I am working on building an HTML5 extension for InDesign CC 2015. I bundle the extension with Extension Builder 3 into a zxp file; which upon installing unpacks to HTML pages and js and css files into the install location on my Mac (/Library/Application Support/Adobe/CEP/extensions/MyExtension). My concern is, this way, my extension can be easily modified or reverse-engineered. How do I encrypt my extension before sending it to the customers so that my code is not wide open in front of them?
As stated in the CEP cookbook :
So there is no reliable way to prevent user finding your client-secret if IMS APIs are invoked in HTML extension. Alternatively, you could choose to call IMS API in native side, and communicate HTML extensions by CSXS event/Extend Script.