Encompass web customization

What is the ICE Secure Scripting Framework?
Whenever an ICE Mortgage Technology product allows for the injection of custom
functionality, it does so using a technology framework known as the ICE Secure
Scripting Framework (SSF). The ICE Secure Scripting Framework isolates the
third-party’s customizations away from the host application (e.g., Encompass)
by loading the custom HTML/JavaScript into a “sandboxed” container. When
custom code/UI is loaded in a sandbox, we refer to that as a guest of the
application.

Besides isolation, the Secure Scripting Framework provides a communication
channel for all interactions between the host and its guest(s). To enable
communication, each host publishes a set of scripting objects that can be
invoked using JavaScript within the guest. These objects provide two core
interaction patterns for the guest to consume:
• Functions: Each scripting object provides a set of functions that can be invoked
by the guest to retrieve or modify the state or behavior of the host application.
For example, a host may expose a function to retrieve the data of the loan
currently being edited by the logged-in user.
• Events: Events allow guests to respond to (and intercede in) actions within the
host application. For example, a guest may be interested in knowing any time
the user modifies a loan data field in a form.
The set of scripting objects exposed to a guest is dependent on the integration
context in which the guest is loaded. Different guests will have different sets of
functionalities exposed to them to ensure data confidentiality and security. For
example, a script created by a Credit Service Provider would have significantly
restricted access compared to a script created by the Encompass lender that
licenses the Encompass system.
Running in a Sandbox
The ICE Secure Scripting Framework isolates all custom code written by a lender
or partner by loading it within a sandboxed environment that limits its access to
the rest of the application. Sandboxing is achieved by the HTML5 iframe tag’s
sandbox attribute.
When running inside the ICE Secure Scripting Framework sandbox, all guest
scripts/applications can do the following:
• Load and execute arbitrary JavaScript code
• Access the window object of the sandbox
• Create form elements, such as <input> tags, and submit forms (note: depending
on the context, these elements may not be visible to the user)
• Create pop-ups (e.g. window.open()) and modal dialogs

Browser Compatibility
The ICE Secure Scripting Framework is compatible with all browsers/versions
supported by the Encompass web applications, which is made possible by the use
of a polyfill. A polyfill is a JavaScript library that provides support for modern
JavaScript objects (e.g., the Promise object) in legacy web browsers, such as
Chrome. The most popular polyfill is provided as part of the Babel open-source
project and it is with this polyfill that the Secure Scripting Framework is tested.
This section will show you how to automatically include the Babel polyfill in your
project to provide effortless compatibility, or you can substitute this with a different
polyfill library.
NOTE: ICE Mortgage Technology cannot ensure compatibility between the ICE
Secure Scripting Framework and any non-Babel polyfill library. When writing
custom JavaScript that runs within a Secure Scripting Framework guest, the
author is responsible for any browser compatibility issues that may be relevant to
their use case. In particular, your JavaScript must conform to the ES5 specification in order to support all browsers under which it may run.
JavaScript Transpilation
Some of the code examples provided in this documentation make liberal use of
ES6 and ES2017 syntax. ICE Mortgage Technology provides a command-line
tool, the Elli-CLI, that allows for transpilation of code written using ES6/2017 into
ES5-compatible JavaScript. More information on this tool is provided in the Elli-
CLI topic later in this chapter.
The following links contain a complete list of browser compatibility for:
• ES5 – ECMAScript 5
• ES6 – ES6 classes
Some browsers do not support all of ES6 functionality, which is why it is best to
transpile your code to ES5 compatibility. ES5 is supported without any extra
required efforts; ES6 support requires transpilation. To handle transpilation, use
the Elli-CLI transpilation tool provided below.
NOTE: Before using our transpilation tool, you must have node.js installed on
your computer. NPM, the package manager, can then be used.

You may also like...

Popular Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.