Sign in Subscribe
Web

Content Protection in Readium Web

We are pleased to announce the release of new features in Readium Web: the Content Protection API, the Peripherals API, and a listener to customize the context menu.

Content Protection in Readium Web

These features were built during the development cycle of Content Protection, and help us fulfill long-awaited requests. All of this is available in version 2.3.0 of Navigator and Navigator HTML Injectables.

Browse the full release on Github

Overview


Content Protection is a new low-level API whose purpose is to provide ways to protect publications' content from being too easily copied or extracted. It is only the first piece of a larger system that will be built over the next months: Web Content Protection. Expect a lot more to come on this topic!

This Content Protection API should not be considered as a collection of measures, but rather a system with multiple layers that apps can combine and extend. This way, apps can build on top of it and add their own protection mechanisms if they deem it necessary.

Features


The main features of Content Protection are:

  • Restricting copy/paste
  • Restricting print
  • Restricting save
  • Restricting drag and drop
  • Restricting right-click
  • Restricting developer tools usage

It also provides ways to:

  • detect if the content is being viewed in an automated environment
  • detect if the content is embedded in an iframe

Finally, it offers monitoring capabilities to:

  • track unnatural selection patterns
  • track unusual navigation patterns

Of course rest assured that we will continue to improve this API and add more features in the future, these are only a starting point.

Extensibility


The API is designed to be extensible, allowing apps to add their own protection mechanisms on top of the base features. You can indeed listen to contentProtection events and add your own logic to enhance the protection. For instance, you could monitor for unusual activity patterns and reroute the user to a different page, or unmount the reader component entirely and replace it with unrelated or random content.

This means app developers do not depend on Readium TS-Toolkit’s core maintainers to implement all possible protection mechanisms, but can also design their own on top of the ones we built in. This approach provides flexibility and helps them react faster to new threats. In other words, you do not rely on us to implement new defences, you can add them as needed.

Check out the Content Protection documentation for more details.

More Enhancements


As a side effect of Content Protection, we were able to improve TS-Toolkit Navigator with two additional features: a new listener for the context menu and support for keyboard peripherals.

We have been busy implementing the missing pieces in TS-Toolkit for the last year, and we are glad to grow the list of available APIs, making it simpler for app developers to build their own features. We know how important the Preference and Injection APIs were in helping us build Thorium Web, needed the ones we are disclosing today, so we hope all of these new and upcoming APIs will be useful for you as well.

Context Menu


When disabling the context menu through the Content Protection API, a dedicated contextMenu event is now emitted with selected text (if any) and coordinates. This should allow apps to handle the context menu in their own way.

This is a common feature in many applications, and we are glad to finally provide it.

Check out the new listener for more details.

Peripherals


As we needed to cover shortcuts for developer tools, print, save, etc., we built all the necessary infrastructure to support keyboard peripherals.

This was turned into its own API, allowing developers to provide keyboard shortcuts for navigation and other actions (bookmarks, opening the table of contents, etc.).

Both the parent window, in which your app lives, and the publications’ resources are automatically handled so that you do not need to worry about it. This API was also designed in a way that things remain consistent across contexts and we do not accidentally get them out of sync in future developments.

You provide a type you want to listen to, a list of key combinations and that is it. This will now appear in the new peripheral listener Navigator provides.

Check out the Keyboard Peripherals documentation for more details.

Technical updates and breaking changes

  • The Content Protection API does not enable any protection by default. You need to explicitly enable the features you want to protect.
  • Some monitoring features, namely scrolling and snapping patterns, are still experimental and subject to change. We warmly welcome your ideas, inputs, and feedback to improve them.
  • Peripherals API is subject to change as well because we need to resolve a conflict between keyboard events and interactive elements within the publication.
  • Thorium Web 1.1.5 implements a subset of the API in global Preferences, specifically the restriction of copy/paste, print, save, drag and drop, right-click and developer tools. The monitoring features will be added in a future release as part of a higher-level API.
  • Thorium Web will migrate to the Peripherals API in a future release, once the aforementioned conflict is resolved.

The new versions are available on NPM:

Read next