+1 vote
by (163k points)

I want to use the Bee Template API inside my Visualforce page. So, this is the code I used:

    //Visualforce Page
    <apex:page showHeader="false"
    <apex:form >
        <apex:pageBlock rendered="true"> 
            <div id="bee-plugin-container" style="overflow:auto; padding:5px;">

    <apex:includeScript value="https://app-rsrc.getbee.io/plugin/BeePlugin.js"/>
    <apex:includeScript value="https://johnresig.com/files/htmlparser.js"/>

    <script type="text/javascript">

    //Rest of the code

        function (token) {
          BeePlugin.create(token, beeConfig, function (beePluginInstance) {
            bee = beePluginInstance;
              function (template) {

    <!--Rest of the code-->


This is the code to initialize the Bee Template API. The value of clientId and clientSecret are stored as Custom Metadata Types and are retrieved in the controller apex class:

//visualforce controller apex class
global with sharing class TemplateMakerClass {
    public String clientId {get;set;}
    public String clientSecret {get;set;}
    public TemplateMakerClass() {
        clientId = PropertiesClass.getBeeClientId();
        clientSecret = PropertiesClass.getBeeClientSecret();

    //Rest of the code

In the PropertiesClass, metadata types are retrieved using SOQL queries. The code works fine. But, the problem I am facing is that, as clientId and clientSecret are used in the JavaScript code, it is exposed in the browser, ie, I can see values of both variables in the page source. Its showing a Information Disclosure Vulnerability issue when I submit app for security review because of this. So, how can I solve this? Is there any way to use the variables inside the JavaScript without exposing to browser?

1 Answer

Welcome to Memory Exceeded, where you can ask questions and receive answers from other members of the community.