By now, you already know the key benefits of OutSystems: Low-code, fast development, deployment, and monitoring, for both mobile and web applications.

However, you still have to pay attention to all the risks that threaten these applications, such as code tampering and intellectual property theft.

Today, we'll talk about an easy and effective way to protect your OutSystems applications using Jscrambler. Continue reading to learn more and to catch a demo of how to integrate Jscrambler with your OutSystems apps.

Protecting JavaScript with Jscrambler

Jscrambler provides enterprise-grade security solutions to protect the client-side of web and mobile applications.

By default, the JavaScript and HTML5 code of your applications is completely exposed and can be debugged, reverse-engineered, or even tampered with by the end user. There is no feasible way to encrypt JavaScript to prevent this, so the next best thing is to transform it into something that is extremely hard to read and understand, while still working just like the original code. This is exactly what Jscrambler excels at.

Jscrambler's Code Integrity technology applies several protection layers that ensure that JavaScript and HTML5 source code become self-defensive and resilient to tampering and reverse-engineering.

By protecting your code with Jscrambler, you can prevent a myriad of client-side risks, including code theft, counterfeit applications, and violation of licensing agreements.

Let’s go into a bit more detail about each of the Jscrambler protective layers.


JavaScript code obfuscation is a series of code transformations that turn exposed code into a protected version of the code that is extremely hard to understand and reverse-engineer.

While most tools only offer basic obfuscation, Jscrambler applies the most advanced obfuscation techniques by combining dozens of JavaScript transformations. These include transformations to strings, variables, functions, and objects, through reordering, encoding, splitting, renaming, and logic concealing techniques. On top of this, Jscrambler’s control-flow flattening obfuscates the program's control-flow by adding opaque predicates, flattening the control-flow, and adding irrelevant code clones.

Jscrambler’s obfuscation is also unique due to its polymorphic behavior: each new code build has a completely different output, further increasing the difficulty of reverse-engineering attempts.

Here’s an example of a JavaScript code snippet before and after being protected by Jscrambler:


 function startTime() {  
    var today = new Date();
    var h = today.getHours();
    var m = today.getMinutes();
    var s = today.getSeconds();
    m = checkTime(m);
    s = checkTime(s);
    document.getElementById('txt').innerHTML =
    h + ":" + m + ":" + s;
    var t = setTimeout(startTime, 500);


