Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Exit
Inventsable
Enthusiast
Inventsable
Enthusiast
Activity
Jul 27, 2024
01:01 PM
You didn't specify that you were using Gumroad earlier, no. I mean it is easy to copy and resign that part is obvious but how to access parts of js file which run functions from jsx (on both were applyied obfuscator) I did not have time to check yet. I am sure that there are workaround. Any obfuscation can be easily reversed (if you know what to look for or what libraries to use) and even JSXBIN has public cracks on Github allowing converting from JSXBIN back to human readable JSX so it's not secure either. This is the only point I'm trying to reiterate to you -- at some point this becomes a sunken cost. You're the one who decides when that point is, but genuinely I don't think it's something you have to worry or care about unless you know for a fact your extension is going to sell several hundreds if not thousands of licenses. The scope of CEP and the market existing inside it is just too small for nuanced license concerns, you're not pushing patches of CrowdStrike to millions of users here. If you only sell 50 licenses with this product (which happens to every one, most of my own tools have not been as successful as I wanted them to be) then all this time, care, attention and worrying is for nothing but practice I guess. But if someone knows how to use fs.utimesSync, then they likely already know how to reverse obfuscation or strip out your validation JS in the first place. All this "what if this" and "what if that" is just hyper-focusing on a very small and manual bypass that, in the big picture, is not very likely or even efficient in the first place. Say a user does deactivate then copy then reactivate, what does this produce? A single extra use per session of your tool requiring manual work every time in a way that can't be easily shared between several people? That's an extremely small problem to have.
... View more
Jul 27, 2024
09:56 AM
1 Upvote
Creation Time, Modification Time, Access Time....this is all possible to change with js or through terminal or some other app, right? No, but even if they were, the user would need to be smart enough to open the panel with CEF Client to display localstorage values anyway. At the point they know how to do that, this is mostly a moot point, because like I originally posted there's nothing stopping someone from stripping out Javascript in your panel then resigning or using it as is, or even running arbitrary JS in the CEF console. He do not need to do any modification of file just need to do in this order: copy license file, deactivate, paste license file. And still will have functional extension on current computer and still one more actication as he just deactivate on that computer. And can do like this infinitely. With that copy paste Creation Time of license file will change, but he can back to original value. If I add that info about creation time in localstorage this will not protect from this above, right? This is why I recommended and gave you date modified, not date created. Modified is changed whenever the file path changes or the content inside changes. Also you're using seating, so just poll the license and seats silently every 10 minutes and no one alive will have the patience to deactivate licenses manually like you've described 6 times per hour whenever they use the app. I think you're massively over-thinking this. This is such an obscure use-case of how to "hack" and sure, if you can think of a hole you may as well try to fill it, but I cannot stress enough to you that there are much easier ways to bypass security and you are not going to be able to stop that.
... View more
Jul 26, 2024
07:51 AM
1 Upvote
If I were doing it, I'd use fs.stat or fs.statsync to know when it was last modified: // Use fs and path from node
const fs = require("fs");
const path = require("path");
// Resolve the filepath to absolute
const filePath = path.resolve("./somePathHere.json");
// Get the millisecond value of when the file was last modified:
const dateModified = fs.statSync(filePath).mtime.getTime(); If you're the one writing the file, write a key/value to localstorage with Date.now() at the same time your license file was written or whenever your panel is modifying it, then when the panel mounts in future compare if your localstorage value is equal to the license file stat getTime above within a small margin like ~20 ms (or just capture the getTime of the file after writing it for exact comparison). If it is equal you'll know that it was last modified by you, but if it isn't, the user (or something else) must have modified it.
... View more
Jul 19, 2024
09:58 PM
Coming back to this, I actually rebuilt this as an open source CEP panel a while back: Figured it'd be nice to drop some Show and Tell rather than have the forum be nothing but questions, I always enjoy seeing the cool things that other people come up with!
