×

Script Security

Omni Automation is a powerful tool for automating the use of the suite of Omni productivity applications. Nearly all the abilities of these great applications can be accessed and automated in order to interact with Omni applications, documents, and the data they contain.

To provide interoperability with 3rd-party applications and data sources, Omni Automation implements a URL protocol that enables Omni Automation scripts to be “sent” directly to Omni applications for execution. 3rd-party applications and webpages can create and execute Omni Automation URLs that contain scripts that access both the abilities of Omni Automation and Core JavaScript.

With so much control and access to data available to scripts, it is important to ensure that “external scripts” (those from 3rd-party apps and webpages) are executed with your direct review and approval. And it is also crucial that once you’ve indicated that an external script is approved, that any security interface get out of the way and not interfere with your automated processes.

The Omni Automation security protocols are designed to meet those expectations and provide a secure environment for your automation tools.

Configuring the Execution of External Scripts

By default, the execution of external Omni Automation scripts is disabled. (Note: this restriction is for external scripts only and does not apply to Omni Automation plug-ins you’ve installed yourself.)

On iOS and iPadOS the following dialog is displayed if an external script attempts to execute:

external-sript-warning-ios

On macOS the following dialog is displayed if an external script attempts to execute:

external-scripts-disabled

Clicking the “Configure…” button will summon the Automation Settings dialog (shown below).

Automation Configuration Settings on macOS

The panel containing the controls for external scripts can be summoned by either clicking the “Configure…” button displayed in the script security alert dialog (shown above) or by selecting the “Configure…” menu item from the application’s Automation menu.

Here is the Automation Configuration panel on macOS:

automation-configuration-dialog

 1  Selecting this control will allow external applications and webpages to send Omni Automation script URLs to the application for processing.

 2  Selecting this control will clear the list of approved scripts, requiring all previously approved scripts to be re-approved.

 X  The tab control for switching between the Plug-In management view and the Security view.

Automation Configuration Settings on iOS/iPadOS

On iOS and iPadOS the panel containing the controls for external scripts can be summoned from the Settings menu > Configure Plug-Ins > Security:

ios-security-settings

 1  Link back to Configure Plug-Ins panel

 2  Selecting this control will allow external applications and webpages to send Omni Automation script URLs to the application for processing.

 3  Selecting this link will clear the list of approved scripts, requiring all previously approved scripts to be re-approved.

Individual Script Approval

The design of the Omni Automation security for the execution of external scripts requires you to review each external script at least once. If a script is approved and executed, you won’t be prompted to review it again.

On all platforms (iOS, iPadOS, macOS) the displayed script must be viewed in its entirety prior to the execution control being enabled.

macOS

script-approval-sheet

 1  The script approval dialog contains the controls for approving and for disallowing or allowing the execution of the script whose code is presented in the dialog window. This dialog will appear automatically unless the script has been approved during a prior execution.

 2  The script and argument code. The script argument only is shown if the script URL incorporates the use of the argument parameter. Script URLs using the argument parameter enabled scripts that process a different data set each time, to be approved for execution without re-approval.

 3  Select this control to add the displayed script/sending app pairing to the list of approved scripts not requiring security interaction.

 4  The button for allowing the execution of the presented script will not be enabled until either the script has been fully scrolled in the view, or that the view has been resized to reveal the entire script.

 5  The Cancel button will halt the approval/execution process without saving any settings.

iOS/iPadOS

script-approval-dialog-ipados

 1  The script approval dialog contains the controls for approving and for disallowing or allowing the execution of the script whose code is presented in the dialog window. This dialog will appear automatically unless the script has been approved during a prior execution.

 2  The script and argument code. The script argument only is shown if the script URL incorporates the use of the argument parameter. Script URLs using the argument parameter enabled scripts that process a different data set each time, to be approved for execution without re-approval.

 3  Select this control to add the displayed script/sending app pairing to the list of approved scripts not requiring security interaction.

 4  The Cancel button will halt the approval/execution process without saving any settings.

 5  The button for allowing the execution of the presented script will not be enabled until either the script has been fully scrolled in the view, or that the view has been resized to reveal the entire script.

IMPORTANT: once a script/sending application pair has been approved, no security interaction will occur during subsequent executions of the script by its hosting application.

Example Video

The following video demonstrates how an external script can approve and executed, and run again without re-approval.

Example Script

The example embedded webpage script demonstrated in the video is detailed in the next page.