Right-click trap

What's wrong with right click traps?

There are several EcmaScript snippets floating around to disable the context menu of web browsers that run on the Windows and UNIX systems. (EcmaScript is the language formerly known as JavaScript.) Web designers who use such scripts to "protect" their content are doing more harm than good.

why right-click traps don't work

• They don't stop users on a Macintosh computer, whose mouse has only one button (trapping that would be a Bad Thing).
• They don't protect your precious pictures at all: most graphical systems have a screen grabber (a WindowMaker, GNOME, or KDE applet on X11; Command-Shift-3 on Mac OS; the Print Screen key on Windows) and can simply dump your entire page to a bitmap file in one fell swoop. Someone who wants your pictures can also pull them out of the browser's cache.
• They don't protect your scripts, as the View Source command is still on the menu bar. (There are script obfuscators for that, and recent IE builds even support script encryption; look for these on Google.)
• Most browsers have an option to disable EcmaScript support. (Some even put a button for this on their toolbar.) Others (such as text-based browsers) may have no EcmaScript support at all. You want your site to be viewable on any browser, don't you?
• One word: wget.
• Read more at http://javascript.internet.com/page-details/no-right-click-explanation.html

why right click traps do harm

• Some users (such as myself) have an Open in New Window or "hyperbrowsing" style that takes advantage of the tree structure of many web sites, turning the tree into a priority queue of sorts. A right-click trap script makes that inefficient; the user has to tab to the link and press a key in lieu of right-clicking, or drag the link into an open window.
• The Copy Link Location command (also called Copy Shortcut) is on the right-click menu. One of the best ways to get Web traffic is by virtual word of mouth such as sending an e-mail link or linking from another web page. In fact, many search engines (such as Google) judge the relevance of a page partly by counting the links to the page.
• Some web browsers are set to open downloaded files from cache directly into their associated application and will save files to /home (or My Documents) only with a right click. An unintelligent script will make it very hard for the web designer to provide downloadables.
• The "right click for the menu bar" interface in the GIMP paint program may spread to web browsers. Using a right-click trap strategy will keep them from even pressing the back button (see also back button traps).

the bottom line

If you want to protect your images without getting in the way of navigation, use this snippet and only this snippet freely available from The JavaScript Source:

<script language="JavaScript">

<!-- This script and many more are available free online at -->
<!-- The JavaScript Source! http://javascript.internet.com/ -->
<!-- Toss this part between <head> and </head> -->

<!-- Begin
function right(e)
{
var msg = "Use the Print Screen key instead.";
if ((navigator.appName == 'Netscape' && e.which == 3) ||
    (navigator.appName == 'Microsoft Internet Explorer' &&
     event.button==2)) {
alert(msg);
return false;
}
else return true;
}
function trap() {
if(document.images)
for(i=0; i<document.images.length;i++)
document.images[i].onmousedown = right;
}
// End -->
</script>

Make sure to load it in the body tag: <body onLoad="trap()" bgcolor...>

A shit list

Shame on these sites for using right-click traps.:
http://pineight.8m.com/shitlist.htm#list

There are other ways to get around various "you can't right-click here" browser traps:

telnet l33t.com 80
GET /pr0n/js_page.asp HTTP/1.0

• Both buttons at once. Since left clicking is perfectly ok (how else would you click on a hyperlink?), if you left click on the image, hold the button down, and then click the right button, this will defeat most simple scripts.
• Windows key. While this isnt't exactly what mat catastrophe described, if you need to view the source of a page
simply hit the context menu key on your keyboard.
• The top menu. Use the View menu at the top of the window :).
• Pull it out of your cache. Hmmm, this one is a bit simple :) Pull the image out of your browsers cache directory.

HTTP options:
       --http-user=USER      set http user to USER.
       --http-passwd=PASS    set http password to PASS.
       --header=STRING       insert STRING among the headers.
  -U,  --user-agent=AGENT    identify as AGENT instead of Wget/VERSION.

Recursive retrieval:
  -r,  --recursive             recursive web-suck -- use with care!.
  -l,  --level=NUMBER          maximum recursion depth (0 to unlimit).
  -m,  --mirror                turn on options suitable for mirroring.