... View more
Jul 19, 2024
09:41 PM
arguments does not refer to command line, it's specifically referring only to in-scope parameters of the function it's scoped within. In other words, it doesn't work like that, it only refers to what exists inside Javascript and the Javascript file you're running: function helloWorld() {
for (param of arguments) alert(param);
}
helloWorld("a", "b", "c");
// "a"
//
// "b"
//
// "c"
alert(arguments) // Always "Undefined" or length of 0, it doesn't exist in root/global scope in any meaningful way You could write a batch file which would write these params to a temp file on Desktop then launch the extension and run the script which reads then parses that temp file to get the same result or a bin command for NodeJS to do something similar but as it stands the default behavior of shell has no bearing or relation to the scripting environment within the app.
... View more
Jul 19, 2024
08:48 PM
3 Upvotes
It depends on what "safe" means. If you're including API keys to paid services then no, storing them in any local file or localStorage is not good practice and is very insecure even if encrypted, but if by "safe" you're asking if a malicious actor could harm the user in any way if they could access and decrypt your license key the short answer is no. At most, all that would happen is a lazily cracked version of your extension might be available online -- but if I wanted to do that, I'd just strip out the code in your extension that checks for licensing to begin with then resign and redistribute it as a ZXP to skip the licensing part entirely and unfortunately, no amount of security measures would prevent that due to how relaxed CEP is with self-signed certificates. If I were a malicious actor looking to redistribute your extension with extra code that modifies the user filesystem then your manner of licensing is completely irrelevant regardless of the depth of your security measures from code visibility alone. All it would take is someone who knows what they're doing committing to the time and effort it would take to just erase whatever lines of code you're using to authenticate a license or make requests to bypass this issue, and though it's not an inevitably that's going to happen, taking too many steps trying to prevent it will end up being a sunken cost in my opinion. Either they have the skill (and you can't stop them anyway) or they don't, and either something like this will happen or it won't. Have decent SEO to appear above any redistribution on search engine results and that catches 99% of potential users finding that redistributed version to begin with. As someone who's made a variety of CEP extensions some of which for large clients with a combined userbase of over 20K licenses, it's never happened to mine, at least that I know of. There are plenty of online resources about "API key provisioning" (exact phrase for ease of googling for you) that address and discuss this along with best practices for security, but it becomes a manner of scale and if I'm honest, I don't think any CEP extension merits the college education level of knowledge needed for perfect security. The Goldilocks Zone between simple and secure is something like this: A handshake with an external broker like AWS Secrets Manager under a whitelisted domain/source, or in your case a License Manager with a very similar flow using "forward secrecy" concepts (key exchanges are based on temporary keys which lead to a sensitive key) -- your extension is the whitelisted source, the key is stored externally on the server of the manager, extension makes a request with some manner of token, if that request is validated correctly the manager sends the license key in request response, your extension now knows it's legitimately licensed via response. You'd be storing tokens in localStorage instead of license keys directly and can set these to expire after arbitrary lengths, but details on tokens themselves / how to generate or validate would depend on the specific manager or platform. Using Proof Key for Code Exchange (PKCE) or equivalent in requests that require API access with paid rates when possible. In my opinion, any obstacle is enough to discourage 90%. SHA-256 with some hidden salt could be plenty to store your license in localStorage since most likely will never get beyond that point. If it's your first extension or your first serious extension, it's hard not to have ideas like this -- "I want to prevent people from stealing my work", "I don't want to miss out on any paying customers" -- and so on, but the market is small and niche. Your target market are professional artists who are used to paying for SaaS solutions and other means of improving their production. Focusing too much on things like this can just be a distraction from a worried and anxious inner mind and in reality, won't make much meaningful difference unless your extension is successful enough to sell several hundreds or thousands of licenses to begin with. If the extension isn't 100% done in every other aspect, then there's more pressing work to attend to.
