Making Applications Scriptable

incorporating JavaScript in Qt applications.

Qt provides support for application scripting with JavaScript. The following guides and references cover aspects of programming with JavaScript and Qt.

Scripting Classes

The following classes add scripting capabilities to Qt applications.

PySide6.QtQml.QJSEngine

The QJSEngine class provides an environment for evaluating JavaScript code.

PySide6.QtQml.QJSPrimitiveValue

The QJSPrimitiveValue class operates on primitive types in JavaScript semantics.

PySide6.QtQml.QJSValue

The QJSValue class acts as a container for Qt/JavaScript data types.

PySide6.QtQml.QJSValueIterator

The QJSValueIterator class provides a Java-style iterator for QJSValue.

Basic Usage

To evaluate script code, you create a QJSEngine and call its evaluate() function, passing the script code (text) to evaluate as argument.

engine = QJSEngine()
print("the magic number is:", engine.evaluate("1 + 2").toNumber())

The return value will be the result of the evaluation (represented as a QJSValue object); this can be converted to standard C++ and Qt types.

Custom properties can be made available to scripts by registering them with the script engine. This is most easily done by setting properties of the script engine’s Global Object:

engine.globalObject().setProperty("foo", 123)
print("foo times two is:", engine.evaluate("foo * 2").toNumber())

This places the properties in the script environment, thus making them available to script code.

Making a QObject Available to the Script Engine

Any QObject -based instance can be made available for use with scripts.

When a QObject is passed to the newQObject() function, a Qt Script wrapper object is created that can be used to make the QObject ‘s signals, slots, properties, and child objects available to scripts.

Here’s an example of making an instance of a QObject subclass available to script code under the name "myObject":

engine = QJSEngine()
someObject = MyObject()
objectValue = engine.newQObject(someObject)
engine.globalObject().setProperty("myObject", objectValue)

This will create a global variable called myObject in the script environment. The variable serves as a proxy to the underlying C++ object. Note that the name of the script variable can be anything; i.e., it is not dependent upon objectName() .

Implications for Application Security

The security model of application scripting with JavaScript follows the same model as for C++ code: the user installs scripts to run that they trust in the same way as they install Qt applications.

In order to preserve the trust of users, application developers should not evaluate arbitrary JavaScript code. The JavaScript engine’s sandbox is only a semantic barrier. The script is evaluated in the same process and with the same privileges as the rest of the application and shares the same memory. As a consequence, C++ objects exposed to scripts are accessible without additional security guards.