Many 3rd-party applications offer their own script menus that allow their users to run scripts that target the developer’s application. However if the scripts in the hosting application’s script menu target other applications installed on the computer (such as Numbers), the security sandboxing in OS X will, by default, automatically block those scripts from executing.
The following information addresses application developers who want to include the ability to host their own script menu that runs scripts targeting other applications, such as Numbers.
Sandboxing and Running Scripts
Sandboxing your application may require changes to how it runs scripts. The usual method in the past has been NSAppleScript, but since scripts typically rely on sending Apple events and the default sandbox profile does not allow sending Apple events to any other application, this often does not work correctly when in a sandbox. Scripts run from your application will fall into one of three categories:
- Self-targeted scripts. Your scripts only send events to your application and never to any other application. Continue to use NSAppleScript as before.
- Built-in scripts. Your scripts are built as part of your application, and will not change after shipping. Continue to use NSAppleScript, but add entitlements for sending events to the target applications.
- User scripts. Your scripts are supplied by the end user, and may use any other application. Use NSUserScriptTask. The scripts must be stored in a special location (use NSApplicationScriptsDirectory to determine where), and will run outside of your sandbox.
The NSUserScriptTask class is an abstract class that is able to run all the scripts normally run by one of its subclasses, however it ignores the results. It is intended to execute user-supplied scripts and will execute them outside of the application’s sandbox, if any. If you need to execute scripts and get the input and output information use the NSUserUnixTask, NSUserAppleScriptTask, and NSUserAutomatorTask sub-classes.
The AppleScript Release Notes for OS X 10.8, discussing application sandox security and scripts, are available here.
For Apple developers, this topic is discussed in detail in the video for WWDC 2012 Session 206: Secure Automation Techniques in OS X.