search
Ctrlk

ScriptCode best practices

hashtag
Context

The rules for writing ScriptCode on the Eximee platform will help ensure consistency, readability, and code security, and will also make onboarding new employees easier.

Create ScriptCode according to the rules described below.

Area
Rule

Consistent naming convention

  • Write code in English - use English names for variables, functions, etc.

Exceptions: top-down business naming decisions or a high level of script complexity (in this case, the decision belongs to the low-code developer). If you decide on a Polish naming convention - be consistent within a single script.

  • Literal constants hard-coded in code, name them in UPPER_SNAKE_CASE format, e.g. const MOBILE_CHANNEL = "mobile"

  • Name other variables and functions in camelCase format, e.g. const correlationId = context.getFirstParameter('correlationId'), let motherBranchNumber, function generateBranch()

Order in the code structure

Organize code according to the following order:

  1. Literal constants- declare at the beginning of the script

  2. Variables - then declare variables that will be used in the main logic

  3. Main logic - the main sequence of operations performed by the code (e.g. data processing, function calls)

  4. Helper functions - place at the end

Logging

  • Do not duplicate platform logs - if any parameters are automatically generated by the platform, do not log them again in the script

  • Use the sensitive logger to log sensitive data, pattern: Logger.infoarrow-up-right("Customer's PESEL filled in on the form: {}", pesel)

Learn more: Logging in ScriptCode

Variable declaration

  • Do not use vars

  • Primitive types: use let only when you change the variable's value in the script. In other cases, use const

  • Complex types: do not use let if you only modify the contents of an object - including arrays (Array), sets (Set), maps (Map).

There is no need to use let when declaring objects - including arrays (Array), sets (Set), maps (Map) - as long as the reference (i.e. the reference to a specific object or array) will not be changed. In most cases, const should be used to declare arrays and other objects, even if their contents will be modified.

Example using const:

const array = [1, 2, 3]; array.push(4); // Works correctly, we are modifying the contents of the array

const obj = { name: "Alice" }; obj.age = 30; // Works correctly, we are modifying the object properties

Note: As long as the Rhino engine does not properly support block scope for const, variables inside a "for" loop should be declared using let. More about the bug can be found in the material linked below.

Learn more: Data types in JavaScriptarrow-up-right,

Reference, mutability, primitive types - JavaScript recap!arrow-up-right

Scripts(ScriptService)

A table listing which features are currently not properly supported by the Rhino enginearrow-up-right Rhino: error when declaring const inside a for looparrow-up-right

Error handling

  • Use blocks try-catch in places where exceptions may occur. If an error occurs, log it using the logger to make it easy to track the problem.

Code readability

  • Right-click → choose Format Document. This will make the code more clear and readable

  • Remove code that is commented out and no longer needed

  • Write comments concisely and clearly, explaining more difficult parts of the code, intentions, and unusual solutions. Avoid obvious comments that merely repeat what is already readable in the code.

Code repetition

  • If you repeat a fragment of code several times - create a helper function

Script description

  • When creating a new script/validator - add a description

Tests

  • Create unit tests whenever possible, including edge cases.

Security

  • Treat any parameters entering ScriptCode as untrusted when sending them to services

Sample code:

Bad:

Good:

  • Do not use authorization data directly in ScriptCode

  • Retrieve remote resources (images, documents, card images, etc.) from a trusted source (e.g. the Eximee platform, a bank resource)

  • If you need to use any link in the application, make sure it is trusted and that its use results directly from the requirements

  • If a given feature does not exist on the platform, submit a request - do not use external tools

Learn more: OWASP_Application_Security_Verification_Standard_4.0 - scriptCode

Mathematical operations with BigDecimal

  • Perform mathematical operations using BigDecimal

Learn more: Mathematical operations in ScriptCode

Handling falsy values

  • Before using properties or methods, check whether the variable's value is not null or undefined, to prevent errors related to missing values. In situations where you also want to catch 0, an empty string or NaN, you can use the general condition if(value).

Review

  • If you are not the only low-code developer on the team - ask someone from the team to review the code.

hashtag
Materials

PreviousPlatform header with tenant identifierNextOWASP_Application_Security_Verification_Standard_4.0 - scriptCode

Last updated

Was this helpful?