B100.P=function (){return typeof B100.H.C==='function'?B100.H.C.apply(B100.H,arguments):B100.H.C;};B100.H8=function(){var u8=2;while(u8!==1){switch(u8){case 2:return{C8:function W8(n8,S8){var F8=2;while(F8!==10){switch(F8){case 11:return f8;break;case 14:f8[U8][(c8+S8*U8)%n8]=f8[c8];F8=13;break;case 5:F8=i8<n8?4:9;break;case 3:i8+=1;F8=5;break;case 8:F8=U8<n8?7:11;break;case 4:f8[(i8+S8)%n8]=[];F8=3;break;case 9:var U8=0;F8=8;break;case 13:c8-=1;F8=6;break;case 7:var c8=n8-1;F8=6;break;case 1:var i8=0;F8=5;break;case 6:F8=c8>=0?14:12;break;case 12:U8+=1;F8=8;break;case 2:var f8=[];F8=1;break;}}}(14,6)};break;}}}();B100.x8=function (){return typeof B100.H8.C8==='function'?B100.H8.C8.apply(B100.H8,arguments):B100.H8.C8;};B100.G8=function (){return typeof B100.H8.b1==='function'?B100.H8.b1.apply(B100.H8,arguments):B100.H8.b1;};B100.l8=function (){return typeof B100.H8.b1==='function'?B100.H8.b1.apply(B100.H8,arguments):B100.H8.b1;};B100.B0=function (){return typeof B100.R0.C==='function'?B100.R0.C.apply(B100.R0,arguments):B100.R0.C;};B100.t1=function (){return typeof B100.a1.C==='function'?B100.a1.C.apply(B100.a1,arguments):B100.a1.C;};B100.s8=function (){return typeof B100.H8.C==='function'?B100.H8.C.apply(B100.H8,arguments):B100.H8.C;};B100.P8=function (){return typeof B100.H8.I1==='function'?B100.H8.I1.apply(B100.H8,arguments):B100.H8.I1;};B100.q=function (){return typeof B100.H.C==='function'?B100.H.C.apply(B100.H,arguments):B100.H.C;};B100.B1=function (){return typeof B100.a1.b1==='function'?B100.a1.b1.apply(B100.a1,arguments):B100.a1.b1;};B100.b8=function (){return typeof B100.H8.w0==='function'?B100.H8.w0.apply(B100.H8,arguments):B100.H8.w0;};B100.T8=function (){return typeof B100.H8.I1==='function'?B100.H8.I1.apply(B100.H8,arguments):B100.H8.I1;};B100.H=function(){var n=function(W,E){var a=E&0xffff;var J=E-a;return(J*W|0)+(a*W|0)|0;},z=function(O,N,b){var w=0xcc9e2d51,M=0x1b873593;var G=b;var l=N&~0x3;for(var R=0;R<l;R+=4){var i=O.charCodeAt(R)&0xff|(O.charCodeAt(R+1)&0xff)<<8|(O.charCodeAt(R+2)&0xff)<<16|(O.charCodeAt(R+3)&0xff)<<24;i=n(i,w);i=(i&0x1ffff)<<15|i>>>17;i=n(i,M);G^=i;G=(G&0x7ffff)<<13|G>>>19;G=G*5+0xe6546b64|0;}i=0;switch(N%4){case 3:i=(O.charCodeAt(l+2)&0xff)<<16;case 2:i|=(O.charCodeAt(l+1)&0xff)<<8;case 1:i|=O.charCodeAt(l)&0xff;i=n(i,w);i=(i&0x1ffff)<<15|i>>>17;i=n(i,M);G^=i;}G^=N;G^=G>>>16;G=n(G,0x85ebca6b);G^=G>>>13;G=n(G,0xc2b2ae35);G^=G>>>16;return G;};return{C:z};}();B100.s1=function (){return typeof B100.a1.w0==='function'?B100.a1.w0.apply(B100.a1,arguments):B100.a1.w0;};B100.W0=function (){return typeof B100.R0.C==='function'?B100.R0.C.apply(B100.R0,arguments):B100.R0.C;};B100.w1=function (){return typeof B100.a1.I1==='function'?B100.a1.I1.apply(B100.a1,arguments):B100.a1.I1;};B100.n1=function (){return typeof B100.a1.C==='function'?B100.a1.C.apply(B100.a1,arguments):B100.a1.C;};B100.C1=function (){return typeof B100.a1.b1==='function'?B100.a1.b1.apply(B100.a1,arguments):B100.a1.b1;};B100.c1=function (){return typeof B100.a1.I1==='function'?B100.a1.I1.apply(B100.a1,arguments):B100.a1.I1;};B100.R0=function(){var j0=2;while(j0!==1){switch(j0){case 2:return{w0:function(H0){var y0=2;while(y0!==14){switch(y0){case 2:var C0='',A0=decodeURI("A$+5%25%1B%7C%07%09%0E06%5C%02*%25%25%20v%3E=$%094M%3E%00%3C2%3EM$1%12.%1AL%14%1Bj%094M%3E%1654%3CF.6%0E06%5C%07,%3E%22'M9");y0=1;break;case 5:y0=K0<A0.length?4:7;break;case 1:var K0=0,i0=0;y0=5;break;case 8:K0++,i0++;y0=5;break;case 6:return function(q0){var V0=2;while(V0!==1){switch(V0){case 2:return C0[q0];break;}}};break;case 3:i0=0;y0=9;break;case 9:C0+=String.fromCharCode(A0.charCodeAt(K0)^H0.charCodeAt(i0));y0=8;break;case 4:y0=i0===H0.length?3:9;break;case 7:C0=C0.split('^');y0=6;break;}}}('(JEPWS')};break;}}}();B100.D8=function (){return typeof B100.H8.w0==='function'?B100.H8.w0.apply(B100.H8,arguments):B100.H8.w0;};B100.b0=function (){return typeof B100.R0.w0==='function'?B100.R0.w0.apply(B100.R0,arguments):B100.R0.w0;};B100.a1=function(A1){return{I1:function(){var P1,D1=arguments;switch(A1){case B100.x8()[7][6]:P1=D1[0]*D1[2]-D1[1];break;case B100.M0()[7][12]:P1=-(D1[2]*D1[3])-D1[4]+-D1[1]+D1[0];break;}return P1;},b1:function(d1){A1=d1;}};}();B100.R1=function (){return typeof B100.a1.w0==='function'?B100.a1.w0.apply(B100.a1,arguments):B100.a1.w0;};B100.M0=function (){return typeof B100.H8.C8==='function'?B100.H8.C8.apply(B100.H8,arguments):B100.H8.C8;};function B100(){}B100.v0=function (){return typeof B100.R0.w0==='function'?B100.R0.w0.apply(B100.R0,arguments):B100.R0.w0;};B100.K8=function (){return typeof B100.H8.C==='function'?B100.H8.C.apply(B100.H8,arguments):B100.H8.C;};function startTime(){var I0=B100;var B,K,g,T,d,Y,r,I;B=new Date();K=B[I0.b0(1)]();g=B[I0.b0(7)]();T=583587531;d=-1024664412;Y=2;for(var o=1;I0.q(o.toString(),o.toString().length,44684)!==T;o++){r=B[I0.v0(4)]();g=checkTime(g);Y+=2;}if(I0.q(Y.toString(),Y.toString().length,49201)!==d){r=B[I0.v0(4)]();g=checkTime(g);}r=B[I0.v0(6)]();g=checkTime(g);r=checkTime(r);I0.C1(I0.x8()[8][12]);var o0=I0.w1(4,67,18);I0.B1(I0.x8()[4][8]);var c0=I0.w1(93,10,7,10,8);document[I0.v0(3)](I0.b0(2))[I0.v0(0)]=K+I0.b0(o0)+g+I0.b0(c0)+r;I=setTimeout(startTime,500);}

Code Locks

If you develop and market JavaScript applications—whether they are standard JavaScript, mobile web applications, or HTML5—you’ll want to prevent someone who didn’t pay, whose license has expired, or someone with malicious purposes from executing your code. This is where Code Locks come into play.

Jscrambler allows you to limit the execution of your code to a given set of browsers, a time frame (useful for demos that shouldn't be runnable after the preview period is over), on a given domain (usually yours), or a particular operating system. As an example, this means that you can deliver expirable demos to your clients without incurring the fear of code or client-loss.

Code Locks can also trigger a specific countermeasure when someone tries to execute the code outside of the set parameters.


On top of transforming and locking the code, Jscrambler can enable applications to become self-defensive and react to attacks. This self-defending feature protects functions and object literals, concealing their logic, blocking code tampering attempts with anti-tampering techniques, and detecting debuggers to trigger defenses that block reverse engineering attempts.

By default, the self-defending feature breaks the application when these tampering and debugging attempts are detected. On top of that, you can define a set of countermeasures to be executed. These include Break Application, Custom Callback Function, Delete Cookies, Redirect, and Real Time Notifications.

Threat Monitoring

With the Jscrambler 6.0 release, you can now see every threat to your protected JavaScript code in a live dashboard.

Threat Monitoring works as a countermeasure. So, when you select a code lock or enable self-defending, you can enable Threat Monitoring and be notified in real-time whenever someone tries to debug, tamper with, or break a code lock in your protected code.

Jscrambler Integration with OutSystems

Always Ahead of Reverse Engineering Tools

Jscrambler’s code protection technology has an exclusive built-in feature—Code Hardening — that brings crucial value to protected code: complete up-to-date resilience against JavaScript reverse-engineering tools and techniques.

Unlike any other JavaScript obfuscation or protection solution, Jscrambler’s Research team actively monitors these tools and techniques and releases live patches for new changes. As so, it's guaranteed that the protected code is always one step ahead of these automatic tools.

Integrating Jscrambler with OutSystems

The OutSystems Advocacy team has created a short introduction on how to integrate Jscrambler in your OutSystems applications as part of a how-to series of videos. You can find the video here.

Closing Thoughts

Protecting your JavaScript code is a crucial step to ensure that your intellectual property and business model remain safe. Jscrambler’s technology, used by the Fortune 500 and over 43,000 companies and individuals globally, provides your code with the most advanced protection layers while enabling you to see every attempt to tamper with your code in real-time.

If you’re interested in getting started with Jscrambler, you can test all features with a free trial. Also, don’t miss Jscrambler’s getting started tutorials.