Javascript -> Shell Script

mark007 · August 20, 2008, 6:52am

Hi all,

I am trying to call a shell script from a javascript function. This works fine and the shell script returns everything I expected BUT I cannot figure out how to pass command line arguments to this shell script.

Using GET, I assume the url being called needs to be one string with no spaces (hence i cannot do url="myScript.sh arg1 arg2 arg3"

Using POST, I am sending the post variables like this

var args="a=b";
req.open("POST", url, true);
req.send(args);

but do not know how to read those from within my shell script.

Anyone know how to do it? TYVM!

era · August 20, 2008, 11:46pm

The CGI spec defines how arguments are made available to the CGI script. You can pass data using either GET, in $QUERY_STRING, or POST, as standard input. Transforming these to the moral equivalent of command-line arguments needs to be performed inside the script. If you cannot modify it, write a wrapper which does the transformation and then invokes the real script with the command-line arguments it expects.

redoubtable · August 24, 2008, 7:25am

Side note: not all browsers allow you to execute shell commands through javascript (and enabling this is really dangerous). The only way javascript can ask for safe execution is on server-side using ajax -- this is used to make really dynamic pages which don't need page reload to retrieve information.

era · August 24, 2008, 10:32am

If the conduit is CGI, I would imagine that we are talking server-side in any event here.

mark007 · August 24, 2008, 12:45pm

Ya thanks all

Simple javascript "ajax" call to the script using "GET" worked. Command line arguments come in in the env variable $QUERY_STRING. I find it hard to write a command line input parser so I might have to go back to my old way of doing things.

javascript -> calls php script (and easily parses parameters) -> calls shell script

as opposed to

javascript -> directly calls shell script (bit annoying to parse the parameters which might be in form "a=1&b=2&bla=5")

Anyone know of an existing lump of code to let me parse these, like its easy to get them in php using $_GET['a'] and $_GET['b] etc

era · August 24, 2008, 1:08pm

Shell script is kind of brittle when it comes to proper quoting of user-specified arguments etc so you need to be really careful here. Perhaps wrapping the call in PHP is not such a bad idea (although PHP too has a bit of a track record when it comes to security problems .... /me ducks) and make really really sure you use proper quoting everywhere in the script and in everything which invokes it. And keep in mind that security checks in JavaScript are ineffective; somebody could simply be connecting directly to the CGI script, without going through your form (or with JavaScript disabled).

As such, it's not very hard to split on & with IFS='&'. IFS=& query_string - Google Search brings up some matches but I would regard all of them with extreme suspicion. If you see a variable interpolation without double quotes around it, run away.

era · August 24, 2008, 1:24pm

Parse query function - IT Community looks like it's rather competently coded, although it's Bash only. Actually seems like it's probably one of our members who submitted it -- cfajohnson

mark007 · August 24, 2008, 1:27pm

Fantastic. Yeah security is something that needs alot of thought I think. I haev a nice safesql php class that I use to make sql queries in php, its very nice. I would love to have / find a safe javascript -> shell script caller, that does all the escaping etc..

Ill take a look at that code era, tyvm!