against hacker or expert. The data is always masked in frontend, the data will only be revealed in browser, when user requires to see the data. In the same time, the data can be sent to server for processing, as the data is always masked in frontend, it won't cause any security breach. #### Decryption logic When user clicks the reveal button, the data will be revealed. The logic consists of two parts as well. ##### Part 1 The passphrase is retrieved from server through JSONP call. ```javascript // define server passphrase JSONP path var passphrase_url = "http://localhost:3000/crypto/passphrase?callback=?"; // JSONP AJAX call to node.js server running on localhost:3000 $.getJSON(passphrase_url, function(data){ // retrieve passphrase var passphrase = data.passphrase; console.log("passphrase: "); console.log(passphrase); }); ``` ##### Part 2 The data is decrypted in browser side. ```javascript // retrieve masked data var encrypted_json_str = $("#data_store").text(); // decipher the masked data var decrypted = CryptoJS.AES.decrypt(encrypted_json_str, passphrase, { format: JsonFormatter }); // convert to Utf-8 encoded string var decrypted_utf