... View more
Jul 17, 2024
11:24 PM
Ironically that's already been done in CEP like Hyperbrew's KlutzGPT extension, with that name because it's not very reliable lol. I do think that's the likely direction of low-level user interaction in future too, but I'd hope that Adobe is too developer-conscious to limit integration to only that. I've just been openly skeptical and critical of UXP's ground-up design approach from the very beginning and tentatively expecting that by the time Illustrator even gets UXP, that UXP itself will be as old as CEP was when Adobe decided to replace it. But since CEP had a Chromium backbone it could inherit new Chromium features whereas UXP updates will have to be done manually by hand, meaning unless it's impeccably updated, it'll fall behind far faster. Even companies as large as Microsoft don't create ground-up extensibility platforms for Visual Studio because they want a hands-off approach in keeping it 1:1 with modern development 🤷 Anyway I think it's a combination of most things already stated, but also to be fair the Adobe forums themselves have never been too active and I see plenty of scripting activity on other platforms like Discord and Reddit. I still wish we had a separate Illustrator scripting forum since it's now next to impossible to search for scripting solutions here due to fuzzy keyword matching hundreds of general Illustrator posts. The good old days of having a dedicated, separate forum specifically for Illustrator scripting...
... View more
Jul 17, 2024
10:37 PM
1 Upvote
There's still plenty that can be done though every day more script solutions are Google searches away so don't need bespoke scripting, but I think the unfortunate truth is that the Scripting API has been stagnant for so long that most innovative ideas need to be done in CEP in the first place -- and that's even on it's way out in favor of UXP, which will bring with it an entirely different (and hopefully modern) scripting API.
... View more
Jul 01, 2024
08:50 PM
Seeing this single post lacks context. boguslavsky had already asked several questions around the same time to the extent I understood their project already had decent complexity. It's not as if the first suggestion I make to anyone making a CEP panel would be "learn React".
... View more
Jun 28, 2024
11:47 PM
I remember seeing it when you released and talking more in other posts. It would be a nightmare to make something that complex in vanilla HTML and JS. Using frameworks is nowhere near as daunting as the uninitiated might expect it to be. Boilerplates like Bolt-CEP or my own Bombino are arguably far easier to use than demystifying Adobe's own lacking documentation and all the special edge cases of CEP as an environment, with the added benefit that you develop in line with modern web development.
... View more
Jun 27, 2024
08:09 PM
The answer did have to do with the CEP panel: to read a gradient's stops through JSX scripting, send it to CEP via JSON, then translate that to a CSS property. The question wasn't how to create a gradient within scripting, it was how to render it within a <div> of a CEP panel's HTML. CEP 11 uses Chromium v88 so it supports nearly all modern Javascript and if you use a modern framework those inevitably come with compilers like Vite or Webpack which can compile down to be compatible allowing you to use modern methods and CSS like linear-gradient anyway.
... View more
Feb 06, 2024
07:22 PM
I'd be interested in taking a go at this as well, but for the sake of clarity I would need to know exactly what "break at certain point within the words" means. If you give a list of words or example file this would help greatly, otherwise we're completely in the dark with what the requirements actually are and people like Mark might do a ton of work that isn't on the right track from lack of information.
... View more
Jan 22, 2024
06:45 PM
1 Upvote
If you're familiar with Node, try nexe. Realistically anything that can move a file from one place to another specified directory is a basic installer. That can be through Node, Autohotkey, Python, or anything you prefer.
... View more
Dec 12, 2023
08:26 PM
I've always known it's possible since keyboard hooks exist in the first place but I've been asking about this for over 7 years even to Adobe employees directly and have been given similar answers each time: it's not planned or it poses hotkey conflicts with host app or it's out of scope of CEP's needs and etc. I'm only relaying to you that I've been told and seen that this is "not possible" in the current implementation of specific apps like Illustrator and CEP in general, not that it's literally not possible or that there isn't one app that has done this as an anomaly since this is such a common request from the community and has been asked about consistently for a long time by people like me. I'm just speculating on how one might do it right now despite the fact Adobe has no official support because if you know what to look for or know what to do, you don't need to wait for their support in the first place, and if we're honest, it's never going to happen in a uniform way across all apps given the lack of cohesive uniformity from all the separate app development teams especially in regards to legacy Extendscript and CEP engines which have been on their way out for several years now in favor of UXP.
