Script sandboxing

There are two cases within the system that allow the client to send scripts to the server for evaluation.

  • Filters and/or queries: It is legal to send a filter to the server which reads something like this - assigned_to=javascript:getMyGroups().
  • System API: The API call AJAXEvaluate allows the client to run arbitrary scripts on the server and receive a response.

If you enable script sandboxing, the script being evaluated via either of these two entry points runs within a reduced rights sandbox with the following characteristics:

  • Only those business rules marked client callable are available within the sandbox.
  • Only those script includes marked client callable are available within the sandbox.
  • Certain API calls (largely but not entirely limited to those dealing with direct DB access) are not allowed.
  • Data cannot be inserted, updated, or deleted from within the sandbox. Any calls to current.update(), for example, are ignored.

If you run the system without script sandboxing enabled, then none of these restrictions apply.

Note: This property is activated by default when you activate the High Security Settings plugin. Do not activate this property outside of the plugin.
Property Default

Run client generated scripts (AJAXEvaluate and query conditions) inside of a reduced rights "sandbox".

If enabled, only those business rules and script includes with the Client callable checkbox set to true are available and certain back-end API calls are disallowed.

Enabled (sandbox in use)