Hey! Vsauce, Michael here. I just assumed y'all use view-source but apparently not. Everyone's rockin with devtools. I'm sorry, forgive me senpai

And thus began the bodyless architecture era!

the thing is that opening devtools is actually *easier* than "viewing page source" and much more effective and wholistic. I have no idea who in their right mind who can read code would want to view the source itself

7:55 I never use 'View Source'. I always open dev tools 😂😂😂

Have to add another check to my rickroll detector extension now.

Frankly, I find using devtools/inspect element easier than view source, precisely out of laziness. The code is often better formatted (especially if the webdev used some JS HTML auto generation or had a HTML obfuscator written in JS) and I can easily get to referenced files such as JS and style sheets, not to mention that I can play with the site's code in real time if I try to learn something or doing a pentest.

Bruh I had a lab work about disabling ability to view source code. If only this video came month earlier I'll be the coolest kid

What you dont realize, my friend, is that "wasting of time" you speak of is actually an excellent lecture. I am a web dev myself but really, this video is great. Made me laugh and, at the same time, although I know the technical staff you mentioned, made me learn in a way.

view source code is kinda useless, almost all modern websites serve content with javascript so the source code is very minimal.

I think I've opened "view source" like twice in my lifetime. The dev tools, on the other hand, I open all the time. So... There's that.

it's not a waste of time for CTF designer, well it's contradicting if u think attacker are lazy, lmao we just minimalistic ;D

9:35 You can see the code easily in the "Style Editor" tab

An easier way to do this is to not fiddle with obscure headers, but instead return a redirect HTTP status code, such as `308 Permanent Redirect` followed by the `Location` header. This *is* part of the spec and supported (by standard) by all web browsers.

7:51 I don't use the "view source code" feature anymore, for that I almost exclusively use the DevTools.

btw the title is supposed to be: How this website hides its code.

Would love a video where you manually obfuscate some code and go bonkers

I love how this Chanel answers useful questions that impact everyone’s JavaScript experience and is very professional (/s)

Cool... Although inspect element still works. Still cool how you managed to insert a stylesheet using the headers, and took advantage of the browser's behaviour that automatically fills in a header and body element even when the page is blank. 😉 Edit: 7:56 Tbh, I didn't think anyone still used view source. I _only_ use the dev tools.

The animations getting better and better every video. Love it

7:55 well I am certainly using dev tools on almost anything when I want to know why something happens as it does. But I think I didn’t used the „show sourcecode“ ctx menu function in 3 years or so. Simply because it is loading the page again, and as such the content can differ from the actual webpage you were on before. And if I’m really wanna debug stuff, curl to the rescue 😂😂 But ok, I’m a Software engineer that builds stuff on the web for like 15 years 🤷🏻‍♂️ ya know, the time where JavaScript wasn’t as hip, and you used tables and frames to make your webpage? 😂😂

Well I would definitely go to dev tools BEFORE going to the stove code but this is awesome! Where did you deploy your app btw?

you can actually get the url link and save it as a variable anytime someone opens your website in js and then look for the start of the url with split function and if it matches view-source then redirect or replace the html content to be empty

Fun fact: There is a "Location:" header that redirects when you open the site

"HTTP protocol" Ah, yes, redundant abbreviations. You are essentially saying "Hypertext Transfer Protocol Protocol".

This is actually more valuable than some people are giving it credit for. This would still throw off a lot of scrapers because the elements aren't attached to the active DOM.

Hearing 'wisits a webpage' was a really joyful experience for me.

When the goal for Chromium browsers is a simple redirect to the YT video, why not use the Location header? Also, is it possible to include a script instead of a stylesheet using the Link header? Would give much more possibilities :D

I don’t know a single thing about code but I just keep watching these. It’s like watching a korean show without subtitles

Excellent demo! If you learn something, it's never a waste of time. I use DevTools all the time when testing web apps, by the way. There are a few of us weirdos out there.

In your list of anime, I’ve never seen anyone else reference Gantz. That was one of the wildest and amazing little series ever.

tbh, the first though i thought about was opening the debugging tools... cant foold software developers... xD

interesting

awww the penguin is so cuteeeeee, will there be plushies of it?

For the guy that was smart to look at sw.js file , you could have prevented that the apache configuration , basically tell Apache that no one should be able to access indexing of the website unless the main site page actually leads to a seperate image/page etc

Just thought I’d mention, as a web developer of 15 years, the first thing I would have done is used a packet sniffer and looks at the http request, and most experienced web developers would have no friction in doing the same, either way, cool video about the link header, never seen it used before

border: 1px solid #fff; border-style: dashed; I think I got a concussion jk good video xD

After you showed what you'll tell us I decided to figure it out myself before watching. Took me a while, but I found a link header which I've never seen before. I'm guessing that this works similar to the HTTP link tag. Then, this header loads a stylesheet, which sets the head element to display block which load the gif from Giphy as background image and shows the text using pseudoelements. And with a refresh header, it automatically redirects to KZbin after 5 seconds

When I saw the title I thinked directly in PHP, as it's a preprocessor doesn't show to the client / user the source code

uh, do you know about that 'network' tab that allows you to see any file loaded by a website when visiting it ? pretty useful, and makes your code hiding thing useless because whatever js or css file you will make me download it will be shown up there

It's all fun and games until there's an ad before the video and they close the tab before the fun event begins :D

3:35 what software is that? looks super useful

even decrypting rickroll link is considered as being rickrolled

As a web developer, I will surely visit the dev tool. We web developers do this a loooooooooot

I didn’t even know that existed, I just always used “control shift i” to view the devtools

2021 noob: wow new framework that kills existing

Yo PwnFunction - your tech-brilliance rox and is so humbling yet helpful. Your erudite skills are much appreciated. I admire your honesty when you state, “wow this was a waste of time“… But clearly it was not a waste of time; you demonstrate to us, your viewers, that some endeavors “are not profitable to the kingdom“, leading one down a dark deep rabbit hole, but it helps us on our end stinks so that next time we shelf a research product because we sense that it may produce nothing. That is a valuable skill set, which is only derived from seasonal experience. Clearly you possess this but are willing to be vulnerable for the sake of educating us. Thank you PwnFunction!

