Using Watir and Ruby2Exe together

I’ve been asked to help solve a browser issue that I think Watir and
Ruby2Exe may be able to solve. However, I ask the group for a quick
reality check before proposing a solution and heading into the deep
unknown (at least for me).

There is a browser based application written in Flash Action Script that
needs to write an XML file to the local disk. Picture a salesman with a
USB flash drive that he can use at a customer’s site. All the files are
on the flash drive and a remote server is never contacted so the
application is completely client side. To start the application, a
browser is fired up and the local file opened from the flash drive which
is a form with several list boxes that the customer can choose various
options and then submit the form. What should happen is a XML file is
then written to disk which the application uses in several ways further
downstream including applying an XSLT transformation to display the
results.

The specification targets IE6, IE7 and Firefox running on XP and Vista.
The catch is that none of these browsers allows files to be written to
disk for security reasons regardless if Java applets, JavaScript,
ECMAScript, etc. are used. So the problem is once the form is submitted
and the Flash Action Script has the output XML ready, how to circumvent
security and get the XML file written to preferably the same drive and
directory the application was launched from.

Having never programmed in Flash Action Script, my first hopefully
correct assumption is that Flash will be able to call an executable
created by Ruby2Exe from the browser to execute it. If so, the
executable could be Watir programmed to open a new browser window,
Action Script sending the XML output to the browser window, and then
Watir doing a “Save Page As…”, and then Watir closing the browser
window and returning control to the Flash application to do its thing
from there.

A key assumption in this sequence is that once Watir opens the browser
window, Action Script can communicate with the new window to pipe the
XML output (standard UTF-8) to it. Perhaps a simpler scenario is if
Action Script can open the executable and pass through ARGV either the
XML output or the form parameters (if the XML is too big for ARGV), Ruby
can do all the lifting without Watir and simply create and/or write the
output file.

Is what I described possible? Are there other solutions for
accomplishing this? The application is nearing completion and this piece
is becoming trickier than expected.

Thanks in advance!

-Jim

Jim C. wrote:

created by Ruby2Exe from the browser to execute it. If so, the
Flash won’t be able to do that. Firstly, Adobe would make it trivial to
create malicious website, and secondly, Flash is handled just like any
other browser plug-in. If you want to use a browser exploit, you are on
the wrong list.

executable could be Watir programmed to open a new browser window,
Action Script sending the XML output to the browser window, and then
Watir doing a “Save Page As…”, and then Watir closing the browser
window and returning control to the Flash application to do its thing
from there.

A possible solution would be a multi-threaded Ruby application, which a)
starts the browser (from the USB thumbdrive, for example) and b) polls
the browser if the XML file is ready, and then writes it to the
thumbdrive / any other place.

A key assumption in this sequence is that once Watir opens the browser
window, Action Script can communicate with the new window to pipe the
XML output (standard UTF-8) to it. Perhaps a simpler scenario is if
Action Script can open the executable and pass through ARGV either the
XML output or the form parameters (if the XML is too big for ARGV), Ruby
can do all the lifting without Watir and simply create and/or write the
output file.

I very much doubt that this will work, for various security reasons.
It’s probably a smart idea to ask this question on security-basics on
securityfocus.com

Keep in mind though, that you should restrict all activity to your
hardware, and don’t use a customer’s system. Not even with permission.
The sysadmins probably won’t take kindly to anything that accesses their
systems, for various (security related) issues.

Again, refer your questions to security-basics, too.

Is what I described possible? Are there other solutions for
accomplishing this? The application is nearing completion and this piece
is becoming trickier than expected.

P5: Proper Planning Prevents Poor Performance.

The only thing that comes to mind, would be to pop up a Save as… dialog
from within ActionScript, if possible. Anything beyond that is more
likely than not outside of ActionScript’s control, but could be
“captured” by using Watir / FireWatir.

To me, though, this concept smells like bad planning by the higher-ups.

–
Phillip “CynicalRyan” Gawlowski
http://cynicalryan.110mb.com/
http://clothred.rubyforge.org

Eek! That was supposed to be My Special Law, MY special law, I tell
you!

T/

Phillip G. wrote:

P5: Proper Planning Prevents Poor Performance.

When I was in the military, the drill sergeants would harp upon the 6
P’s of Proper Planning. You’re version is a bit nicer.

Thanks for the advice.

-Jim

P.S. - How do you change your sig line every time?

In the haze of an early breakfast coupled with little sleep, I realized
that the solution to this problem wasn’t about forcing the browser to do
something it is explicitly designed not to do. Rather, the key is to get
the client PCs to act like a server which is when I had the head
slapping moment of thinking about the Ruby one-click installer. It can
be put on a Flash drive, it will execute on Windows XP and Vista, any
browser can be used to view the HTML pages from Apache, and it really
beefs up the infrastructure with many features including having a MySQL
database to store info and extract the data from. The problem of saving
an XML file to disk completely disappears when viewed from a server side
perspective.

-Jim

Jim C. wrote:

Phillip G. wrote:

P5: Proper Planning Prevents Poor Performance.

When I was in the military, the drill sergeants would harp upon the 6
P’s of Proper Planning. You’re version is a bit nicer.

I know that variant, too, but I don’t want to upset anyone casually.

Thanks for the advice.

You are welcome.

-Jim

P.S. - How do you change your sig line every time?

With the Signature Switch extension for Thunderbird:

–
Phillip “CynicalRyan” Gawlowski
http://cynicalryan.110mb.com/
http://clothred.rubyforge.org

Rule of Open-Source Programming #1:

Don’t whine unless you are going to implement it yourself.

Why not use WebRick like ruby script to build your own webserver?

