Using Watir and Ruby2Exe together

I've been asked to help solve a browser issue that I think Watir and Ruby2Exe may be able to solve. However, I ask the group for a quick reality check before proposing a solution and heading into the deep unknown (at least for me).

There is a browser based application written in Flash Action Script that needs to write an XML file to the local disk. Picture a salesman with a USB flash drive that he can use at a customer's site. All the files are on the flash drive and a remote server is never contacted so the application is completely client side. To start the application, a browser is fired up and the local file opened from the flash drive which is a form with several list boxes that the customer can choose various options and then submit the form. What should happen is a XML file is then written to disk which the application uses in several ways further downstream including applying an XSLT transformation to display the results.

The specification targets IE6, IE7 and Firefox running on XP and Vista. The catch is that none of these browsers allows files to be written to disk for security reasons regardless if Java applets, JavaScript, ECMAScript, etc. are used. So the problem is once the form is submitted and the Flash Action Script has the output XML ready, how to circumvent security and get the XML file written to preferably the same drive and directory the application was launched from.

Having never programmed in Flash Action Script, my first hopefully correct assumption is that Flash will be able to call an executable created by Ruby2Exe from the browser to execute it. If so, the executable could be Watir programmed to open a new browser window, Action Script sending the XML output to the browser window, and then Watir doing a "Save Page As...", and then Watir closing the browser window and returning control to the Flash application to do its thing from there.

A key assumption in this sequence is that once Watir opens the browser window, Action Script can communicate with the new window to pipe the XML output (standard UTF-8) to it. Perhaps a simpler scenario is if Action Script can open the executable and pass through ARGV either the XML output or the form parameters (if the XML is too big for ARGV), Ruby can do all the lifting without Watir and simply create and/or write the output file.

Is what I described possible? Are there other solutions for accomplishing this? The application is nearing completion and this piece is becoming trickier than expected.

Thanks in advance!

-Jim

Jim Clark wrote:

The specification targets IE6, IE7 and Firefox running on XP and Vista. The catch is that none of these browsers allows files to be written to disk for security reasons regardless if Java applets, JavaScript, ECMAScript, etc. are used. So the problem is once the form is submitted and the Flash Action Script has the output XML ready, how to circumvent security and get the XML file written to preferably the same drive and directory the application was launched from.

Having never programmed in Flash Action Script, my first hopefully correct assumption is that Flash will be able to call an executable created by Ruby2Exe from the browser to execute it. If so, the

Flash won't be able to do that. Firstly, Adobe would make it trivial to create malicious website, and secondly, Flash is handled just like any other browser plug-in. If you want to use a browser exploit, you are on the wrong list.

executable could be Watir programmed to open a new browser window, Action Script sending the XML output to the browser window, and then Watir doing a "Save Page As...", and then Watir closing the browser window and returning control to the Flash application to do its thing from there.

A possible solution would be a multi-threaded Ruby application, which a) starts the browser (from the USB thumbdrive, for example) and b) polls the browser if the XML file is ready, and then writes it to the thumbdrive / any other place.

A key assumption in this sequence is that once Watir opens the browser window, Action Script can communicate with the new window to pipe the XML output (standard UTF-8) to it. Perhaps a simpler scenario is if Action Script can open the executable and pass through ARGV either the XML output or the form parameters (if the XML is too big for ARGV), Ruby can do all the lifting without Watir and simply create and/or write the output file.

I very much doubt that this will work, for various security reasons. It's probably a smart idea to ask this question on security-basics on securityfocus.com

Keep in mind though, that you should restrict all activity to your hardware, and don't use a customer's system. Not even with permission. The sysadmins probably won't take kindly to anything that accesses their systems, for various (security related) issues.

Again, refer your questions to security-basics, too.

Is what I described possible? Are there other solutions for accomplishing this? The application is nearing completion and this piece is becoming trickier than expected.

P5: Proper Planning Prevents Poor Performance.

The only thing that comes to mind, would be to pop up a Save as.. dialog from within ActionScript, if possible. Anything beyond that is more likely than not outside of ActionScript's control, but could be "captured" by using Watir / FireWatir.

To me, though, this concept smells like bad planning by the higher-ups.

Hi Jim,

The specification targets IE6, IE7 and Firefox running on XP and Vista. The catch is that none of these browsers allows files to be written to disk for security reasons regardless if Java applets, JavaScript, ECMAScript, etc. are used. So the problem is once the form is submitted and the Flash Action Script has the output XML ready, how to circumvent security and get the XML file written to preferably the same drive and directory the application was launched from.

Why not use Adobe apollo (http://labs.adobe.com/wiki/index.php/Apollo\)? You can easily bundle a flash file to apollo archive/standalone and you get a standalone application. Apollo has webkit inbuilt and doesn't need a particular browser to be installed in the client machine. Your application might even work in Mac

Apollo can easily talk with the local filesystem.
http://labs.adobe.com/wiki/index.php/Apollo:Articles:Apollo_Local_File_System

Cheers,
Ganesh Gunasegaran.

Phillip Gawlowski wrote:

P5: Proper Planning Prevents Poor Performance.

When I was in the military, the drill sergeants would harp upon the 6 P's of Proper Planning. You're version is a bit nicer.

Thanks for the advice.

-Jim

P.S. - How do you change your sig line every time?

