer by blocking network requests. |
| selfDestruct | Attempts to damage the state and behavior of the application and/or the environment that is running the application. |
| Browser | Compatible Versions | Tested Versions | Notes |
|---|---|---|---|
| Chrome | 80+ | 80+ | |
| Firefox | 90+ | 90+ | |
| Internet Explorer | 9+ | 8+ | |
| Microsoft Edge | 116+ | 116+ | |
| Safari | 13.1+ | 13.1+ |
Example:
{
"keys": {
"accessKey": "XXXXXX",
"secretKey": "YYYYYY"
},
"applicationId": "ZZZZZZ",
"params": [
{
"name": "domainLock",
"options": {
"domains": [
"VALUE1",
"VALUE2"
],
"countermeasures": {
"customCallback": null,
"deleteCookies": false,
"redirect": null,
"breakApplication": true,
"realTimeNotifications": false,
"dataExfiltrationPrevention": false,
"selfDestruct": false
}
}
}
]
}