7

So I have this bit of a project planned for Windows Store and Android. Basically, a networking multi-tool coupled with a scripting engine to implement protocols and behavior. Ideal uses being things like "my embedded device uses this simplistic network protocol. I'd like to quickly prototype a way to control it from my tablet".

It's my understanding that the Android market should have no problem with this. However, the Windows Store policy includes a vague clause concerning remote code execution

3.9 All app logic must originate from, and reside in, your app package Your app must not attempt to change or extend the packaged content through any form of dynamic inclusion of code or data that changes how the application interacts with the Windows Runtime, or behaves with regard to Store policy. It is not permissible, for example, to download a remote script and subsequently execute that script in the local context of your app package.

Of course, the scripting engine will be sandboxed and such and should be "safe"(completely intepreted, no reflection), but does it violate this policy?

Earlz
  • 62,085
  • 98
  • 303
  • 499

3 Answers3

5

If you build in your scripting engine, and only run local scripts, you will be good. However, if you were thinking to have a repository of scripts that could be downloaded and subsequently run, that would be in violation of the policy as we understand it.

bubba
  • 3,839
  • 21
  • 25
  • What if the users can change the scripts? – Earlz Mar 29 '13 at 20:19
  • 1
    If they edit the scripts within the app, no problem. The primary goal here is not to prevent the user from functionality, but to help protect them against the evil programmers who want to download scripts behind the scenes and do things the user might not agree with. – bubba Mar 29 '13 at 20:26
  • 1
    'Maybe' this line may still get you 'or extend the packaged content through any form of dynamic inclusion of code or data that changes how the application interacts with the Windows Runtime,' It mentions nothing here about local or remote but instead dynamic inclusion that indeed changes how the interaction of the runtime happens. However, I still can't answer that not being on the team, I just don't know – Adam Tuliper Apr 04 '13 at 04:30
  • I think you made the most sense, but I'll also be posting to that forum mentioned by @AdamTuliper-MSFT I think the real "answer" to this problem is that I'll just have to try it and see if it passes certification – Earlz Apr 04 '13 at 14:15
4

Unfortunately I don't think anyone but someone on that team can answer that (or someone with direct experience in that) because of the closeness to the legal language. Have you tried the Windows Store Appl Publishing forum at: http://social.msdn.microsoft.com/Forums/en-US/windowsstore/threads

Adam Tuliper
  • 29,982
  • 4
  • 53
  • 71
2

In the context of scripting engine example given, unless the app modifies the scripting engine after deployment on user's system such that the representation of protocol/behavior (the script artifact's format) is made to change then it'll be policy violation. Its as if you submit Python interpreter, and at some point in time it abruptly moves onto interpreting ecmascript.

Chawathe Vipul S
  • 1,636
  • 15
  • 28