Using Watir and Ruby2Exe together

J

Jim Clark

I've been asked to help solve a browser issue that I think Watir and
Ruby2Exe may be able to solve. However, I ask the group for a quick
reality check before proposing a solution and heading into the deep
unknown (at least for me).

There is a browser based application written in Flash Action Script that
needs to write an XML file to the local disk. Picture a salesman with a
USB flash drive that he can use at a customer's site. All the files are
on the flash drive and a remote server is never contacted so the
application is completely client side. To start the application, a
browser is fired up and the local file opened from the flash drive which
is a form with several list boxes that the customer can choose various
options and then submit the form. What should happen is a XML file is
then written to disk which the application uses in several ways further
downstream including applying an XSLT transformation to display the results.

The specification targets IE6, IE7 and Firefox running on XP and Vista.
The catch is that none of these browsers allows files to be written to
disk for security reasons regardless if Java applets, JavaScript,
ECMAScript, etc. are used. So the problem is once the form is submitted
and the Flash Action Script has the output XML ready, how to circumvent
security and get the XML file written to preferably the same drive and
directory the application was launched from.

Having never programmed in Flash Action Script, my first hopefully
correct assumption is that Flash will be able to call an executable
created by Ruby2Exe from the browser to execute it. If so, the
executable could be Watir programmed to open a new browser window,
Action Script sending the XML output to the browser window, and then
Watir doing a "Save Page As...", and then Watir closing the browser
window and returning control to the Flash application to do its thing
from there.

A key assumption in this sequence is that once Watir opens the browser
window, Action Script can communicate with the new window to pipe the
XML output (standard UTF-8) to it. Perhaps a simpler scenario is if
Action Script can open the executable and pass through ARGV either the
XML output or the form parameters (if the XML is too big for ARGV), Ruby
can do all the lifting without Watir and simply create and/or write the
output file.

Is what I described possible? Are there other solutions for
accomplishing this? The application is nearing completion and this piece
is becoming trickier than expected.

Thanks in advance!

-Jim
 
P

Phillip Gawlowski

Jim said:
The specification targets IE6, IE7 and Firefox running on XP and Vista.
The catch is that none of these browsers allows files to be written to
disk for security reasons regardless if Java applets, JavaScript,
ECMAScript, etc. are used. So the problem is once the form is submitted
and the Flash Action Script has the output XML ready, how to circumvent
security and get the XML file written to preferably the same drive and
directory the application was launched from.

Having never programmed in Flash Action Script, my first hopefully
correct assumption is that Flash will be able to call an executable
created by Ruby2Exe from the browser to execute it. If so, the

Flash won't be able to do that. Firstly, Adobe would make it trivial to
create malicious website, and secondly, Flash is handled just like any
other browser plug-in. If you want to use a browser exploit, you are on
the wrong list.
executable could be Watir programmed to open a new browser window,
Action Script sending the XML output to the browser window, and then
Watir doing a "Save Page As...", and then Watir closing the browser
window and returning control to the Flash application to do its thing
from there.

A possible solution would be a multi-threaded Ruby application, which a)
starts the browser (from the USB thumbdrive, for example) and b) polls
the browser if the XML file is ready, and then writes it to the
thumbdrive / any other place.
A key assumption in this sequence is that once Watir opens the browser
window, Action Script can communicate with the new window to pipe the
XML output (standard UTF-8) to it. Perhaps a simpler scenario is if
Action Script can open the executable and pass through ARGV either the
XML output or the form parameters (if the XML is too big for ARGV), Ruby
can do all the lifting without Watir and simply create and/or write the
output file.

I very much doubt that this will work, for various security reasons.
It's probably a smart idea to ask this question on security-basics on
securityfocus.com

Keep in mind though, that you should restrict all activity to your
hardware, and don't use a customer's system. Not even with permission.
The sysadmins probably won't take kindly to anything that accesses their
systems, for various (security related) issues.

