4,381 questions
There is no way to hide JavaScript in web apps in general, so you can't hide it in add-ins either. The best you can do is use an obfuscator/minifier tool to make the code difficult for a human to read.
Protect javascript source code for Word addin
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 70%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKJ%3C/text%3E%3C/svg%3E)
Kees Jan Hoogland
21
Reputation points
Dear community,
We have developed a Word addin in javascript.
All the code for this addin is executed on the client side, no calls are made to a back-end server.
The problem is that all the code is visible by using the 'Attach debugger' option in the sidebar in which the front-end of the addin is shown.
The question: Is it possible to disable this debug option or hide the javascript code in any other way? or is the only way to achieve this to move all the business logic to a back-end server?
Microsoft 365 and Office | Development | Other
Accepted answer
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 23%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Rick Kirkham 281 Reputation points Microsoft Employee2021-08-17T20:27:12.73+00:00 -
Kees Jan Hoogland 21 Reputation points
2021-08-18T07:59:33.407+00:00 Thank you RickKirkham-9346. I was afraid of that and hoped that Microsoft would offer a protected browser within Word.
We already minify and obfuscate the code, but even then a user can still copy the code and use the addin without a license.
Is the only way to avoid this to move a part of the business logic to the back-end? -
Rick Kirkham 281 Reputation points Microsoft Employee
2021-08-18T17:08:07.47+00:00 Yes. as I understand it, code that you want to absolutely protect cannot be in client side JavaScript.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 93%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Eddie 0 Reputation points2024-01-04T15:50:43.3433333+00:00 Following up on this, a few years later.. how does Microsoft propose that client based add-ins are developed and distributed for commercial purposes? Web-assembly could be one way to protect code; is this part of any roadmap? Will VBA continue to be serviced for Office applications as Microsoft moves towards cloud?
Sign in to comment -