< PreviousField Device Integration (FDI) – Part 6-200: Technology Mapping – HTML5 RELEASED FCG TS62769-6-200 , Ed. 1.2.0, 27 Jun 2019 Page 19 of 22 4.7.2.2 Technology specific UIP permissions and restrictions The general UIP permissions and restrictions are specified in FCG TS62769-2. The permissions and restrictions specified in this section are specific to HTML5-based UIPs. a) Launching of Java applets is not allowed. b) Embedding of flash or shockwave content is not allowed. The FDI Client shall restrict the UIP permissions according to this list. 4.7.2.3 Implementation rules A UIP Variant for the RuntimeId HTML<Version> is executed in the HTML5 runtime. The HTML5 runtime shall implement a sandbox restricting the permissions of the UIP. To control the permissions as specified in FCG TS62769-2 the concepts of Content Security Policy Level 2 (W3C CSP2) are used. Using Content Security Policies, the HTML5 runtime shall enforce security by the following measures: • All resources shall be loaded only from the same UIP Package, i.e. the same source as the main entry HTML file of the UIP identfied by <StartElementName>-Attribute of the HTML5 UIP Package. To enforce this, the FDI Client shall set the following policy: Content-Security-Policy: default-src 'self'; connect- src 'self' ws://localhost:*> . • Any references to external resources shall be ignored by the HTML5 runtime. • Scripts are allowed in dedicated files only. Script snippets within HTML code are not allowed. All JavaScript code has to be deployed using a separate file and referenced in the HTML file using the <script> tag, as for example <script src="./externalfile.js"></script>. • By default, cascading style sheets are allowed in dedicated files only. To ensure better interoperability with third party libraries, style definitions within HTML code shall be allowed. This is enforced by setting the following policy in the Content-Security-Policy: style-src ‘self’ ‘unsafe-inline’ . • Use of eval() is forbidden and prevented by the HTML5 runtime. • Event handling shall be done using event listener functions instead of event handler attributes. • The execution of embedded content as for example Java applets or plugins of the HTML5 runtime is restricted by default when using Content Security Policies. The plugin-types directive thus shall not be used. To open a file in the registered default application for a specific MIME type, a UIP can use the hosting service Fdi.HostingServices.initOpenDefaultApplication . • The HTML5 engine shall not provide a standard context menu with back and forward buttons. A UIP may implement its own context menu. In summary, the resulting security policy shall be as follows: Content-Security-Policy: default-src 'self';connect-src 'self' ws://localhost:*; style-src ‘self’ ‘unsafe-inline’. The UIP developer shall not specify any Content Security Policies in the UIP. 5 Interface definition The following tables specify the mapping between the abstract services specified in FCG TS62769-2 and the corresponding Javascript implementation which is found in the library definition file “fdi.ts”. NOTE The FDI Type Library implementation “fdi.ts” can be obtained from the owner organizations (see www.fieldcommgroup.org). Table 1 – Base Property Services specifies the mapping of the Base Property Services. Field Device Integration (FDI) – Part 6-200: Technology Mapping – HTML5 RELEASED FCG TS62769-6-200, Ed. 1.2.0, 27 Jun 2019 Page 20 of 22 Table 1 – Base Property Services Abstract Service Javascript Implementation GetDeviceAccessInterfaceVersion Fdi.BasePropertyServices.getDeviceAccessInterfaceVersion GetOnlineAccessAvailability Fdi.BasePropertyServices.getOnlineAccessAvailability Table 2 – Device Model Services specifies the mapping of the Device Model Services. Table 2 – Device Model Services Abstract Service Javascript Implementation Browse CancelBrowse Fdi.DeviceModelServices.browse Read CancelRead Fdi.DeviceModelServices.read Write CancelWrite Fdi.DeviceModelServices.write CreateSubscription Fdi.DeviceModelServices.createSubscription Subscribe Fdi.DeviceModelServices.subscribe Unsubscribe Fdi.DeviceModelServices.unsubscribe DeleteSubscription Fdi.DeviceModelServices.deleteSubscription DataChangeCallback Fdi.DataChangeCallback.dataChangeCallbacka) a) The DataChangeCallback as defined in FCG TS62769-2 has to be implemented by the UIP but the Device Model Services interface has to be implemented by the FDI Client. Therefore the DataChangeCallback is defined using a separate interface, Fdi.DataChangeCallback, and not using Fdi.DeviceModelServices interface directly. Table 3 – Access Control Services specifies the mapping of the Access Control Services. Table 3 – Access Control Services Abstract Service Javascript Implementation InitLock Fdi.LockingServices.initLock ExitLock Fdi.LockingServices.exitLock Table 4 – Direct Access Services specifies the mapping of the Direct Access Services. Table 4 – Direct Access Services Abstract Service Javascript Implementation InitDirectAccess Fdi.DirectAccessServices.initDirectAccess ExitDirectAccess Fdi.DirectAccessServices.exitDirectAccess Transfer Fdi.DirectAccessServices.transfer Table 5 – Hosting Services specifies the mapping of the Hosting Services. Field Device Integration (FDI) – Part 6-200: Technology Mapping – HTML5 RELEASED FCG TS62769-6-200 , Ed. 1.2.0, 27 Jun 2019 Page 21 of 22 Table 5 – Hosting Services Abstract Service Javascript Implementation GetClientTechnologyVersion Fdi.HostingServices.getClientTechnologyVersion OpenUserInterface Fdi.HostingServices.openUserInterface CloseUserInterface Fdi.HostingServices.openUserInterface LogAuditTrailMessage Fdi.HostingServices.logAuditTrailMessage SaveUserSettings Fdi.HostingServices.saveUserSettings LoadUserSettings Fdi.HostingServices.loadUserSettings Trace Fdi.HostingServices.trace ShowMessageBox Fdi.HostingServices.showMessageBox ShowProgressBar Fdi.HostingServices.showProgressBar CancelCallback Fdi.CancelCallback.cancelCallbackd) UpdateShowProgressBar Fdi.HostingServices.updateShowProgressBar EndShowProgressBar Fdi.HostingServices.endShowProgressBar StandardUIActionItemsChangeCallback Fdi.HostingServices.standardUIActionItemsChangeCallback SpecificUIActionItemsChangeCallback Fdi.HostingServices.specificUIActionItemsChangeCallback InitExportFile Fdi.HostingServices.initExportFile WriteExportFile Fdi.HostingServices.writeExportFile FinishExportFile Fdi.HostingServices.finishExportFile InitImportFile Fdi.HostingServices.initImportFile ReadImportFile Fdi.HostingServices.readImportFile FinishImportFile Fdi.HostingServices.finishImportFile InitOpenDefaultApplication Fdi.HostingServices.initOpenDefaultApplication WriteOpenDefaultApplication Fdi.HostingServices.writeOpenDefaultApplication FinishOpenDefaultApplication Fdi.HostingServices.finishOpenDefaultApplication GetEnvironmentProperties Fdi.HostingServices.getEnvironmentProperties Fdi.HostingServices.registerUIPServices c) b) To be used by the UIP to close itself. c) The service Fdi.HostingServices.registerUIPService is a technology dependent service, which is not defined in FCG TS62769-2. It shall be the first service to be called by the UIP on its activation process to give the FDI Client access to UIP Service interface functions. d) The service CancelCallback as defined in FCG TS62769-2 has to be implemented by the UIP but the Hosting Services interface has to be implemented by the FDI Client. Therefore the CancelCallback is defined using a separate interface, Fdi.CancelCallback, and not using Fdi.HostingServices interface directly. Table 6 specifies the mapping of the UIP Services. Table 6 – UIP Services Abstract Service Javascript Implementation Activate Fdi.UIPServices.activate Deactivate Fdi.UIPServices.deactivate SetSystemLabel Fdi.UIPServices.setSystemLabel SetTraceLevel Fdi.UIPServices.setTraceLevel InvokeStandardUIAction Fdi.UIPServices.invokeStandardUIAction InvokeSpecificUIAction Fdi.UIPServices.invokeSpecificUIAction GetStandardUIActionItems Fdi.UIPServices.getStandardUIActionItems GetSpecificUIActionItems Fdi.UIPServices.getSpecificUIActionItems Table 7 specifies the mapping of the base data types. Field Device Integration (FDI) – Part 6-200: Technology Mapping – HTML5 RELEASED FCG TS62769-6-200, Ed. 1.2.0, 27 Jun 2019 Page 22 of 22 Table 7 – Base Data Types Base data type Javascript Implementation Boolean Fdi.Model.Datatype.Boolean String Fdi.Model.Datatype.String ByteString Fdi.Model.Datatype.Binary UtcTime Fdi.Model.Datatype.DateTime Int8 Fdi.Model.Datatype.SByte Int16 Fdi.Model.Datatype.Short Int32 Fdi.Model.Datatype.Int Int64 Fdi.Model.Datatype.Long Byte Fdi.Model.Datatype.Byte UInt16 Fdi.Model.Datatype.UShort UInt32 Fdi.Model.Datatype.UInt UInt64 Fdi.Model.Datatype.ULong Float Fdi.Model.Datatype.Float Double Fdi.Model.Datatype.Double Duration Fdi.Model.Datatype.TimeSpan Table 8 specifies the mapping of the special data types. Table 8 – Special Types Special Data type Javascript Implementation Attribute Ids Fdi.Model.AttributeType Variant Fdi.Model.Variant NodeSpecifier Fdi.Model.NodeSpecifier Data Value Fdi.Model.DataValue Localized Text Fdi.Model.Datatype.LocalizedText Range Fdi.Model.Datatype.Range EU Information Fdi.Model.Datatype.EUInformation Enum Value Fdi.Model.Datatype.EnumValueType InnerErrorInfo Fdi.Model.InnerErrorInfo NumericRange Fdi.Model.ArrayIndexRange Data arrays can be conveyed using class Fdi.DataTypes.ArrayValue . Table 9 specifies the mapping of the parameter types. Table 9 – Parameter Types Special Data type Javascript Implementation TraceLevel Fdi.Model.TraceLavel StandardUIAction Fdi.Model.StandardUIAction StandardUIActionItem Fdi.Model.StandardUIActionItem SpecificUIActionItem Fdi.Model.SpecificUIActionItem Detailed interface definition and interface documentation are available in: • fdi.ts (Typescript file), fdi.js (transpiled fdi.ts) and accompanying documentation Next >