Is a scripting application allowed in the Windows Store?

Asked 26/3, 2013 at 5:33 Answered 4/4, 2013 at 4:32

Solved scripting windows-store-apps policy windows-store

So I have this bit of a project planned for Windows Store and Android. Basically, a networking multi-tool coupled with a scripting engine to implement protocols and behavior. Ideal uses being things like "my embedded device uses this simplistic network protocol. I'd like to quickly prototype a way to control it from my tablet".

It's my understanding that the Android market should have no problem with this. However, the Windows Store policy includes a vague clause concerning remote code execution

3.9 All app logic must originate from, and reside in, your app package Your app must not attempt to change or extend the packaged content through any form of dynamic inclusion of code or data that changes how the application interacts with the Windows Runtime, or behaves with regard to Store policy. It is not permissible, for example, to download a remote script and subsequently execute that script in the local context of your app package.

Of course, the scripting engine will be sandboxed and such and should be "safe"(completely intepreted, no reflection), but does it violate this policy?

Pitarys answered 26/3, 2013 at 5:33 Comment(0)

If you build in your scripting engine, and only run local scripts, you will be good. However, if you were thinking to have a repository of scripts that could be downloaded and subsequently run, that would be in violation of the policy as we understand it.

Quartus answered 29/3, 2013 at 20:14 Comment(4)

What if the users can change the scripts? – Pitarys 29/3, 2013 at 20:19

If they edit the scripts within the app, no problem. The primary goal here is not to prevent the user from functionality, but to help protect them against the evil programmers who want to download scripts behind the scenes and do things the user might not agree with. – Quartus 29/3, 2013 at 20:26

'Maybe' this line may still get you 'or extend the packaged content through any form of dynamic inclusion of code or data that changes how the application interacts with the Windows Runtime,' It mentions nothing here about local or remote but instead dynamic inclusion that indeed changes how the interaction of the runtime happens. However, I still can't answer that not being on the team, I just don't know – Backward 4/4, 2013 at 4:30

I think you made the most sense, but I'll also be posting to that forum mentioned by @AdamTuliper-MSFT I think the real "answer" to this problem is that I'll just have to try it and see if it passes certification – Pitarys 4/4, 2013 at 14:15

Unfortunately I don't think anyone but someone on that team can answer that (or someone with direct experience in that) because of the closeness to the legal language. Have you tried the Windows Store Appl Publishing forum at: http://social.msdn.microsoft.com/Forums/en-US/windowsstore/threads

Backward answered 4/4, 2013 at 4:32 Comment(0)

In the context of scripting engine example given, unless the app modifies the scripting engine after deployment on user's system such that the representation of protocol/behavior (the script artifact's format) is made to change then it'll be policy violation. Its as if you submit Python interpreter, and at some point in time it abruptly moves onto interpreting ecmascript.

Blockbusting answered 2/4, 2013 at 14:4 Comment(0)

Recommended topics

Hot tags