In an effort avoid using eval() I need to execute javascript commands that have been constructed in Keyboard Maestro. I know that text tokens cannot be used in script text. (No, window.KeyboardMaestro.GetVariable() does not solve my problem.) So I tried the obvious, storing javascript commands in a temporary file and then executing that file. But when I pass the name of the script file as a variable to an Execute a JavaScript action it fails.
Example:
The file /tmp/kbm.p7oyWj.js contains one line:
document.getElementById('p11').innerHTML = "Test";
In the script below the first Execute a JavaScript action fails. The second Execute a JavaScript action succeeds. The only difference is that in the first instance the file path is passed as a variable.
Am I correct that both of these restrictions are intentional and security related?
There is a straightforward workaround: Hardcode the name of the file, create the temporary file, and then mv the temporary file to the hardcoded name before executing the javascript call. Does anyone have a more elegant solution?
Some KM action text entry fields evaluate tokens or expressions, and some don't.
When the cursor enters a field, we can look for the single-character glyph which appears at top right:
-
T – text tokens evaluated in this field
-
C – numeric calculation functions evaluated in this field
The Script file field there displays neither C or T - in other words, it's a literal (not evaluating) field.
The trick might be DIY evaluation – osascript "Keyboard Maestro Engine" doScript over an XML version of that action with a string (for that property) constructed at run-time.
or in JavaScript:
UPDATE
I was looking at the wrong field – the file selection field does indeed evaluate Text tokens.
Might it be a missing path separator ?
In any case, the XML solution should, in principle, be one route to assembling and passing a string literal path at run-time.
1 Like
Thanks for the feedback. I'm aware of the C/T indicator, and at least in some other places tokens are evaluated for filenames. For example, the following works, properly displaying the contents of /tmp/kbmtest.txt to a window.
Thanks for the do script suggestion. I use that from time to time, but I don't think that it fixes my current particular problem. %TriggerValue% won't evaluate in the file specification.
I can do it by moving the tmp file to a path specified as a string literal, which is easy, so I'm not stuck. Temporary files with unique names avoid collisions, but I don't think that will be a big problem. I'll probably just use a shell script to move the temp file (built over time) into the location specified as a string literal immediately before using it, then delete it immediately afterward.
I suppose that mostly I'm curious about the restriction. Maybe Peter will chime in, but I suspect this is part and parcel with not allowing variables in script text.
1 Like
Should you find yourself with the need, execute text as JavaScript:
