HTML5 Security and DRM

HTML Security: Protecting HTML Code and Content

Protect IP

Secure PDF documents without useless passwords:

Stop unauthorized access
Stop sharing and distribution
Strong US Gov strength encryption, DRM and licensing controls

Restrict Use

Set Expiry

Revoke Access

Watermark

Log Use

Comply Law

Benefits

Free 15 Day Trial

Protect PDF documents

Stop unauthorized access and sharing
Control use – stop printing, copying, editing, etc.
Lock PDFs to devices, countries, locations
User and PDF expiry, revoke files at any time

What is HTML5 security?

HMTL5 delivered major improvements over the ever-vulnerable Adobe Flash, but no system is perfect. The term HTML security is generally used to refer to one of two areas:

Preventing common web site/ web app attacks such as cross-site scripting (XSS), clickjacking, tabnabbing, and HTML injection.
Protecting HTML code and content from piracy and misuse.

Protecting against attacks on HTML5 apps

Protecting HTML5 web pages and web apps from attackers requires careful development and use of various techniques largely dependent on context. Some of the more common techniques used to protect web apps that utilize HTML5 include:

Encryption: While not specifically part of HTML5, HTTP encryption (HTTPS/TLS) to authenticate websites and secure users against man-in-the-middle attacks.
Sandboxes: Where it is necessary to use an iframe to external pages, web developers can use the sandbox attribute to prevent hostile users from running malicious code, submitting forms, accessing cookies, or accessing local storage to steal user or sensitive information.
Content security policy: While not technically part of HTML5, content security policy (CSP) is used in tandem with it to specify which sources browsers should consider valid for images, scripts, stylesheets, and more. This helps to reduce the risk of attackers performing cross-site scripting (XSS attacks).
Sub-resource integrity: SRI helps verify the integrity of external resources you load into your webpage. You prevent corrupted or compromised resources from loading by comparing the resource to its hash.
Access control: Cross-origin resource sharing (CORS) allows developers to control how and whether web apps at one origin request resources from another. Retrieving and sharing resources is often necessary, but CORS can lead to vulnerabilities if they are misconfigured. Developers can use HTML5 Access-Control-Allow-Origin to specify which domains can access their resources and Access-Control-Allow-Methods/Headers to control the resources your site can request.
Web cryptography API: A specification for HTML5 for basic cryptographic functions such as hashing, signature generation, encryption, and decryption to increase security and verify the integrity of information.

On top of all this, of course, the server that hosts the code must be secure. A fully compromised server would allow an attacker to bypass any of these protection measures, downloading copyrighted content directly from the server or adding links to malware.

Protecting HTML code and content from piracy and misuse

Protecting the contents and code of a webpage is a more difficult but very pertinent prospect. There are generally two ways to protect content from being extracted from a webpage:

Digital rights management: HTML5 DRM, such as Encrypted Media Extensions (EME) looks to protect web content from piracy and misuse.
Obfuscation and feature restriction: Developers can use various methods to make content harder to find and extract using JavaScript, HMTL, and CSS.

DRM is typically used to protect media, while obfuscation and restrictions are better suited to online documents, flipbooks, and ebooks.

How effective is HTML5 DRM?

HTML5’s DRM support has a dramatic history, but as of 2023, W3C includes it in its standard. All major browsers support Encrypted Media Extensions (EME), which allow browsers to play DRM-wrapped content from streaming services using HTML5 video.

Google’s Widevine content decryption module builds on EME and is used in Chromium and Firefox browsers and by companies such as Netflix, Disney+, Max, Amazon Prime, and more.

Widevine and EME make it harder for pirates to obtain high-quality copies of videos and potentially audio, but they aren’t infallible – for content to be streamed in the browser, it has to be decoded first and this enables hackers to easily strip the DRM.

DRM in HTML5 has several issues:

Widevine L3, which delivers content at lower than 720p, is easily bypassed using a freely available extension to download content.
Pirates have also cracked Widevine L2 and L1, hence the wide variety of high-quality rips on piracy sites.
Users can download dedicated browsers or install video downloader software to bypass DRM protected video. Examples of this include StreamFab Downloader which enables users to download MP4 protected videos in up to 8k quality from Netflix, Amazon, Disney+, Hulu and many more.
It is possible to obtain high-quality copies of content even without technical knowledge using a dedicated screen capture device.

However, the bigger elephant in the room is that EME doesn’t protect all types of content. In fact, it is used almost exclusively to protect video, which makes only a portion of content published online. Other methods are required to protect text, images, etc.

HTML5 flip book, data room, and ebook security

While the DRM included in the HTML5 standard is not designed to protect text and images, developers aren’t restricted to using out-of-the-box DRM solutions. This is important because users may be using web apps to work with sensitive data or to deliver ebooks an other copyrighted content to customers.

