Right-Click Suppression

by Rob Rohan

I was reading 18:2 and saw a letter from mkr08 describing how to get around the right-click suppression so predominant in today's web page design.

The reason for the suppression is, at least in my opinion, to keep one from "stealing" the code or saving the pictures (this is pointless as everything you view on the web is in your browser's cache).

Try to envision a web where you cannot View Source or right click and Save As....  In light of the DeCSS case and the trademark madness, it is pretty obvious we are going that way.

I am going to show how to suppress a right-click on a web page using JavaScript, and then how to get information from a "right-click suppressed" page without relying on the cache (as this may be unavailable in the future).

The Lock Down

To lock down our page, first we catch right-clicks, then we suppress the menu.

In the code below, the doListen() function and the body tag catch the right-click for most of the browsers.  The actual suppression follows in the JavaScript function mtMenu().

<html> <head> <title>No Right!</title> <script language="javascript"> var IE=0; OLD=0; function doListen() { // So we know if it's IE if(navigator.appName.indexOf("Explorer") > 0) IE = 1; // old Netscape (NS4) if(IE != 1 && parseInt(navigator.appVersion) == 4) { document.captureEvents(Event.MOUSEDOWN); document.onmousedown = mtMenu; OLD = 1; } // NS6 event handler is kind of like java if(IE == 0 && OLD == 0) document.addEventListener("mousedown", mtMenu, false); } function mtMenu(e) { // Suppress menu in IE if(IE == 1) event.returnValue = false; // Suppress menu in NS4/6 return false; } </script> </head> <body onMouseDown="mtMenu();" onContextMenu="mtMenu();" onLoad="doListen();"> <h3>test</h3> </body> </html>

The key to this suppression is the event handler returning false.  By returning false we are saying, "We got it.  No other event needs to occur.  Thanks."  If we wanted to let the menu pop-up, but have code between the right-click and the menu popping up, we could return true.

The Freedom

O.K., now to get around this there are several simple things we can do.

Let's start with how to view the code, and then how to save the pictures, Java applets, Flash, etc. (assuming the menu option is unavailable).

Go to the page in Lynx and view source.  JavaScript has no effect on Lynx.  If for some reason Lynx is outlawed (O.K. - I am really stretching it now), you can just act like a browser and get the code from port 80 yourself.  Telnet to port 80 and type: GET /thedir/thefile.html and hit Enter twice.

To get pictures is equally as simple.

Can anyone say "Print Screen?"  No matter what anyone comes up with to block picture saving, you still have to be shown the picture at some point.

However, screen capture won't work for animated GIFs, Flash, and other moving visuals.  To get these files you can, again, act like a browser and just get the picture from the server.

The following is a simple Java application to demonstrate how to download a file from a URL:

grabFlile.java:

import java.io.*; import java.net.*; public class grabFile { public static void main(String[] args) throws Exception { if(args.length < 2) { System.out.println("Usage: java grabFile <URL> <File>"); System.exit(1); } URL myFile = new URL(args[0]); URLConnection cc = myFile.openConnection(); int inputNums; try { // Open two streams. one for file output one for URI input. DataOutputStream Fout = new DataOutputStream(new FileOutputStream(args[1])); DataInputStream in = new DataInputStream(cc.getInputStream()); // While the stream is not -1 (EOF) while((inputNums = in.read()) != -1) { // Write to the picture file Fout.write(inputNums); } // Clean up. Fout.flush(); in.close(); Fout.close(); // ... and a little message System.out.println("Done."); } catch (Exception e) { System.err.println("Bah!" + e); } } }

The application, in theory, can download any file that has a URL.

There is really no way that I can see to keep content from being saved due to the fact that the information needs to be sent to the receiver's computer.

Trying to lock down a page is counter to the whole reason for the Internet anyway - freedom of knowledge.

If you want some security, use SSL.  But suppressing right-click as security... come on.  The only thing this does is keep new HTML/JavaScript programmers from learning.

I hope my vision of a non-view source web is just paranoia, and I hope these examples have sparked your interest.

Code: grabFlile.java