Solutions
By Need
JavaScript Protection
Magecart Mitigation
Mobile App Protection
Data Leakage Prevention
Third Party Control
Customer Hijacking Prevention
User Data Protection & Compliance
By Sector
Financial Services
IT & Software
E-Commerce
Healthcare
Media & OTT
Gaming & Gambling
Products
Code Integrity
Application Shielding
Runtime Protection
JavaScript Threat Monitoring
Webpage Integrity
Webpage Inventory
Third Party Management
User Data Management
Webpage Threat Mitigation
Resources
Partners
Docs
Blog
Learning Hub
Help Center > Code Integrity > Tutorials > Code Locks

Code Locks

Developers and sellers of JavaScript applications, be it standard JavaScript, mobile web applications, or HTML5, want to prevent those who don’t pay or whose license has expired from executing their applications. This is where Code Locks come into play.

Jscrambler allows users to lock their code to a predefined list of domains, browsers, operating systems, and set expiration dates. Their use can limit the execution of code to a given set of browsers, a time frame (useful for demos that shouldn't be runnable after the preview period is over), on a given domain (usually the user’s), and a particular operating system.

With these locks it is possible to deliver expirable demos to clients without incurring the fear of code or client-loss, via date locks. By locking JavaScript to a specific domain or list of domains, e.g. mywebsite.com, protected code will fail to work in other domains than the ones that were chosen. Or lock code and restrict it to certain browsers and operating systems.

Code Locks can also trigger a function when someone tries to execute the code outside of the set parameters. This function has to be defined inside the unprotected code, and can be used to warn the app’s owner whenever someone tries to run the app outside of the set Lock parameters.

Whenever the code is executed outside of the set parameters, the code will break.

Browser Lock

Browser Lock locks the code to a list of Browsers. A good purpose for it would be enforcing license agreements. The list of browsers works as an allow list, meaning that the selected browsers are the ones where the code can run. Observe the following API Parameters:

{
  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  },
  "applicationId": "ZZZZZZ",
  "params": [
    {
      "name": "browserLock",
      "options": {
        "browsers": [
          "firefox",
          "chrome"
        ]
      }
    }
  ]
}

This means the protected code will run on Firefox, and Chrome.

Date Lock

Date Lock locks the code to a period of time. It can be locked to run until a certain date, after a certain date, or between two dates. These are respectively done by setting only the startDate, only the endDate, or both. This can be good to enforce license expiration, or send out demos of code. The following API Parameters, demonstrate that the protected code will run from 01-05-2017 to 10-05-2017. If someone were to run the code outside of these dates, the warningFunc would be triggered.

{
  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  },
  "applicationId": "ZZZZZZ",
  "params": [
    {
      "name": "dateLock",
      "options": {
        "startDate": "2017-05-01",
        "endDate": "2017-05-10",
        "warningFunction": "warningFunc"
      }
    }
  ]
}

Domain Lock

Domain Lock locks the code to a domain name or IP address. It’s good to stop someone from copying code and running it on another domain or locally. Once again, it’s another good transformation to enforce license agreements.

Some accepted examples are:

  • mysite.com - code breaks outside of mysite.com
  • mysite.com, www.mysite.com - code breaks outside of mysite.com or www.mysite.com
  • *.mysite.com - code breaks outside of mysite.com and its sub-domains
  • 192.168.* - code breaks if it runs on an IP outside of the 192.168 network
  • file://Users/you/* - code breaks outside of user directory

As for the API, several domains can be inserted in a list such as:

{
 "keys": {
   "accessKey": "XXXXXX",
   "secretKey": "YYYYYY"
 },
 "applicationId": "ZZZZZZ",
  "params": [
   {
     "name": "domainLock",
     "options": {
       "domains": [
         "Domain1",
         "Domain2"
       ],
       "warningFunction": "VALUE"
     }
   }
 ]
}

OS Lock

OS Lock locks the code to a list of operating systems. It’s useful to enforce apps to a specific platform. As Domain lock, and Browser lock, it’s useful for license enforcement. Once again the OSes can be defined in a list inside the API parameters:

{
  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  },
  "applicationId": "ZZZZZZ",
  "params": [
    {
      "name": "osLock",
      "options": {
        "oses": [
          "linux",
          "windows",
          "osx",
          "tizen",
          "android",
          "ios"
        ],
        "warningFunction": "VALUE"
      }
    }
  ]
}

Code Locks helps to protect code by enforcing licenses, and preventing it from running outside of the set parameters, be it Browser, Date, Domain, or Operating System.

Testing all of these locks is possible in the Playground app. Select one or more of locks, and use your domain, the current date, your browser, and operating system, depending on which locks were selected, in order to have the app running properly. Or select a domain you don’t own, previous or later dates, a different browser, and a different operating system from the ones you have, and observe that the protected code won’t run properly.