WGuest Scripting Security

There are several security contexts supported by WGuest:

non-web context: all methods and properties are allowed
trusted web context: all methods and properties are allowed. The list of trusted sites can be modified by the SiteLockTool.exe utility.
non-trusted web context: when WGuest is embedded into a web page on a site which is not in the list of trusted sites, its operations and properties are altered to prevent any harm that may come from malicious sites.

For each method and property in this documentation it is described how it behaves in the non-trusted web context. The whole list of security limitations for methods and properties can be found below.

Never safe operations

Operation cannot proceed, it will always return NGA_ERR_NOT_SAFE.

Always safe operations

Safe operation. Proceed as usual without any security limitations.

Never safe properties

When read return initial value, when set nothing happens.

Always safe properties

Safe property. Proceed as usual without any security limitations.

Safe to write property

When set new value comes into effect but when read returns initial value.

Operations that create session

User is presented with the confirmation dialog.

When user chooses Accept, session opening sequence is started. Otherwise operation returns NGA_ERR_NOT_SAFE, no session will be opened.

Confirmation dialog is presented regardless of whether session creation is invoked with JavaScript or built-in UI.

Operations that require open session

Operation returns NGA_ERR_NOT_SAFE unless there is an open session.

So, operation proceeds only if user has been previously presented confirmation dialog, pressed Accept and session has been successfully opened.

Operations that require user confirmation

User is presented confirmation dialog.

When user chooses Accept, operation proceeds its usual course. Otherwise operation returns NGA_ERR_NOT_SAFE.