What's wrong with right click traps?

by Pinocchio Poppins

There are several EcmaScript snippets floating around to disable the context menu of web browsers that run on the Windows and UNIX systems. (EcmaScript is the language formerly known as JavaScript.) Web designers who use such scripts to "protect" their content are doing more harm than good.

why right-click traps don't work

why right click traps do harm

If the chosen EcmaScript snippet is smart enough to cover only images (such as the snippet below), it won't do much harm. However, most scripts disable the right-click menu everywhere, and this does more harm than good:

the bottom line

If you want to protect your images without getting in the way of navigation, use this snippet and only this snippet freely available from The JavaScript Source:



<script language="JavaScript">

<!-- This script and many more are available free online at -->
<!-- The JavaScript Source! http://javascript.internet.com/ -->
<!-- Toss this part between <head> and </head> -->

<!-- Begin
function right(e)
{
var msg = "Use the Print Screen key instead.";
if ((navigator.appName == 'Netscape' && e.which == 3) ||
    (navigator.appName == 'Microsoft Internet Explorer' &&
     event.button==2)) {
alert(msg);
return false;
}
else return true;
}
function trap() {
if(document.images)
for(i=0; i<document.images.length;i++)
document.images[i].onmousedown = right;
}
// End -->
</script>

Make sure to load it in the body tag: <body onLoad="trap()" bgcolor...>

A shit list

Shame on these sites for using right-click traps.:
http://pineight.8m.com/shitlist.htm#list

(return to) abusive JavaScript

There are other ways to get around various "you can't right-click here" browser traps:

  • in IE4.x and above on Windows platforms, you can drag the image out to your desktop and save it, or to one of the new file suckers like Net Vampire that accepts the URL links in this style;
  • you can get a look-ahead caching program to pull files from the site into a folder, or use the IE "offline reader" function to do the same;
  • you can also just look in your browser cache and find the files there.

Both of these alternatives are better than doing a screen capture, because that will be "lossy."


(update - an "image toolbar" was added as an option in IE 6.0, meaning that, if enabled, mousing over the upper left corner of pictures will generally give you a little pop up bar offering choices to save, print, etc. However, the drag technique mentioned previously is still better if you have many items on a screen.)

You can do

telnet l33t.com 80
GET /pr0n/js_page.asp HTTP/1.0

and see the unrestricted text flow. That doesn't even depend on platform/browser like some solutions above, telnet is everywhere. Right?

If you use Windows and Internet Explorer there are a few ways to get round this depending on what events they have chosen to capture, and how they filter them.

  • Both buttons at once. Since left clicking is perfectly ok (how else would you click on a hyperlink?), if you left click on the image, hold the button down, and then click the right button, this will defeat most simple scripts.
  • Windows key. While this isnt't exactly what mat catastrophe described, if you need to view the source of a page
  • simply hit the context menu key on your keyboard.
  • The top menu. Use the View menu at the top of the window :).
  • Pull it out of your cache. Hmmm, this one is a bit simple :) Pull the image out of your browsers cache directory.
That's all I can think of right now.
One other, more interesting, way of getting the goods (although, the context menu idea is genious if in windows) is to use wget. Now, we all know the joys of wget.

Properly set up, wget can spoof a very real netscape/IE client browsing their website, referring URL's and all.

From `wget --help` :
HTTP options:
       --http-user=USER      set http user to USER.
       --http-passwd=PASS    set http password to PASS.
       --header=STRING       insert STRING among the headers.
  -U,  --user-agent=AGENT    identify as AGENT instead of Wget/VERSION.

Recursive retrieval:
  -r,  --recursive             recursive web-suck -- use with care!.
  -l,  --level=NUMBER          maximum recursion depth (0 to unlimit).
  -m,  --mirror                turn on options suitable for mirroring.
and thus we get:
wget --http-user=Eraser --http-passwd=blarg --header="Cookie: blah blah blah" --user-agent="Netscape 4.7" --recursive --level=0 --mirror http://www.annoyingwebsite.com

Yes my pupils, with proper setting up, a little bit of manually requesting documents, you too can piss off those sites by telling them that you too have an exact copy of their entire site. Be sure and only email the sites to tell them of your ventures if you're sure they don't have a few hundred thousand lying around to hire a legal team.

This goes for those annoying webmasters who use focus();. They should be drawn and quartered. Repeatedly.
Some pages don't allow you to click right to save a picture or open a link in a new window. But there is a way to nevertheless if you are using windows and have a "windows-compatible" keyboard.
Ever asked yourself what's the purpose for that key between the windows key and the ctrl key?
It opens the context menu. So if you want to open a link in a new window just do the following: Right click on the link. Then a window will pop up telling you something about no source code or copyright or something. Click ok and you will notice that the link is selected. Now click on the key from above and choose "open page in new window".

Addition:
If you are a Mac user you can drag a image which is no link out of the browser' s window, and drag it in in one task. Now the image will appear alone on the page, and you can save it via File->Save.
novalis mentioned this to me.

Another way to get around this is to use the print screen key. Although it's messy and tedious, it's also handy for avoiding other similar setups which combine anti-right-clicking features with mouseovers and such. (For example, the guest area at www.nakkidnerds.com.)

For the uninitiated; when used in Windows, print screen copies the current contents of the screen onto the clipboard, to be readily pasted into most programs that support the use of bitmaps. As jasonm mentioned, this technique is slightly lossy (and somewhat impractical for images larger than your browser window's viewing area). The captured image will be at the same colour depth as your screen, whereas the original image may have had a greater colour depth. As long as you don't change your display settings, this shouldn't have a large impact on your viewing experience -- just know that you won't be re-creating the exact same image data that was on the web server.