I think the invasive solution could be too problematic if you find an
admin
that refuse the idea to install some app on his lan.

Maybe this is not your case…

-----Messaggio originale-----
Da: Jim C. [mailto:[email protected]]
Inviato: mercoledì 25 aprile 2007 18.32
A: ruby-talk ML
Oggetto: Re: Using Watir and Ruby2Exe together

In the haze of an early breakfast coupled with little sleep, I realized
that the solution to this problem wasn’t about forcing the browser to do
something it is explicitly designed not to do. Rather, the key is to get
the client PCs to act like a server which is when I had the head
slapping moment of thinking about the Ruby one-click installer. It can
be put on a Flash drive, it will execute on Windows XP and Vista, any
browser can be used to view the HTML pages from Apache, and it really
beefs up the infrastructure with many features including having a MySQL
database to store info and extract the data from. The problem of saving
an XML file to disk completely disappears when viewed from a server side
perspective.

-Jim

Hi Jim,

On 25-Apr-07, at 1:35 PM, Jim C. wrote:

The specification targets IE6, IE7 and Firefox running on XP and
Vista. The catch is that none of these browsers allows files to be
written to disk for security reasons regardless if Java applets,
JavaScript, ECMAScript, etc. are used. So the problem is once the
form is submitted and the Flash Action Script has the output XML
ready, how to circumvent security and get the XML file written to
preferably the same drive and directory the application was
launched from.

Why not use Adobe apollo (http://labs.adobe.com/wiki/index.php/
Apollo)? You can easily bundle a flash file to apollo archive/
standalone and you get a standalone application. Apollo has webkit
inbuilt and doesn’t need a particular browser to be installed in the
client machine. Your application might even work in Mac

Apollo can easily talk with the local filesystem.
http://labs.adobe.com/wiki/index.php/
Apollo:Articles:Apollo_Local_File_System

Cheers,
Ganesh G…

Thanks - I’ll keep this in mind if others voice an opinion for a lighter
weight solution. Part of why I like InstantRails is my familiarity with
Apache having using it for a number of years. Keeping it on a thumb
drive keeps it off the lan which hopefully avoids anyone’s discomfort
with installing files anywhere.

-Jim

Ganesh G. wrote:

This is very interesting. I’ll show this to the Action Script developers
to see if they have seen it. Since it is still Alpha quality, I can’t
recommend using now based a higher probability of running into new bugs,
stability issues and I didn’t see anything regarding Adobe’s licensing
intentions such as will these be releasing under an open source license
or what they will be charging for it when it is production quality. I
was also a bit concerned by the requirement for Windows Vista Home
Premium Edition instead of just Windows Vista. Not sure why the exact
requirement there but I would feel completely foolish to build something
with this to find that it doesn’t run on Windows Vista Ultimate or other
editions in use.

It will certainly be on my watch list now for similar projects in the
future though once it matures.

Regards,
Jim

I didn’t see anything regarding Adobe’s licensing intentions such
as will these be releasing under an open source license or what
they will be charging for it when it is production quality.

There you go

Adobe open sources flex.
http://labs.adobe.com/wiki/index.php/Flex:Open_Source

Apollo runtime is free to use
http://labs.adobe.com/wiki/index.php/
Apollo:DeveloperFAQ#Is_Apollo_free_.28as_in_beer.29.3F

I feel apollo will also be open sourced in the near future.

Cheers,
Ganesh G…

On 26-Apr-07, at 10:47 AM, Jim C. wrote:

I am interested in downloading, from the New Zealand TAB (Totalisator
Agency
Board) website, the names of the race meetings on a particular date.
This is
normally reached from the TAB main page (www.tab.co.nz) through their
results page which has a form with date dropdown (and uses HTTPS).
Picking
(for example) 20 April 2007 leads to a web page with the URL
ebet.tab.co.nz/ebet/ResultsArchive?day=20&month=04&year=2007

If I copy this URL and paste it into another instance of my web browser
(Mozilla), it produces the correct list of meetings. On the other hand,
if I
try and access it through Ruby, I get a zero length response body (and
an
obscure error if I switch on the debug as in the example below). My code
is:

uri =
URI.parse(‘https://ebet.tab.co.nz/ebet/ResultsArchive?day=20&month=04&year=2
007’)
request = Net::HTTP.new(uri.host, uri.port)
request.set_debug_output $stderr
request.use_ssl = true
request.verify_mode = OpenSSL::SSL::VERIFY_NONE
response = request.get2(uri.path)
puts response.body.size

If I pass the parameters as a second parameter, hashed, to the get2 call
I
get exactly the same results (that is, an error).

Can someone point out my mistake in this code which works pretty well in
other situations?

Gary Thomas

Thanks! It worked a treat.

Gary Thomas

On Sun, Apr 29, 2007 at 03:23:25PM +0900, Gary Thomas wrote:

I am interested in downloading, from the New Zealand TAB (Totalisator Agency
Board) website, the names of the race meetings on a particular date. This is
normally reached from the TAB main page (www.tab.co.nz) through their
results page which has a form with date dropdown (and uses HTTPS). Picking
(for example) 20 April 2007 leads to a web page with the URL
ebet.tab.co.nz/ebet/ResultsArchive?day=20&month=04&year=2007

[snip]

Can someone point out my mistake in this code which works pretty well in
other situations?

Do you really need to use Net::HTTP? I was able to fetch the page with
mechanize and not have to deal with setting up Net::HTTP:

require ‘rubygems’
require ‘mechanize’

mech = WWW::Mechanize.new
page =
mech.get(‘https://ebet.tab.co.nz/ebet/ResultsArchive?day=20&month=04&year=2007’)
puts page.body.length

Hope that helps!