... View more
Dec 10, 2023
09:08 AM
As a completely theoretical mental exercise let's assume there exist things named keyboard hooks which might be accessible to someone through something like Autohotkey. Technically this becomes a keylogger which is hard to discuss because it can track every key that your hardware gets as input and this has a lot of overlap with malware since you can trace sensitive information like passwords that the user would manually type into their keyboard, which of course neither of us is advocating for. If one were so inclined, one might use Autohotkey for Windows or some equivalent for OS agnostic keyboard hooks to create specific non-blocking keybindings scoped to a particular focused window by window ID or handle which on every input send a JSON message through a COM object to a specified port like localhost:8080 that some CEP panel might happen to be listening to via something like Fastify or ExpressJS and happen to parse then happen to trigger an effect on receiving this message. I guess we'll never know if something like this is possible since many in the community including Adobe employees themselves have consistently stated it is impossible. I guess we'll never know.
... View more
Dec 04, 2023
10:15 AM
There is no equivalent. The best you can do is write a shell / bash script onto a local file and run it via File.execute() in scripting, or ignore scripting altogether and handle it from a CEP plugin via NodeJS and child_process.
... View more
Dec 04, 2023
10:10 AM
2 Upvotes
There seems to be a bit of confusion here, so to lay it out explicitly: "Adobe SDK" = The software developer kit published by Adobe for making AIP extensions and plugins using C++ "AIHostAdapter.aip" = A plugin built in C++ to allow Javascript to communicate with the host app "AIHostAdapter.js" = The sibling Javascript file which you'd use with the above plugin To use AIHostAdapter, you don't use or touch the SDK. It doesn't require you open Visual Community and download their SDK or anything of that sort. To use AIHostAdapter, you simply place the AIP plugin into the user's "Plugins" folder, which does require admin access and would either need to be done via installer or command line if not asking the user to do it yourself. You cannot use AIHostAdapter without installing the AIHostAdapter.aip plugin, no. You can use AIHostAdapter without installing the SDK because it doesn't have anything to do with the SDK, it's already a standalone plugin and there'd be no need to extend it via the SDK and add new functionality unless you were specifically looking to do just that.
... View more
Nov 28, 2023
09:58 PM
1 Upvote
Notice this is not JSX scripting, this is code in my frontend. AIHostAdapter doesn't touch or interact with scripting, it only receives CEP events from the plugin on the CEP side, not the JSX / host application side. To connect them, you'd just listen in CEP then trigger an evalScript or JSX script to run from inside this listener.
... View more
Nov 12, 2023
09:10 AM
1 Upvote
Perfect, thanks so much 👍
... View more
Nov 11, 2023
09:47 PM
Do we have a bot problem? I just got 8 emails about a minute after posting with upvotes for no reason. Maybe this is via tag or keyword?