There are various ways HTML5 ebooks, flipbooks, and data rooms add some protection to text content online:

Content obfuscation: This is the primary way flipbooks try to protect their content. You try to hide the original text or file from the end user by splitting text into small pieces, unintuitively naming elements, etc.
JavaScript/AJAX: Developers can use Ajax and JavaScript code to fetch content dynamically as required rather than load it in advance. This can result in a more sluggish user experience, making it harder for users to obtain content as they can’t just download the entire HTML page and expect it to work.
Rendering text as an image: Text, images, multimedia content, and the background are merged into a single image layer. This makes it harder for users to edit the document as they can no longer modify the text directly and means that the original, editable file is usually not transmitted to the user.
Disabling browser functionality: Developers use JS, HTML, and CSS to disable text selection and context menus while blanking out printed copies and disabling download buttons.

HTML’s content security issues

The methods above sound okay on paper, but they are workarounds born from a lack of good copy protection tools for text content. Users can install browser plugins or use their browser’s developer mode to bypass JavaScript controls – see how secure are flipbooks, Google Workspace security, and online data room security for examples of this.

They can also automatically collect images into separate pages and turn them back into text via an OCR tool.

Content obfuscation, meanwhile, is only effective until somebody works out the trick, which doesn’t take long when users can freely inspect your code.

Stop piracy and misuse with Locklizard Safeguard

Locklizard Safeguard is a DRM application designed to protect text and image content in the PDF format. It enforces editing, printing, sharing, and copying controls that cannot be bypassed.

Control document use
DRM controls ensure you can easily prevent document leakage, misuse, and piracy by having total control over the use of your documents.
- Stop screen grabbing.
- Stop printing. Prevent hard copies of documents being illegally distributed, or limit the number of high quality prints allowed.
  If you allow printing you can apply dynamic watermarks (user and system info automatically inserted at print time) to discourage photocopying and subsequent distribution.
- Expire documents automatically after a number of days use, views, prints, or on a fixed date.
  By using expiry you can ensure that content can no longer be accessed after a certain time period, automatically enforcing document retention periods and policies. Individual users can also be given different access periods for the same document.
- Revoke documents and user access instantly, regardless of where they are located.
  Prevent documents that are no longer valid from being accessed. Instantly stop users who have left the company and inactive third parties from accessing your confidential documents.
Device & location locking
Prevent document leakage by tightly controlling the devices and locations your documents can be accessed from.
- Documents are automatically locked to authorized user devices so that they cannot be shared with others.
- Lock use to locations (e.g. the office) to prevent use on BYOD outside authorized locations or to facilitate secure sharing with trusted third parties.
- Control the number of devices your documents can be used on.
Track Document Use
Track document views and prints to see what documents users are actively using.
See when documents were opened, who viewed them, on what devices and from where.
See how often they are being used and instantly revoke access if you think they are being misused.
No Passwords or Plugins
There are no passwords or codes for users to enter, so users cannot share protected documents and the passwords to open them with others. Why you should not password protect PDF files.
Keys are transparently and securely transferred to authorized devices and locked to those devices so they cannot be shared.
We don’t use plugins to existing applications. We use our own secure viewers so you can be confident your protected documents will continue to be accessible after application updates and are not compromised by other plugins.
Dynamic Watermarks
Add dynamic watermarks to viewed and/or printed pages. Dynamic variables are replaced by user data at print/view time.
You only have to protect a document once for all users rather than having to protect documents individually for each user in order to display unique user information (name, email, etc.).
Simple to use
Our document DRM software is simple to use – secure documents by right clicking on them in Windows File Explorer, or automate protection of documents using command line.
The choose your copy protection options from Safeguard’s tabbed dialog. Unlike Microsoft RMS, and other Rights Management Systems, there is no need to worry about setting up complex policies.
Manage users and document access from a web portal and delegate admin duties to multiple administrators.

Though Locklizard is not a like-for-like replacement for HTML5 security, it allows businesses to offload sensitive and revenue-driving content into a separate, secure PDF file for distribution. Read our customer testimonials and case studies to see why thousands of organizations use Locklizard PDF security to securely share documents and securely sell PDF files.

Download your 15-day free trial to start protecting your sensitive and confidential business documents from unauthorized sharing today.

FAQs

Can I password protect a HTML5 page to secure my content?

While you can password protect access to a page, this isn’t a good way to secure content from unauthorized sharing. Users you provide the password to can intentionally or unintentionally share it with others, granting access to the webpage. They could also download the webpage after logging in and distribute it.

Is HTML5 more secure than Flash?

Yes, though that isn’t saying much. Towards the end of its life, Flash had various critical vulnerabilities, including ones enabling remote code execution. Adobe was far too slow to patch these security threats, leading to widespread attack attempts. Its DRM was also ineffective despite attempts to improve it in 2010.

HTML5s security track record is much better, but it still fails to offer a meaningful way to protect web content. Though Widevine makes it somewhat more difficult to pirate video, text and image protection largely relies on tricks and workarounds that are easily bypassed.

Is HTML5 more secure than PHP?

