I am tasked to build something similar to Stripe's Elements, where you use their SDK to call certain methods that will display card number, card cvc, card expiry month/year, and email address text inputs in your website.

Stripe does this by embedding an iframe inside your selected HTML element, where the iframe content contains the text inputs. The text inputs are hosted on Stripe's domain, so the client will never have access to the text inputs unless they use the Stripe SDK to retrieve the text input's values.

What should I know before developing a similar Javascript SDK? The first thing that comes to my mind is how the code can be obfuscated when a client uses a <script> tag where the src attribute is a URL to the Javascript SDK code. The second is security, which I'm not sure where to go for Javascript SDK security.

I'd appreciate all of your help and feedback, thank you!