Ganesh Gunasegaran wrote:

Why not use Adobe apollo (http://labs.adobe.com/wiki/index.php/Apollo\)? You can easily bundle a flash file to apollo archive/standalone and you get a standalone application. Apollo has webkit inbuilt and doesn't need a particular browser to be installed in the client machine. Your application might even work in Mac

Apollo can easily talk with the local filesystem.
http://labs.adobe.com/wiki/index.php/Apollo:Articles:Apollo_Local_File_System

This is very interesting. I'll show this to the Action Script developers to see if they have seen it. Since it is still Alpha quality, I can't recommend using now based a higher probability of running into new bugs, stability issues and I didn't see anything regarding Adobe's licensing intentions such as will these be releasing under an open source license or what they will be charging for it when it is production quality. I was also a bit concerned by the requirement for Windows Vista Home Premium Edition instead of just Windows Vista. Not sure why the exact requirement there but I would feel completely foolish to build something with this to find that it doesn't run on Windows Vista Ultimate or other editions in use.

It will certainly be on my watch list now for similar projects in the future though once it matures.

Regards,
Jim

Jim Clark wrote:

Phillip Gawlowski wrote:

P5: Proper Planning Prevents Poor Performance.

When I was in the military, the drill sergeants would harp upon the 6 P's of Proper Planning. You're version is a bit nicer.

I know that variant, too, but I don't want to upset anyone casually.

Thanks for the advice.

You are welcome.

-Jim

P.S. - How do you change your sig line every time?

With the Signature Switch extension for Thunderbird:

I didn't see anything regarding Adobe's licensing intentions such as will these be releasing under an open source license or what they will be charging for it when it is production quality.

There you go

Adobe open sources flex.
http://labs.adobe.com/wiki/index.php/Flex:Open_Source

Apollo runtime is free to use
http://labs.adobe.com/wiki/index.php/Apollo:DeveloperFAQ#Is_Apollo_free_.28as_in_beer.29.3F

I feel apollo will also be open sourced in the near future.

Cheers,
Ganesh Gunasegaran.

In the haze of an early breakfast coupled with little sleep, I realized that the solution to this problem wasn't about forcing the browser to do something it is explicitly designed not to do. Rather, the key is to get the client PCs to act like a server which is when I had the head slapping moment of thinking about the Ruby one-click installer. It can be put on a Flash drive, it will execute on Windows XP and Vista, any browser can be used to view the HTML pages from Apache, and it really beefs up the infrastructure with many features including having a MySQL database to store info and extract the data from. The problem of saving an XML file to disk completely disappears when viewed from a server side perspective.

-Jim

Phillip Gawlowski wrote:

Why not use WebRick like ruby script to build your own webserver?

I think the invasive solution could be too problematic if you find an admin
that refuse the idea to install some app on his lan.

Maybe this is not your case...

-----Messaggio originale-----

Thanks - I'll keep this in mind if others voice an opinion for a lighter weight solution. Part of why I like InstantRails is my familiarity with Apache having using it for a number of years. Keeping it on a thumb drive keeps it off the lan which hopefully avoids anyone's discomfort with installing files anywhere.

-Jim

Andrea Forlin wrote:

I am interested in downloading, from the New Zealand TAB (Totalisator Agency
Board) website, the names of the race meetings on a particular date. This is
normally reached from the TAB main page (www.tab.co.nz) through their
results page which has a form with date dropdown (and uses HTTPS). Picking
(for example) 20 April 2007 leads to a web page with the URL
ebet.tab.co.nz/ebet/ResultsArchive?day=20&month=04&year=2007

If I copy this URL and paste it into another instance of my web browser
(Mozilla), it produces the correct list of meetings. On the other hand, if I
try and access it through Ruby, I get a zero length response body (and an
obscure error if I switch on the debug as in the example below). My code is:

uri =
URI.parse('https://ebet.tab.co.nz/ebet/ResultsArchive?day=20&month=04&year=2
007')
request = Net::HTTP.new(uri.host, uri.port)
request.set_debug_output $stderr
request.use_ssl = true
request.verify_mode = OpenSSL::SSL::VERIFY_NONE
response = request.get2(uri.path)
puts response.body.size

If I pass the parameters as a second parameter, hashed, to the get2 call I
get exactly the same results (that is, an error).

Can someone point out my mistake in this code which works pretty well in
other situations?

Gary Thomas

I am interested in downloading, from the New Zealand TAB (Totalisator Agency
Board) website, the names of the race meetings on a particular date. This is
normally reached from the TAB main page (www.tab.co.nz) through their
results page which has a form with date dropdown (and uses HTTPS). Picking
(for example) 20 April 2007 leads to a web page with the URL
ebet.tab.co.nz/ebet/ResultsArchive?day=20&month=04&year=2007

[snip]

Can someone point out my mistake in this code which works pretty well in
other situations?

Do you really need to use Net::HTTP? I was able to fetch the page with
mechanize and not have to deal with setting up Net::HTTP:

require 'rubygems'
require 'mechanize'

mech = WWW::Mechanize.new
page =
mech.get('https://ebet.tab.co.nz/ebet/ResultsArchive?day=20&month=04&year=2007'\)
puts page.body.length

Hope that helps!

Thanks! It worked a treat.

Gary Thomas