HTML5 and PHP are very different languages that are difficult to compare from a security perspective. PHP is primarily a server-side language, whereas HTML5 is client-side. PHP is rarely utilized in websites and web applications without at least some HTML.

As they cover different aspects of web development, HTML5 and PHP have different security concerns. Poor implementation of PHP can lead to server-side code execution, SQL injection, session hijacking, etc. HTML5 can be exploited for XSS, clickjacking, and more.

Is Widevine security level 1 good?

Widevine L1 is the highest level of security the solution offers. It is good at preventing an average person from downloading content, but it hasn’t stopped determined pirates, who post Widevine-protected content as soon as it airs.

Does Locklizard protect webpages?

No. Locklizard protects content exclusively in PDF format. This can include webpages you have printed to PDF, but not webpages themselves.

Which browsers support HTML 5?

All modern browsers support HTML 5, including Chrome, Edge, Firefox, Safari, Opera, Brave, and more.

Customer Testimonials

We needed to deliver e-book versions of our handbooks while not compromising on security and digital rights. Safeguard PDF security is easy to use and intuitive.

The implementation was painless and we now have a greener, more secure way of distributing training manuals.
Locklizard’s PDF protection is exactly as described – the features are highly effective and I would give it 5 stars.

I would recommend Locklizard to others - their security is simple to use and fit for purpose. It meets common needs of businesses who have information they want to protect.
We would be happy to recommend Locklizard to any company needing a flexible way to secure PDF files.

Safeguard PDF Security has provided us with a very workable solution for sharing of information in a secure fashion. The support has been excellent and very accommodating.
We can cut accounts for a user five minutes before his class starts and he is ready to go. Happy smiling customer, while we still have security and personalized watermarking.

I have immense respect for the product and Locklizard provide great customer satisfaction and service.
We would recommend Safeguard to other companies for its security, cost and ease of use. It does what we expected it to do and more.

Ease of use is a bonus and the implementation was very easy. The product manual is excellent and Locklizard staff are very accommodating.
We sell a highly valued educational product in an open and competitive market so it was important to ensure we had effective security to protect our digital rights.

We highly recommend Locklizard - a professional company with a competitive and professional PDF Security product.
We would absolutely recommend both Locklizard as a company, and Safeguard PDF Security. It has transformed our study materials to the next level.

Not only did this increase sales, but we also believe that it has increased our customers’ ability to learn, which is even more important!
We would recommend Locklizard Safeguard to other companies that need to protect PDF reports. Customers have found the process of accessing the protected documents to be seamless.

Implementation was easy and technical support has been very responsive to requests for help.
Our company would without reservation recommend Locklizard. Their document DRM software opens up delivery of our new products in a timely fashion while knowing that the content will remain secure.

The return on investment to our company has been immediately evident.
We use Safeguard to make sure that documents cannot be opened outside our local network or from a unauthorized computer in order to copy or print the documents.

It is the most feature rich, affordable, & simple to use PDF security product on the market.
Safeguard PDF Security is simple to administer and meets our needs, consistently delivering secured manuals to our customers with ease.

Return on investment has been elimination of many man hours, printing resources and postage – it is estimated that costs decreased by 50% or more.
We would really recommend Safeguard PDF Security to every publishing company for managing ePubs or e-books securely. It is easy to secure PDF files and simple to distribute them to our authorized customers only.

Locklizard also provides a good customer support experience.
The ROI for us is incalculable. We have the security of knowing that our proprietary documents are secure. This is the entire value of our company.

I would most certainly recommend your PDF security product and already have. The ease of implementation was surprising.
We can now sell our manuals without the need to print them first, saving time, money and helping safeguard the environment.

We would recommend Safeguard PDF DRM – it is the perfect solution to sell and send e-documents securely whilst making sure someone cannot copy them.
We would recommend Locklizard to other companies without hesitation.

Their PDF DRM products provide a manageable, cost effective way to protect intellectual investment and they are always looking for ways to improve them. Moreover, their staff provide an excellent level of support.

Try Safeguard today

Start protecting your PDF files and documents from sharing & piracy

PRICING

Purchase & Pricing
Instant Quote

RESOURCES

FAQs
Locklizard Blog
Knowledgebase
Security Guides
White Papers
Viewer Demo
Videos

DOWNLOADS

Secure Viewers

Writers
Product Manuals
FREE Trial

ABOUT US

About Us

Our DRM Technology

What is DRM?

Customers

Locklizard vs Competitors

Secure Data Rooms

Company Brochure

CONTACT

sales@locklizard.com
support@locklizard.com

Business Hours:
Mon – Fri: 8AM to 5PM EST
Tel (US): +1 844 569 7907
Tel (UK): +44 (0)7380 274238

	Web Page Security
	Web Page Encryption
	Html Security
	Html Encryption
	Html Password Protection
	Web Page Login
	Web Login
	Web Access Login
	Web Page Access Control

	Security Learning Center
	Document Security Papers
	Information Security Glossary
	Regulatory Compliance
	Intellectual Property Theft