Hello,
We are developing an application which handles business logic for
telemarketing scripts. We would like to make the application configurable
for end-users, and have developed an XML format for storing the
telemarketing scripts, what could be edited by non-programmer (or basic
level programmer) user.
To enable more powerful configurabilty, we would like to create section
where user could write code in JScript, that would be run in strongly
controlled environment and would have access to some basic DOM of the script
that is being extended - that way user could extend the script behaviour,
writing his own simple event handlers in the simple language of JScript.
So, we need to implement solution, where
- string with JScript code could be given to some kind of engine
- the script is run in limited environment - not allowed to do anything
beyond JScript capabilities. No access to any external class
- have single interface to communicate with outside: a class with indexer
and set of methods/properties.
The possible JScript code could look like this:
var a = Script.externalVar; // Global Script object is the interface to
communicate outside the box. Here, the string Get indexer of external class
would be called with "externalVar" in argument. It returns one of standard
JScript variable types.
var b = a + 100 + " apples";
Script.anotherVar = b; // Here Set indexer is called
All the solutions we have found on the internet are connected with taking
this JScript string and dynamically assembling a class. I see it as quite
risky approach - the layman-made script should not be treated as .NET cote
and compiled. Also, there could be posslible security holes making the
imported JScript able to access application classes. I'd really think that
we need interpreter here, instead of compiler. Also, we are looking for
scalable solution, because it is possible that we would use this approach
also in some web applications.
Has someone attempted to do such thing?
Thanks,
Pavils