Making Applications Scriptable▲
Qt provides support for application scripting with JavaScript. The following guides and references cover aspects of programming with JavaScript and Qt.
Scripting Classes▲
The following classes add scripting capabilities to Qt applications.
-
QJSEngine: The QJSEngine class provides an environment for evaluating JavaScript code.
-
QJSPrimitiveValue: The QJSPrimitiveValue class operates on primitive types in JavaScript semantics.
-
QJSValue: The QJSValue class acts as a container for Qt/JavaScript data types.
-
QJSValueIterator: The QJSValueIterator class provides a Java-style iterator for QJSValue.
Basic Usage▲
To evaluate script code, you create a QJSEngine and call its evaluate() function, passing the script code (text) to evaluate as argument.
QJSEngine engine;
qDebug() &
lt;&
lt; "the magic number is:"
&
lt;&
lt; engine.evaluate("1 + 2"
).toNumber();
The return value will be the result of the evaluation (represented as a QJSValue object); this can be converted to standard C++ and Qt types.
Custom properties can be made available to scripts by registering them with the script engine. This is most easily done by setting properties of the script engine's Global Object:
engine.globalObject().setProperty("foo"
, 123
);
qDebug() &
lt;&
lt; "foo times two is:"
&
lt;&
lt; engine.evaluate("foo * 2"
).toNumber();
This places the properties in the script environment, thus making them available to script code.
Making a QObject Available to the Script Engine▲
Any QObject-based instance can be made available for use with scripts.
When a QObject is passed to the QJSEngine::newQObject() function, a Qt Script wrapper object is created that can be used to make the QObject's signals, slots, properties, and child objects available to scripts.
Here's an example of making an instance of a QObject subclass available to script code under the name "myObject":
QJSEngine engine;
QObject *
someObject =
new
MyObject;
QJSValue objectValue =
engine.newQObject(someObject);
engine.globalObject().setProperty("myObject"
, objectValue);
This will create a global variable called myObject in the script environment. The variable serves as a proxy to the underlying C++ object. Note that the name of the script variable can be anything; i.e., it is not dependent upon QObject::objectName().
Implications for Application Security▲
The security model of application scripting with JavaScript follows the same model as for C++ code: the user installs scripts to run that they trust in the same way as they install Qt applications.
In order to preserve the trust of users, application developers should not evaluate arbitrary JavaScript code. The JavaScript engine's sandbox is only a semantic barrier. The script is evaluated in the same process and with the same privileges as the rest of the application and shares the same memory. As a consequence, C++ objects exposed to scripts are accessible without additional security guards.