Organizing and packaging HTML5 extension

Question

I am working on building an HTML5 extension for InDesign CC 2015. I bundle the extension with Extension Builder 3 into a zxp file; which upon installing unpacks to HTML pages and js and css files into the install location on my Mac (/Library/Application Support/Adobe/CEP/extensions/MyExtension). My concern is, this way, my extension can be easily modified or reverse-engineered. How do I encrypt my extension before sending it to the customers so that my code is not wide open in front of them?

Loic.Aigon · Accepted Answer

As stated in the CEP cookbook :you could choose to obfuscate it in term of hiding internal Html extensions. But please keep in mind that there is no final/reliable way to obfuscate HTML/JavaScript staff, because it is not so hard to revert it back to plain text. Even if the extension is signed, users still could add entry "PlayerDebugMode=1" in registry/plist to load the modified extension. Even in flash world, there still might be ways to decompile swf to get your IMS client-secret.So there is no reliable way to prevent user finding your client-secret if IMS APIs are invoked in HTML extension. Alternatively, you could choose to call IMS API in native side, and communicate HTML extensions by CSXS event/Extend Script.info here

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded