Pass script file name to Execute JavaScript action

In an effort avoid using eval() I need to execute javascript commands that have been constructed in Keyboard Maestro. I know that text tokens cannot be used in script text. (No, window.KeyboardMaestro.GetVariable() does not solve my problem.) So I tried the obvious, storing javascript commands in a temporary file and then executing that file. But when I pass the name of the script file as a variable to an Execute a JavaScript action it fails.

The file /tmp/kbm.p7oyWj.js contains one line:
document.getElementById('p11').innerHTML = "Test";

In the script below the first Execute a JavaScript action fails. The second Execute a JavaScript action succeeds. The only difference is that in the first instance the file path is passed as a variable.

Am I correct that both of these restrictions are intentional and security related?

There is a straightforward workaround: Hardcode the name of the file, create the temporary file, and then mv the temporary file to the hardcoded name before executing the javascript call. Does anyone have a more elegant solution?

Some KM action text entry fields evaluate tokens or expressions, and some don't.

When the cursor enters a field, we can look for the single-character glyph which appears at top right:

  • T – text tokens evaluated in this field
  • C – numeric calculation functions evaluated in this field

The Script file field there displays neither C or T - in other words, it's a literal (not evaluating) field.

The trick might be DIY evaluation – osascript "Keyboard Maestro Engine" doScript over an XML version of that action with a string (for that property) constructed at run-time.

or in JavaScript:


I was looking at the wrong field – the file selection field does indeed evaluate Text tokens.

Might it be a missing path separator ?

In any case, the XML solution should, in principle, be one route to assembling and passing a string literal path at run-time.

1 Like

Thanks for the feedback. I'm aware of the C/T indicator, and at least in some other places tokens are evaluated for filenames. For example, the following works, properly displaying the contents of /tmp/kbmtest.txt to a window.

Thanks for the do script suggestion. I use that from time to time, but I don't think that it fixes my current particular problem. %TriggerValue% won't evaluate in the file specification.

I can do it by moving the tmp file to a path specified as a string literal, which is easy, so I'm not stuck. Temporary files with unique names avoid collisions, but I don't think that will be a big problem. I'll probably just use a shell script to move the temp file (built over time) into the location specified as a string literal immediately before using it, then delete it immediately afterward.

I suppose that mostly I'm curious about the restriction. Maybe Peter will chime in, but I suspect this is part and parcel with not allowing variables in script text.

1 Like

Should you find yourself with the need, execute text as JavaScript: