Sunday, June 24, 2007

Disabling right click and other programming insights

Did you ever wander into a website that disables your right click (possibly, as a way to block you from using 'save image as') and wonder how to disable that obnoxious behavior?

Well, a simple view source shows how the right click behavior was taken over. They set document.oncontextmenu (or onclick, or mousedown) to their own method, returning 'false'.
something like: document.oncontextmenu = function("alert('noooo');return false");

A simple script (which can easily be used as a bookmarklet) can counter this behavior:

javascript:var x = (document.onmousedown==null?'':'mousedown ') + (document.onclick==null?'':'click ') + (document.oncontextmenu==null?'':'contextmenu ');if (x=='') x='none';alert('Yaniv says: detected '+x);void(document.onmousedown=null);void(document.onclick=null);void(document.oncontextmenu=null)

How would I write a website where the above script does not work?
Well, one approach would be to repeatedly set document.oncontextmenu to the 'disable' method, using a timer.
[To Be continued]


Саша Кон said...

Isn't any attempt to write javascript to protect your web page doomed? Any suspicious user will simply disable javascript for the page temporarily. It's not rocket science to look for the image of interest in the cache folder or download it manually. Overwriting the oncontext() handler is reasonable only if you (the Web developer) want to extend user options, or to make the user interface cleaner by removing non-useful ones.

Yaniv Pessach said...

Yes and no.

Yes, of course, a capable user can always win the technology war.
There are good indication that any kind of DRM-ing is theoretically impossible, and so far a practically-resistant hacker-proof DRM was never seen.
That said, most people would be happy if you just reduce most cases of their images being purloined. Most of the population, believe it or not, will not bother (or is incapable of) actions such as 'view-source'; they will right-click and save, or use a tool written by someone else.