Again, refer your questions to security-basics, too.
Is what I described possible? Are there other solutions for
accomplishing this? The application is nearing completion and this piece
is becoming trickier than expected.

P5: Proper Planning Prevents Poor Performance.

The only thing that comes to mind, would be to pop up a Save as.. dialog
from within ActionScript, if possible. Anything beyond that is more
likely than not outside of ActionScript's control, but could be
"captured" by using Watir / FireWatir.

To me, though, this concept smells like bad planning by the higher-ups.

--
Phillip "CynicalRyan" Gawlowski
http://cynicalryan.110mb.com/
http://clothred.rubyforge.org

Eek! That was supposed to be My Special Law, _MY_ special law, I tell
you!

T/
 
J

Jim Clark

Phillip said:
P5: Proper Planning Prevents Poor Performance.
When I was in the military, the drill sergeants would harp upon the 6
P's of Proper Planning. You're version is a bit nicer.

Thanks for the advice.

-Jim

P.S. - How do you change your sig line every time?
 
P

Phillip Gawlowski

Jim said:
When I was in the military, the drill sergeants would harp upon the 6
P's of Proper Planning. You're version is a bit nicer.

I know that variant, too, but I don't want to upset anyone casually. :p
Thanks for the advice.

You are welcome.
-Jim

P.S. - How do you change your sig line every time?

With the Signature Switch extension for Thunderbird:
https://addons.mozilla.org/de/thunderbird/addon/611


--
Phillip "CynicalRyan" Gawlowski
http://cynicalryan.110mb.com/
http://clothred.rubyforge.org

Rule of Open-Source Programming #1:

Don't whine unless you are going to implement it yourself.
 
J

Jim Clark

In the haze of an early breakfast coupled with little sleep, I realized
that the solution to this problem wasn't about forcing the browser to do
something it is explicitly designed not to do. Rather, the key is to get
the client PCs to act like a server which is when I had the head
slapping moment of thinking about the Ruby one-click installer. It can
be put on a Flash drive, it will execute on Windows XP and Vista, any
browser can be used to view the HTML pages from Apache, and it really
beefs up the infrastructure with many features including having a MySQL
database to store info and extract the data from. The problem of saving
an XML file to disk completely disappears when viewed from a server side
perspective.

-Jim
 
J

Jim Clark

Ganesh said:
Why not use Adobe apollo
(http://labs.adobe.com/wiki/index.php/Apollo)? You can easily bundle a
flash file to apollo archive/standalone and you get a standalone
application. Apollo has webkit inbuilt and doesn't need a particular
browser to be installed in the client machine. Your application might
even work in Mac :D

Apollo can easily talk with the local filesystem.
http://labs.adobe.com/wiki/index.php/Apollo:Articles:Apollo_Local_File_System
This is very interesting. I'll show this to the Action Script developers
to see if they have seen it. Since it is still Alpha quality, I can't
recommend using now based a higher probability of running into new bugs,
stability issues and I didn't see anything regarding Adobe's licensing
intentions such as will these be releasing under an open source license
or what they will be charging for it when it is production quality. I
was also a bit concerned by the requirement for Windows Vista Home
Premium Edition instead of just Windows Vista. Not sure why the exact
requirement there but I would feel completely foolish to build something
with this to find that it doesn't run on Windows Vista Ultimate or other
editions in use.

It will certainly be on my watch list now for similar projects in the
future though once it matures.

Regards,
Jim
 
G

Ganesh Gunasegaran

I didn't see anything regarding Adobe's licensing intentions such
as will these be releasing under an open source license or what
they will be charging for it when it is production quality.

There you go

Adobe open sources flex.
http://labs.adobe.com/wiki/index.php/Flex:Open_Source

Apollo runtime is free to use
http://labs.adobe.com/wiki/index.php/
Apollo:DeveloperFAQ#Is_Apollo_free_.28as_in_beer.29.3F

I feel apollo will also be open sourced in the near future.

Cheers,
Ganesh Gunasegaran.

On 26-Apr-07, at 10:47 AM, Jim Clark wrote:
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top