Tcl scripts are executed in an interpreter. The script language has a safe interpreter that blocks all access to the system and therefore completely protects the system from being compromised.
Scripts that can be maintained via the GUI or the XML interface are always executed in the safe interpreter. This is true for the following checks and functions:
callback
) and value
display function (displayValueCallback
) for
fields.recordSetCallback
). Here the open
command, restricted to the blob files passed to the function, is
additionally available.workflowModification
)completionCheck
)Conversely, all routines that require write access to files are not executed in the safe interpreter but in the standard interpreter:
linkCallback
)notificationCmd
)dynamicLinkFormatter
)generateThumbnail
Most of the procedures associated with these system calls are also available in the safe interpreter. This is a requirement for procedures executed by custom commands. It is desirable for user manager functions.
Tcl procedures can be registered with the safe interpreter using
safeInterp alias serverProc clientProc
.