Opened 11 years ago

Last modified 3 years ago

#59 released enhancement (fixed)

JS optimization and obfuscation

Reported by: Marc Englund Owned by: Jani Laakso
Priority: blocker Milestone: 4.0.0-beta1
Component: WebTerminalAdapter Version: 4.0.0-alpha
Keywords: Cc: joonas.lehtinen@…
Depends on:
Workaround:
Verified:
Fv: no Pro Account: Vote for Feature

Description

Evaluate if compression and/or obfuscation of javascript code could/should be in use
-> implement

Change history (15)

comment:1 Changed 11 years ago by Jani Laakso

  • Cc joonas.lehtinen@… added

This is business decision, if we got to obfuscate then this ticket's priority should be "Blocker". Joonas?

comment:2 Changed 11 years ago by Joonas Lehtinen

Alex Russell created a nice solution for Dojo. This solves compression problem in really elegant way by using Rhino.

Does it solve obfuscation problem also?

I would guess that integrating _and testing_ compression solution takes more than 3 hours....

comment:3 Changed 11 years ago by Jani Laakso

  • hours_left changed from 3 to 7

comment:4 Changed 11 years ago by Joonas Lehtinen

  • hours_left changed from 7 to 5

Tried dojo compressor and it seems to be fairly efficient:
todays theme.js + client.js = 201766 bytes. After compressor, they are 127247 bytes.

Dojo compressor basically strips comments and makes internal variable names shorter, but does not use gzip or similar compression. Using gzip, the result could be further reduced to 29843 bytes.

comment:5 Changed 11 years ago by Joonas Lehtinen

  • Owner changed from Marc Englund to Joonas Lehtinen
  • Status changed from new to assigned

dojo compressor does not do actual obfuscation. Is it worth it?

comment:6 Changed 11 years ago by anonymous

You may be right, I'd assume plain compression does good enough trick obfuscating the code.

But please still consider obfuscation because

  • hiding our implementation from our competitors
  • giving "impression" to our customers that we want to protect our implementation
  • added security, at least trivial hacking is prevented

Above comments must be thought both from technical side and marketing side.
Some of those may be clearly marketing side story without any real added value on the technical side. It's a bit like "We got patents, and we rigorously protect our IPRs", but I do not have clear opinion about this.

Other considerations:

  • paying customers get an bonus of full source code to our product
  • developers need an option to use our product without obfuscation (also without compression)

comment:7 Changed 11 years ago by Joonas Lehtinen

  • Priority changed from minor to blocker
  • Version set to 4.0.0-alpha

comment:8 Changed 11 years ago by Joonas Lehtinen

Changed to blocker in order to protect theme implementation. We can decide to ship commented source later for OEM or all customers.

comment:9 Changed 11 years ago by Joonas Lehtinen

  • Owner changed from Joonas Lehtinen to Jani Laakso
  • Status changed from assigned to new

comment:10 Changed 11 years ago by Jani Laakso

  • affects_documentation set to 0
  • hours_left changed from 5 to 4
  • Summary changed from JS compression and/or obfuscation to JS optimization and obfuscation

I'll use http://trickyscripter.com/ to accomplish this. Good feedback from users

  • robust and somewhat tested, does not brake JS
  • makes JS smaller efficiently and accomplishes obfuscation
  • optimizes, may affect performance positively
  • free

Compressors should not be used because of HTTP1.1 specification enforces GZIP, additional compressing has only negative effects. Compression contains decompressor on client and therefore obfuscation is not accomplished.

Alex's rhino based solution was another good option.

comment:11 Changed 11 years ago by Jani Laakso

As trickyscripter still requires manual step, we use Alex's solution instead which can be already automated to ant script. Both are stable.

comment:12 Changed 11 years ago by Joonas Lehtinen

  • Milestone changed from 4.0.0-beta-1-rc to 4.0.0-beta-1

comment:13 Changed 11 years ago by Jani Laakso

  • hours_left changed from 4 to 0
  • Resolution set to fixed
  • Status changed from new to closed

Done. Featurebrowser resulted in 33% smaller network transfer.

Additional value when building target "release"

  • JavaScript syntax is checked
  • CSS syntax is checked and optimized

comment:14 Changed 4 years ago by Artur Signell

  • Fv unset

comment:15 Changed 3 years ago by Artur Signell

  • Status changed from closed to released
Note: See TracTickets for help on using tickets.