How to encrypt html&javascript?


#1

I am trying to create and publish a plugin using Ruby API Webdialog.

After encrypting external file html and javascript by third-party tools and submitting it to warehouse review, I received a reply ".rbs and .rbe file extensions are not allowed in the .rbz package."
Of course, ruby ​​files are not encrypted in .rgs or .rbe but are kept as .rb.

Is this method wrong?

Please tell me how to protect the javascript &html code.

Thank you.


#2

Here’s a quote right from the internet.

Unfortunately, the short answer to this question is, you can’t [hide your source code]. There have been various methods put forth, but all of these are easily circumvented. In the end, the only sure fire way to make sure no one can steal your source code is to never put it on the Internet at all.

However, you can encrypt your javascript and html - just don’t give it the extension .rbs or .rbe. You can give them extensions such as .dat

Personally I embed my browser code within a ruby file and then load it within.

html_code = build_html()

dialog.set_html(html_code)

The html_code variable is filled this way with a function

def build_html()
@@html_code = <<-HTML

// ...

HTML
end

You can obfuscate your code if you want


#3

After you encrypted your javascript and html files, did you leave them with some other extension or did you give them “.rbe” or “.rbs”? If you gave them one of these extensions, that is the problem. These extensions are reserved for encrypted Ruby files because SketchUp extended the ‘require’ method to automatically decrypt them as Ruby source. The methods that load content into WebDialog and HtmlDialog don’t have such extensions and wouldn’t accept .rbe or .rbs in any case.

The EW review system expects to see all Ruby source unencrypted so it can scan for compliance with EW rules. Seeing a .rbe it thinks you have violated this rule. But as @gkernan wrote, the reviewer doesn’t care about non-Ruby files. Give them some other extension. Or embed them in your Ruby source as Gary suggests.


#4

Thanks for your suggestions.

In the RBZ where the error returned, it is as follows.

hobe.rb(not encryped / requir rb/hogesub)
hoge/rb/hogesub.rb(not encryped)
hoge/js/hoge.js(encryped)
hoge/html/hoge.html(encryped)

When I previously put a .rbe file in .rbz, robot sent an error about 5 minutes after application, but this time there is no reply even a few days after application, so I pressed application button again I got an error right after a few minutes.

I do not know if this is related to errors or not.

In this time I tried applying variable html in rb(hogesub02.rb) according to @gkernan’s suggestion.

hobe.rb(not encryped / requir rb/hogesub01)
hoge/rb/hogesub01.rb(not encryped / requir rb/hogesub02)
hoge/rb/hogesub02.rb(not encryped, only html part encryped)
hoge/rb/hoge.data(encryped javascript)

Of course, in the local environment before the application, it is working without problem both last time and this time.

I will report it when the result of the application comes back.

Thank you.