Right-click traps are really lame because they inconvenience good people, and they do not stop bad people.
Think of this: do you really give a damn if someone grabs one of your images and uses it as a background ? In which way does this damage you ?
And again: the "professional" image thief will have an arsenal of tools that will tear through your puny JavaScript like a tank through a strawberry field.

Images can be sucked off a website with any number of non-interactive web clients, like wget. They take residence in the user's cache. And JavaScript can (luckily) be turned off.
Sure, you can make JavaScript mandatory for browsing your site (and you can force users to run Explorer: in which case, bye bye Linux users), but are you sure you have enough unique, compelling, precious content that users will put up with the inconvenience ? Remember, this is still a browser's market, in other words there is an abundance of sites and a scarcity of eyeballs.
And sites that really have content somewhat seem to ignore the issue. Right-click trapping appears to be an obsession of budding graphic designers and photographers fresh out the egg, terrified that someone will steal their images. I understand that that can be a concern, but right-click trap is not the solution.

One of the most irritating uses for Javascript ever concocted, right next to pop-up window advertising. The script keeps you from right-clicking on the web page, displaying a dialog box when you attempt to. Other versions of the script keep the context menu from appearing entirely. This is extremely annoying to a web user that uses right click a lot to open links in new windows and go forward and back.

No right-click scripts are an attempt to keep people from "stealing" web content. They are ineffective, as they are easily worked around, but people use them anyway. They are an abuse of Javascript; if you were planning on using them, PLEASE DON'T.

Of course, the only reason these scripts work at all is because of poor thinking in browser design. Javascript should never be able to override context menus, and if for some reaons it would be cosmetic to do so, this should be overridable, for instance with a ctrl + right-click.

With the release of Internet Explorer 5 and also Netscape 6.1, the no-right-click scripters have a new event to strike fear into the hearts of Internet users everywhere: document.oncontextmenu.

Whereas traditional right-click scripts captured document.onmousedown and .onmouseup, which can be circumvented by holding down clever combinations of mouse buttons to confuse the browser, or by pressing the Windows key, this event is specifically tailored to control the context menu.

Like any technology, it has its good uses -- for instance, writing your own context menu in a web application that is more relevant to the task at hand -- and its bad uses. Try inserting this small section of JavaScript into a web page:

document.oncontextmenu = new Function('return false');

Luckily, most no-right-click scripts as yet have yet to be updated to support the new browsers and are therefore able to be circumvented. Thank goodness for antiquated reference materials...

Another way of avoiding this plague, aside from the excellent wget or just pasting the image URL into your location bar, is to simply disable JavaScript in your browser options. This should only be done as a temporary measure -- many sites require or recommend JS for navigation or operation, such as the E2 Source Code Formatter.

If you are seeing an image in a browser, it is already on your hard drive. Web sites should work with the medium, with the fact that they are sending the data to your browser, not be all anal-retentive to their users. Disallowing save by disabling right-click is a pathetic hack, like disabling a car by putting duct tape over the ignition key slot.

Enter Mozilla, designed for the convenience of you the user, not as a free giveaway aimed at selling your gaze to advertizers. Here are two ways to here's how to extract images from your browser cache without a right-click. Both worked in Mozilla 1.1 to 1.3 on Windows XP.

Method 1: Page properties.

  • Load the page.
  • On the view menu, open the page info dialog
  • Go the the media tab to view the page's embedded images, and other embedded files.
  • click on the pretty URLs until you see the desired image in the preview box below.
  • Click Save as to save the image.
Method 2: Save the page.
  • On the File menu, chose Save Page As. Make sure that the save as type dropdown is Web Page, complete
  • Save the page in a place where you can find it. Mozilla is smart enough to also save the page's linked files such as images, and to fiddle the links in the saved page to point to the saved files. This is so that the saved page can be correctly displayed when the computer is not on the net. These linked files will be saved in a new subdirectory called pagename_files.
  • The images are now on your hard drive outside of the browser cache. You can either view the page at a later date in it's entirety, or copy out the images that you want and delete the rest.

right-click traps

their defeat, and variations

Some web authors, in an effort to maintain control of their intellectual property, use bits of scripting to keep visitors from right clicking various parts of their web pages.  The idea is to keep visitors from using their context menu to save or copy something.

There are many ways you may be able to defeat such safeguards. (varies by browser and environment)
  • Just disable scripting, or use a different browser.
  • Simply drag images to a folder or another window or program to save them.
  • Take advantage of caching; save whole pages, use a read-ahead "acceleration" program, or just look in the regular cache of your browser.
  • View source, and find the appropriate url the hard way.
  • Use both mouse buttons simultaneously, or hold down the right button while dismissing the dialog, then releasing the right button afterward to wonderful effect.
  • Hit the application key, or shift-f10, or anything else that works just like a right click.
  • Capture the whole screen. (your favorite screen capture utility, print screen, shift-apple-3)
  • Use some tool like telnet or wget to obtain the source, or the file(s) themselves.

The bottom line is, such scripts do not work.  - check out http://javascript.internet.com/page-details/no-right-click-explanation.html -   In addition, there are some bad things that such scripts do.

  • Visitors cannot copy links to email to their friends.
  • Visitors are forced to browse your site in a single window, making Hyperbrowsing impossible.
  • If set to automagically open documents in their associated programs, some users will be unable to take advantage of downloadables.

It is possible to encase all of your site in java or in flash, though that's a whole other ball of wax.

Log in or register to write something here or to contact authors.