Is there a way to execute a NSAppleScript for within sandboxed App?

Having got the App review feedback

> Performance - 2.4.5 - Your app requires or is designed to work with Apple Script which is either deprecated or an optional install.

I'm wondering whether there is a valid approach to use an AppleScript in any case?


Based on a recent discussion regarding Applescript Sandboxing the NSUserAppleScriptTask should be acceptable. Refering to the Sandbox guide

> Finally, your app can use the subclasses of NSUserScriptTask class to run user-provided AppleScript scripts out of a special directory,

> NSApplicationScriptsDirectory (~/Library/Application Scripts/code-signing-identifier/).

> Although your app can read files within this directory, it cannot write files into this directory; the user must manually place scripts here.

I thought that using Applescript might be valid under some cirumstances.


Any comments or pointers?

Replies

I thought that using Applescript might be valid under some cirumstances.

Well, yes, but the devil is in the details. Can you explain more about your app’s big picture, and how you’d like AppleScript to fit into that?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

The App recognizes the (dis-)appearance of the user in front of its screen and triggers two user-supplied scripts for locking/unlocking the screen.

The user him/herself is fully under control what happens in those two events as he/she can read/modify the two tiny AppleScripts.


This way forward has been introduced to avoid any hidden invisible system level interactions with the operating system....

At a technical level it sounds like NSUserScriptTask will do what you want. The user can install scripts that your app can discover and run based on triggers within the app.

However, there’s some subtlety related to default functionality that you’ll have to work through with App Review. I don’t work for App Review and thus can’t give definitive answers about edge cases like this.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I just had an app get rejected for offering the user a chance to install a script off my app's bundle into the application scripts directory. Not sure if there is an app store approved way of doing this other than posting scripts online somewhere and explaining to the user how to install them manually.

Sounds strange as from my point of view it is quite the opposite of session 710 / WWDC 2013.

Providing scripts on other web platforms should be more secure than distributing them in a well-documented and revisioned way?! I'll try to continue the discussion of the App Review team.

I guess their reasoning is that the scripts are the user's, not ours, so the user has to put them there....


This a bummer...especially for users who just want some additional functionality, but don't know how to write scripts. Assuming they do know how to script a bit (or just downloaded a script from the web), they also need to know how to find the Application Scripts directory in the hidden library folder. This is a bit much in my opinion.

Interesting new reply from Apple review team: even if the user have to install scripts on their own, the app is rejected as it refers to external scripts (not being delivered with the App).


For me it seems to be a chicken or the egg dilemma: you may not deliver any scripts which have to be installed by users versus the App is not providing full functionality without external scripts (due to sandbox restrictions).


BTW the easiest way is just to ignore the AppStore and provide the tool for downloading as installable package with PayPal link, sigh.

I guess you'd have to not mention the script in the app...and have the app function in some sort of capacity without the scripts (script would add "extended" functionality). It seems we are prohibited from providing such instructions in the app itself (put a script here....drag and drop a script and move it into the app support directory for the user...ect). They'd have to know that they can put a script in the app support directory; presumably they would be developers too or would have read instructions on your website?


Seems kind of militant.