Mask your credentials at the Scripting Engine text field

Basic Information (Must Read)

We have created a mechanism to “hide” your credentials on your Scripting Engine so that other users cannot see these details.

Anywhere in a script where there is a: MASK[[[…]]], it will be replaced on Save with a MASKED[[[credential_1]]] hiding the stored credentials/other information. The credentials cannot be retrieved or shown by any means.

Syntax: MASK[[[MY_PASSWORD]]]

  1. (lightbulb) There are three (3) openings [[[ and three (3) closures ]]] in the syntax.
  2. 💡Web-Apps: The Masking Mechanism is also available in the Custom Web-Apps.

If you want to mask any valuable information or credentials in your custom Web Apps, you can also use the above Syntax in the Scripting Engine text field.


Security

  1. There is no way to edit a stored credential of the form MASKED[[[credential_…]]]. ; an error will be reported.
    One has to change it back to MASK[[[YOUR_PASSWORD]]] by re-typing “YOUR_PASSWORD.”
  2. You cannot re-use (copy-paste) a stored credential in the same or another script.
    1. (For example, if there is a MASKED[[[credential_1]]] somewhere in the script, one cannot add another reference to credential_1 further down in the script by entering MASKED[[[credential_1]]]; an error will be reported.
  3. Each credential can be used only once in every script.
  4. Mask the entire script or a specific scripting line.

How to Mask Your Stored Credentials

For my example, I used the script code from the Microsoft Account authentication.

Below, you can see how the script will be displayed in your Scripting Engine text field:

Unmasked Script

type("""#i0116""", """MY_EMAIL""")
pause(1)
runScript("""
document.querySelector("#i0116").dispatchEvent(new Event("change"))
""")
pause(2)
click("""#idSIButton9""")
pause(2)
type("""#i0118""", """MY_PASSWORD""")
pause(1)
runScript("""
document.querySelector("#i0118").dispatchEvent(new Event("change"))
""")
pause(2)
clickAndWait("""#idSIButton9""")
click("""#KmsiCheckboxField""")
pause(2)
click("""#idSIButton9""")

To Mask my Email and my Password, I have to modify the script as follows:

MY_EMAIL MASK[[[MY_EMAIL]]]
MY_PASSWORD MASK[[[MY_PASSWORD]]]

How the script should be displayed in your Scripting Engine text field after the “Masking” procedure

Masked Script

type("""#i0116""", """MASK[[[MY_EMAIL]]]""")
pause(1)
runScript("""
document.querySelector("#i0116").dispatchEvent(new Event("change"))
""")
pause(2)
click("""#idSIButton9""")
pause(2)
type("""#i0118""", """MASK[[[MY_PASSWORD]]]""")
puase(1)
runScript("""
document.querySelector("#i0118").dispatchEvent(new Event("change"))
""")
pause(2)
clickAndWait("""#idSIButton9""")
click("""#KmsiCheckboxField""")
pause(2)
click("""#idSIButton9""")

How the script should be displayed in your Scripting Engine text field after you save your web page:

Masked Script after the Save

type("""#i0116""", """MASKED[[[credential_1]]]""")
pause(1)
runScript("""
document.querySelector("#i0116").dispatchEvent(new Event("change"))
""")
pause(2)
click("""#idSIButton9""")
pause(2)
type("""#i0118""", """MASKED[[[credential_2]]]""")
pause(1)
runScript("""
document.querySelector("#i0118").dispatchEvent(new Event("change"))
""")
pause(2)
clickAndWait("""#idSIButton9""")
click("""#KmsiCheckboxField""")
pause(2)
click("""#idSIButton9""")

hash credentials


How to Mask the entire Script or any scripting line

With this mechanism, you can Mask the entire script so other users won’t see any details regarding your script.

Let’s say that we have the below script code:

type("""#i0116""", """MY_EMAIL""")
pause(1)
type("""#i0118""", """MY_PASSWORD""")
pause(1)
click("""#idSIButton9""")

To Mask the entire script, I have to modify the sample script as follows:

MASK[[[
type("""#i0116""", """MY_EMAIL""")
pause(1)
type("""#i0118""", """MY_PASSWORD""")
pause(1)
click("""#idSIButton9""")
]]]

The Masked Script after Saving the Web page

MASKED[[[credential_1]]]

hashed credentials


Wrong Syntax

It is impossible to mask your credentials and then try to mask the entire script.
You will have to choose between masking the entire script or the credentials in it.

The Scripting engine will not accept the below syntax:

(error)
MASK[[[
type(“””#i0116″””, “””MASK[[[MY_EMAIL]]]”””)
pause(1)
type(“””#i0118″””, “””MASK[[[MY_PASSWORD]]]”””)
pause(1)
click(“””#idSIButton9″””)
]]]
(error)