... View more
Nov 11, 2023
09:41 PM
8 Upvotes
Hi all, I'm building a new tool that leverages the AIHostAdapter to track certain events in the app. Unfortunately and somewhat ironically, the adapter from Adobe's CEP link itself works great with one exception: the pingPlugin function of the adapter errors out to an undefined function reference internally. This means that I can't easily send a ping and receive a ping back to verify the user has the adapter installed, even though all the events themselves work fine and my tool can use those events without issue. I need some layer of error handling on this to verify the adapter is installed, which would be the ping in any other case and the reason that function exists, but for now I'm going to settle on searching the program files themselves then checking for the correctly named file in the right location. On windows this is: "C:\Program Files\Adobe\Adobe Illustrator 2022\Plug-ins\Extensions\AIHostAdapter.aip" I can get this fairly easily via CSInterface().getSystemPath(SystemPath.HOST_APPLICATION), which produces: "C:/Program Files/Adobe/Adobe Illustrator 2022/Support Files/Contents/Windows/Illustrator.exe" Which I can then slice to the Illustrator 2022 root and check Plug-ins/Extensions from. But on Mac, not only do I not know where AIHostAdapter.aip is normally installed, but I also don't know what filepath is produced when CSInterface().getSystemPath(SystemPath.HOST_APPLICATION) is run. Does any one know? TL;DR What's the filepath where AIHostAdapter.aip/AIHostAdapter_Code_Signed.zip is usually installed on Mac? What's the result of CSInterface().getSystemPath(SystemPath.HOST_APPLICATION) when run in Illustrator on Mac?
... View more
May 17, 2023
06:41 PM
You can only communicate via strings between the environments, even if this is JSON that you parse once loaded. CEP extensions have plenty of utilities for handling files especially via NodeJS, but this depends entirely on what you're intending to do. If you want to display images created in app in some CEP extension, you're better off exporting the file from JSX, returning filepaths to CEP, then reading the filepaths in CEP as something like base64 and assigning it to an img src attribute like here.
... View more
May 17, 2023
06:32 PM
1 Upvote
Now that I'm not typing on mobile, this is closer to what I meant but you'd still have to concat it with the original list afterwards so it ends up not being much shorter: var list = get("pathItems", app.activeDocument.pageItems, true)
.filter(function (pageItem) {
return pageItem.selected && /^path/i.test(pageItem.typename);
});
... View more
May 17, 2023
04:31 PM
Looks great Sergey, only modification I'd make is probably this: function copyColorsToClipboard(isGetSpotVal, isGetTintVal) {
try {
// Get selection as real array instead of Array-like
var list = getPaths(app.selection, app.activeDocument.pageItems, true)
.filter(function(pageItem) { return /^path/i.test(pageItem.typename) }); The getPaths function probably wouldn't be needed since get is already a recursive lookup, just need to feed it more specific parameters so it doesn't default to the top-level document as the parent but instead all PageItems, which should then cover any group or compound path contents, then filter out anything that isn't a pathItem. EDIT: Wait a second lol, that wouldn't work. Disregard this, yours is great.
... View more
May 14, 2023
10:16 AM
3 Upvotes
This might look like a lot, but it really isn't once you look past the polyfills at the beginning and just look through the copyColorsToClipboard function. I took what you did and refactored it a bit: Object.prototype.keys = function (obj) {
var keys = [];
for (var key in obj) keys.push(key);
return keys;
};
Array.prototype.map = function (callback) {
var mappedParam = [];
for (var i = 0; i < this.length; i++)
mappedParam.push(callback(this[i], i, this));
return mappedParam;
};
Array.prototype.indexOf = function (item) {
for (var i = 0; i < this.length; i++) if (this[i] == item) return i;
return -1;
};
Array.prototype.filter = function (callback) {
var filtered = [];
for (var i = 0; i < this.length; i++)
if (callback(this[i], i, this)) filtered.push(this[i]);
return filtered;
};
RGBColor.prototype.getString = CMYKColor.prototype.getString = SpotColor.prototype.getString = LabColor.prototype.getString = function () {
var result = this.typename.replace(/color$/i, "").toUpperCase() + "=";
var self = this; // Prevent namespace conflicts from scoping
if (this.spot) return this.spot.name
