Section

Obfuscating HTML Files

HTML File Support

Pro

With a paid plan, you can obfuscate HTML files containing inline JavaScript. Enable the Parse HTML option, and the obfuscator will automatically extract <script> tags, obfuscate their contents, and preserve the HTML structure. This works with both basic obfuscation and VM obfuscation.

How it works: The obfuscator parses your HTML and finds <script> tags marked with the data-javascript-obfuscator attribute. Each marked script is obfuscated individually, and the complete HTML is output with protected scripts.

Important: Code inside each data-javascript-obfuscator script tag must be self-contained. Scripts are obfuscated individually and cannot reference variables or functions from other script tags.

Example

Input HTML

<!DOCTYPE html>
<html>
<head>
    <title>My App</title>
    <script src="vendor.js"></script> <!-- External scripts preserved -->
</head>
<body>
    <h1>Welcome</h1>

    <!-- This script will NOT be obfuscated (no attribute) -->
    <script>
        console.log('Regular script - not obfuscated');
    </script>

    <!-- This script WILL be obfuscated -->
    <script data-javascript-obfuscator>
        // Self-contained code only!
        function validateLicense(key) {
            return key.length === 32 && key.startsWith('PRO-');
        }
        validateLicense('test');
    </script>

    <!-- Another obfuscated script (isolated from the one above) -->
    <script data-javascript-obfuscator>
        function init() {
            console.log('App initialized');
        }
        init();
    </script>
</body>
</html>

After obfuscation, only scripts with the data-javascript-obfuscator attribute are transformed. All other content remains unchanged.

Limitations

Usage calculation: Your obfuscation quota is based on the total size of JavaScript code inside the HTML, not the full HTML file size. However, the maximum upload file size limit applies to the entire HTML file.

Evaluate output disabled: When Parse HTML is enabled, the "Evaluate output" feature is disabled since HTML cannot be executed as JavaScript.

Only scripts with data-javascript-obfuscator attribute are obfuscated
Each script tag is obfuscated individually — code must be self-contained and cannot reference other script tags
Event handler attributes (onclick, onload, etc.) are not obfuscated
JavaScript URLs (javascript: protocol) are not obfuscated
Scripts inside HTML comments are ignored
Source maps are not supported when Parse HTML is enabled