Unpp is a quick and dirty crack for the !Impressions! Web Design PageParser, written by Jason Phillips. The idea behind PageParser is to encode an entire HTML file within a string in a small amount of JavaScript. When loaded by a browser, the JavaScript decodes the string and prints it to the browser. Because JS did the printing, the "readable" HTML and JavaScript in the page was never added to the document source, and is therefore more or less inaccessible to the reader. Its author explains that the utility renders your source "protected from the casual re-use by others."

Without going into a long-winded diatribe, if you don't want me to see your code, don't expect it to be run on my computers. Firstly, his sort of thing is dramatically counter to part of the open-standards issue of HTML; it's not a medium in which secrets last long, so development proceeds at an accelerated pace. Secondly, never trust code you haven't looked at yourself, and then don't trust it unless you understand what it's doing (encryption software is the traditional example; most of it is incomprehensible to those lacking advanced training or experience in several esoteric areas of mathematics).

PageParser's author writes:

While the PageParser's output is not completely immune from hand decoding, a high level of JavaScript understanding and coding ability is required. Despite this limitation, your code is protected from all but a small portion of the Internet population.

Hand decoding is decidedly the wrong way to go about this. The PageParser algorithm, apart from the lack of variable names and whitespace, is quite readable, and it takes about ten minutes to figure out how to reverse what it does. That's ten minutes you probably wouldn't spent, though, unless you were really interested in finding out how something on the page worked, or finding the elusive security flaw in your browser being exploided by encrypted code, or whatever. unppp provides a "casual" way to get the source to an encoded HTML file, with whatever JavaScript or other goodies may be embedded therein.

Incidentally, I fully believe in the ability to keep your code secret, and to maintain privacy in your own data communications. But I don't believe, generally speaking, in keeping code secret when its function is public. If something is intended for my consumption, I wish to be able and permits repairs or optimizations on my own time, without waiting for new releases &c.

That said, here's the meaningful stuff:

unpp online
unpp in CGI form; paste an encoded page in, submit, and a decoded page comes out. Simple as that. Source code is available here.
unpp.pl -- basic source code
The basic cracker, no frills or anything. Intended for UNIX use, but should work fine anywhere that runs perl and can direct program input.
unpp-fancy.pl -- fancier version source
Same engine, but adds some simple beautification to counter PageParser's whitespace removal. The JavaScript beautifier is pretty good, the HTML beautifier could use a little refinement.

Note from the future: A long time later, I came across a program called TagsLock from a company named AtomPark, which did much the same thing only more abusively. So I wrote another countermeasure.

Devin Carraway / unpp at devin.com