ScriptCode best practices

Context

The rules for writing ScriptCode on the Eximee platform will help ensure code consistency, readability and safety, and will also facilitate onboarding of new employees.

Write ScriptCode according to the rules described below.

Area
Rule

Consistent naming convention

  • Write code in English - use English names for variables, functions, etc.

Exceptions: top-down business decisions regarding naming or a high level of script complexity (the decision lies with the low-code developer here). If you choose to use Polish naming convention - be consistent within a single script.

  • Literal constants hard-coded in code name them in UPPER_SNAKE_CASE format, e.g. const MOBILE_CHANNEL = "mobile"

  • Name other variables and functions in camelCase format, e.g. const correlationId = context.getFirstParameter('correlationId'), let motherBranchNumber, function generateBranch()

Order in code structure

Organize code according to the following order:

  1. Literal constants- declare at the beginning of the script

  2. Variables - then declare the variables that will be used in the main logic

  3. Main logic - the main sequence of operations that the code performs (e.g. data processing, calling functions)

  4. Helper functions - place at the end

Logging

  • Do not duplicate platform logs - if some parameters are automatically generated by the platform do not log them again in the script

  • Use a sensitive logger for logging sensitive data, pattern: Logger.info("Client's PESEL filled on the form: {}", pesel)

Learn more: Logging in ScriptCode

Variable declaration

  • Do not use vars

  • Primitive types: use let only when you change the variable's value in the script. In other cases use const

  • Complex types: do not use let if you only modify the contents of an object - including arrays (Array), sets (Set), maps (Map).

There is no need to use let when declaring objects - including arrays (Array), sets (Set), maps (Map) - as long as the reference (that is the reference to a specific object or array) will not be changed. In most cases const should be used to declare arrays and other objects, even if their contents will be modified.

Example using const:

const array = [1, 2, 3]; array.push(4); // Works fine, we modify the array contents

const obj = { name: "Alice" }; obj.age = 30; // Works fine, we modify the object's properties

Note: As long as the Rhino engine does not correctly support block scope for const you should declare variables inside a "for" loop using let. You can read more about the bug in the material linked below.

Learn more: Data types in Javascript,

Reference, mutability, primitive types - Javascript recap!

Scripts (ScriptService)

Table listing which functionalities are currently not properly supported by the Rhino engine Rhino: error when declaring const inside a for loop

Error handling

  • Use blocks try-catch in places where exceptions may occur. In case of an error, log it using the logger to enable easy problem tracing.

Code readability

  • Right-click → choose Format Document. This will make the code more clear and readable

  • Remove code that is commented out and no longer needed

  • Write comments succinctly and clearly, explaining harder code fragments, intentions and unusual solutions. Avoid obvious comments that merely repeat what is already clear in the code.

Code repetition

  • If you repeat a piece of code several times - create a helper function

Script description

  • When creating a new script/validator - add a description

Tests

  • Create unit tests whenever possible, include edge cases.

Security

  • Treat any parameters entering the ScriptCode as untrusted when sending to services

Sample code:

Bad:

Good:

  • Do not use credentials directly in ScriptCode

  • Fetch remote resources (images, documents, card images, etc.) from a trusted source (e.g. Eximee platform, bank resource)

  • If you must use any link in the application make sure it is trusted and its use directly results from requirements

  • If some functionality is not present on the platform report the need - do not use external tools

Learn more: OWASP_Application_Security_Verification_Standard_4.0 - scriptCode

Mathematical operations with BigDecimal

  • Perform mathematical operations using BigDecimal

Learn more: Mathematical operations in ScriptCode

Handling falsy values

  • Before using a property or method check that the variable's value is not null nor undefined, to prevent errors related to missing values. In situations where you also want to catch 0, an empty string or NaN, you can use the general condition if(value).

Review

  • If you are not the only low-code developer on the team - ask someone from the team for a code review.

Materials

PreviousPlatform header with tenant identifierNextOWASP_Application_Security_Verification_Standard_4.0 - scriptCode

Last updated

Was this helpful?