else result += Object.keys(self)
.filter(function (key) {
return !/typename|getString/.test(key);
})
.map(function (key) {
// Color keys are always in order, so just return them rounded:
return Math.round(self[key]);
})
.join(",");
return result;
};
function get(type, parent, deep) {
if (arguments.length == 1 || !parent) {
parent = app.activeDocument;
deep = true;
}
var result = [];
if (!parent[type]) return [];
for (var i = 0; i < parent[type].length; i++) {
result.push(parent[type][i]);
if (parent[type][i][type] && deep)
result = [].concat(result, get(type, parent[type][i], deep));
}
return result;
}
function setClipboard(str) {
var prev = get('selection');
selection = null;
var idoc = app.activeDocument;
var tlayer = idoc.layers.add();
var tframe = tlayer.textFrames.add();
// Had faulty unicode whitespace characters showing, so strip them:
tframe.contents = str.replace(/^\s*||\s*$/, "");
tframe.translate(10);
tframe.selected = true;
app.copy();
tlayer.remove();
app.selection = prev;
}
function copyColorsToClipboard() {
try {
// Get selection as real array instead of Array-like
var list = get("selection");
// Compile array of all fills and strokes
var colors = []
.concat(
list.map(function (item) {
return item.filled ? item.fillColor : null;
}),
list.map(function (item) {
return item.stroked ? item.strokeColor : null;
})
).filter(function (color) {
return !!color; // Remove any null values
}).map(function (color) {
return color.getString(); // Replace values with string in form [TYPE]=[VALUES]
}).filter(function (colorString, index, arr) {
return arr.indexOf(colorString) == index; // Remove duplicates
})
setClipboard(colors.join(", "))
} catch (err) {
alert(err);
}
}
copyColorsToClipboard(); In the above, these are identical colors in value but the left is a Spot color swatch named PMS 186 C whereas the right is a pure RGB.
... View more
May 14, 2023
09:14 AM
2 Upvotes
// A selected textFrame, otherwise would be like app.activeDocument.textFrames[0]
var target = app.selection[0];
// This textFrame's attributes:
var attributes = target.textRange.characterAttributes
// This textFrame's font:
var font = target.textRange.characterAttributes.textFont
// could instead be: attributes.textFont
alert(font) // [TextFont MyriadPro-Regular]
alert(font.family) // "MyriadPro"
alert(font.style) // "Regular" You'd want to reference these pages for what properties and methods are available: TextFont CharacterAttributes ChatGPT isn't always reliable in scripting because it often misleads you entirely, confuses scripting between apps, or states certain methods exist inaccurately, and I've never actually used scripting alongside variable fonts to set or retrieve values but I'd imagine that those settings are most likely to be in CharacterAttributes.
... View more
May 13, 2023
01:25 PM
2 Upvotes
Alongside what femkeblanco posted, I find most of Adobe's first party documentation really lacking and hard to navigate. There are community-created versions which are a lot more easily searchable and more modern which I use instead: Illustrator API Javascript API (for shared classes like File/Folder between all apps) My own online code editor that displays the API as you type for any app and contains various resources in the lefthand drawer
... View more
May 12, 2023
09:24 PM
2 Upvotes
This isn't a full solution because I don't have the time to do the color collection part, but I've gotten setting clipboard content to work (only tested on Windows) like this: function setClipboard(string) {
var isWin = /win/i.test($.os);
var tmp = isWin
? File(Folder.desktop + "/tmp.bat")
: File(Folder.desktop + "/tmp.sh");
tmp.open("w");
tmp.write(
isWin
? 'echo off\r\necho | set /p="' + string + '" | clip'
: '#!/bin/sh\r\necho "' + string + '" | pbcopy\\r\\nexit 0'
);
tmp.close();
while (!tmp.exists) $.sleep(100);
tmp.execute();
tmp.remove();
} If it doesn't work or any one else knows of a better solution definitely let me know, unfortunately I've never been able to get the opposite to work of retrieving clipboard contents without other solutions like Autohotkey. The idea would essentially be to construct a bat/sh file to echo clipboard contents to a raw text file then immediately read the text file and delete both but executing a sh file that creates another file never works in scripting for me even when the exact same file does work manually executed.
... View more
Get ready! An upgraded Adobe Community experience is coming in January.
Learn more
Copyright © 2025 Adobe. All rights reserved.
AdChoices