Addition:
If you are a Mac user you can drag a image which is no link out of the browser' s window, and drag it in in one task. Now the image will appear alone on the page, and you can save it via File->Save.
novalis mentioned this to me.

Right-click traps are really lame because they inconvenience good people, and they do not stop bad people.
Think of this: do you really give a damn if someone grabs one of your images and uses it as a background ? In which way does this damage you ?
And again: the "professional" image thief will have an arsenal of tools that will tear through your puny JavaScript like a tank through a strawberry field.

Images can be sucked off a website with any number of non-interactive web clients, like wget. They take residence in the user's cache. And JavaScript can (luckily) be turned off.
Sure, you can make JavaScript mandatory for browsing your site (and you can force users to run Explorer: in which case, bye bye Linux users), but are you sure you have enough unique, compelling, precious content that users will put up with the inconvenience ? Remember, this is still a browser's market, in other words there is an abundance of sites and a scarcity of eyeballs.
And sites that really have content somewhat seem to ignore the issue. Right-click trapping appears to be an obsession of budding graphic designers and photographers fresh out the egg, terrified that someone will steal their images. I understand that that can be a concern, but right-click trap is not the solution.

No right-click scripts are an attempt to keep people from "stealing" web content. They are ineffective, as they are easily worked around, but people use them anyway. They are an abuse of Javascript; if you were planning on using them, PLEASE DON'T.

Of course, the only reason these scripts work at all is because of poor thinking in browser design. Javascript should never be able to override context menus, and if for some reaons it would be cosmetic to do so, this should be overridable, for instance with a ctrl + right-click.

With the release of Internet Explorer 5 and also Netscape 6.1, the no-right-click scripters have a new event to strike fear into the hearts of Internet users everywhere: document.oncontextmenu.

Whereas traditional right-click scripts captured document.onmousedown and .onmouseup, which can be circumvented by holding down clever combinations of mouse buttons to confuse the browser, or by pressing the Windows key, this event is specifically tailored to control the context menu.

Like any technology, it has its good uses -- for instance, writing your own context menu in a web application that is more relevant to the task at hand -- and its bad uses. Try inserting this small section of JavaScript into a web page:

Luckily, most no-right-click scripts as yet have yet to be updated to support the new browsers and are therefore able to be circumvented. Thank goodness for antiquated reference materials...

Another way of avoiding this plague, aside from the excellent wget or just pasting the image URL into your location bar, is to simply disable JavaScript in your browser options. This should only be done as a temporary measure -- many sites require or recommend JS for navigation or operation, such as the E2 Source Code Formatter.

Enter Mozilla, designed for the convenience of you the user, not as a free giveaway aimed at selling your gaze to advertizers. Here are two ways to here's how to extract images from your browser cache without a right-click. Both worked in Mozilla 1.1 to 1.3 on Windows XP.

Method 1: Page properties.

• Load the page.
• On the view menu, open the page info dialog
• Go the the media tab to view the page's embedded images, and other embedded files.
• click on the pretty URLs until you see the desired image in the preview box below.
• Click Save as to save the image.

• On the File menu, chose Save Page As. Make sure that the save as type dropdown is Web Page, complete
• Save the page in a place where you can find it. Mozilla is smart enough to also save the page's linked files such as images, and to fiddle the links in the saved page to point to the saved files. This is so that the saved page can be correctly displayed when the computer is not on the net. These linked files will be saved in a new subdirectory called pagename_files.
• The images are now on your hard drive outside of the browser cache. You can either view the page at a later date in it's entirety, or copy out the images that you want and delete the rest.

right-click traps

their defeat, and variations

Some web authors, in an effort to maintain control of their intellectual property, use bits of scripting to keep visitors from right clicking various parts of their web pages.  The idea is to keep visitors from using their context menu to save or copy something.

• Just disable scripting, or use a different browser.
• Simply drag images to a folder or another window or program to save them.
• Take advantage of caching; save whole pages, use a read-ahead "acceleration" program, or just look in the regular cache of your browser.
• View source, and find the appropriate url the hard way.
• Use both mouse buttons simultaneously, or hold down the right button while dismissing the dialog, then releasing the right button afterward to wonderful effect.
• Hit the application key, or