Making Applications Scriptable¶
incorporating JavaScript in Qt applications.
Qt provides support for application scripting with JavaScript. The following guides and references cover aspects of programming with JavaScript and Qt.
Scripting Classes¶
The following classes add scripting capabilities to Qt applications.
PySide6.QtQml.QJSEngine
The QJSEngine class provides an environment for evaluating JavaScript code.
PySide6.QtQml.QJSPrimitiveValue
The QJSPrimitiveValue class operates on primitive types in JavaScript semantics.
PySide6.QtQml.QJSValue
The QJSValue class acts as a container for Qt/JavaScript data types.
PySide6.QtQml.QJSValueIterator
The QJSValueIterator class provides a Java-style iterator for QJSValue.
Basic Usage¶
To evaluate script code, you create a QJSEngine
and call its evaluate() function, passing the script code (text) to evaluate as argument.
engine = QJSEngine() print("the magic number is:", engine.evaluate("1 + 2").toNumber())
The return value will be the result of the evaluation (represented as a QJSValue
object); this can be converted to standard C++ and Qt types.
Custom properties can be made available to scripts by registering them with the script engine. This is most easily done by setting properties of the script engine’s Global Object:
engine.globalObject().setProperty("foo", 123) print("foo times two is:", engine.evaluate("foo * 2").toNumber())
This places the properties in the script environment, thus making them available to script code.
Making a QObject Available to the Script Engine¶
Any QObject
-based instance can be made available for use with scripts.
When a QObject
is passed to the newQObject()
function, a Qt Script wrapper object is created that can be used to make the QObject
‘s signals, slots, properties, and child objects available to scripts.
Here’s an example of making an instance of a QObject
subclass available to script code under the name "myObject"
:
engine = QJSEngine() someObject = MyObject() objectValue = engine.newQObject(someObject) engine.globalObject().setProperty("myObject", objectValue)
This will create a global variable called myObject
in the script environment. The variable serves as a proxy to the underlying C++ object. Note that the name of the script variable can be anything; i.e., it is not dependent upon objectName()
.
Implications for Application Security¶
The security model of application scripting with JavaScript follows the same model as for C++ code: the user installs scripts to run that they trust in the same way as they install Qt applications.
In order to preserve the trust of users, application developers should not evaluate arbitrary JavaScript code. The JavaScript engine’s sandbox is only a semantic barrier. The script is evaluated in the same process and with the same privileges as the rest of the application and shares the same memory. As a consequence, C++ objects exposed to scripts are accessible without additional security guards.
© 2022 The Qt Company Ltd. Documentation contributions included herein are the copyrights of their respective owners. The documentation provided herein is licensed under the terms of the GNU Free Documentation License version 1.3 as published by the Free Software Foundation. Qt and respective logos are trademarks of The Qt Company Ltd. in Finland and/or other countries worldwide. All other trademarks are property of their respective owners.