Maybe a tip, WebAssembly. Maybe you can compile the code and really hide it

Hi there, i do like your videos style (and obviously the content also), what to you use to make your handwritten annotations and animations? Thanks a lot ;)

Very high quality, you're great!

3:33 Hypertext Transfer Protocol Protocol

Pressing F12 for DevTools is way more convenient than right clicking and searching for the source code option imo

2:37 watch JoJo's Bizzarre Adventure if you haven't already. It's one one of the best anime ever.

its honestly funny because the dev tools get opened on the website itself so i see the website and i see the devtools and i can isolate stuff with a click on anything for the website

Thank you for doing all this work. But, not gonna lie, I got irrationally upset by the "display: block;" on the head element. Like, you shouldn't be able to do that

I think another way to « hide » the source code would be to send a different response when based on the headers sent by the client. e.g. the browser might send a request with a cache control header that has a different value when you use the « view source code function ».

If you can make it render JS, you can actually watch for when someone opens dev tools. From there if it's opened, you could either nuke the body, or force a redirect straight away...

F12 is one button press, comes with highlight, indentation, hover-highlight, shows lazy loaded content, CSS, scripts - all in the same window. Ctrl+Q is two button presses, opens a new window that hides what you are trying to analyze, of unindented, unformatted code. Why would anyone use "Show source" instead of "DevTools"?

I've didn't know that rickrolling can be more complex.

I've just realized that ads have destroyed rickrolling

When I first saw the empty viewsource I thought it was some unicode character that's blank or something

What drawing/graphics tablet are using? I'm looking to purchase one myself but there are so many options.

Alternative title: I made a website only with CSS

Hey just want to ask what is the plugin used on 3:45? seems really helpful

@PwnFunction at 3:37 what's the VSCode extension that you're using for sending the GET request?

Wow, this brings back memories... I did something similar 15 years ago to mess with someone. They couldn't figure out how I did it :D

I just realised my favourite penguin watches jujutsu kaisen

TL;DW: if you check `curl -I`, the header `link` is set to `; rel=stylesheet;` and the `refresh` header is set to the youtube video link. `style.css` sets all the content, etc.

Me - Starts Video Video - Instanly Rick Role Me...

2:29 PwnFuncition sleeping

Why is this channel so underrated? This is brilliant

Why not do a 301 or 302 redirect instead? No code required. Then again, kind of defeats the blank devtools point.

What text theme are you using? It looks like Monokai but more vibrant , cause when i use Monokai Pro it doesn't like as vibrant as yours

his voice sounds like cutting butter with overheated shoe

The virgin “View source code” vs. Chad “Inspect”

yeah, fortunately completely hiding the source code of a website is fundamentally impossible since the browser will always need to have it to display it to you

no one: me: watching these random vids at 2am cause bored

they just take me go to the rick roll youtube video

Python: ('A'*5) + ('Y'*5) + '!' Output: 'AAAAAYYYYY!'

The stylesheet style.css got it's own entry in network panel when page is loaded (firefox 88.0).

Obfuscated thoughts. Huh. Just a thought I had when hearing that you want to hide not obfuscate code.

5:27 in the morning and watching this for some reason

Funny thing is, using Google-injected code to obfuscate things would *prevent* it from working for me, purely because, as a targeted advertising company, I *don't* trust Google for third-party subresources in uMatrix unless absolutely necessary. (The service workers not working is less interesting. I just keep them disabled in about:config for lack of a uMatrix-alike.)

Ha jokes on you, I always have my devtools open in a separate window and I keep my main browser window minimized

I was hoping this was just a whitespace webdev extension

Could you please tell me what set (shades or contrasts) of colours have you used for this video? It looks amazing!

Hmm, little trick with "show source code" for dynamic and Javascript, Ctrl+A -> show selected source code, show actual browser generated html content. But anyway I still use devtools.

Dude this is absolutely not a waste of time!!! It helped me to understand why I can't see google forms' (my some exams are on google form) source code... Now I got that... Thanks

the website has changed, it just takes you to the youtube video...

That's the most ingenious waist of time I have seen in a very long time.

I love how this ended up in this years hackvent

It's just a blank page that redirects to a youtube video after a few seconds, CSS is not loading (Chrome 108, Linux Mint)

Excuse me. I’m a little bit confused. How did you displayed website page information in the terminal on 4:00? It OS has built in function in terminal or what? (Yeah, I’m dummy)

8:50 When the PwnFuncition is SUS

He rickrolled us at 5:39, where the tabs are, one group is named RickRoll, we got rickrolled boys.

This name makes me remember something... **VSAUCE MUSIC INTENSIFIES**

imho the « view source code » button and the tab « element » of dev tools are for different usage. I use the « view source code » function likely as I use the network tab of the dev tools to see what the server is sending into the response body

Nice video! What color scheme are you using in vscode (5:50)? That's cool

Cool. Is that a VS code extension for sending POST / GET requests?

The level of cool I wanna reach is when the penguin said "Lemme explain". I guess I will be never that cool.

_you read the title_ _vsauce music start playing_