Table of Contents
When a script contains a username, password or other sensitive value, you can mask it so other users cannot see it. This page explains how.
Basic information (must read)
The masking mechanism hides the credentials in your script. Anywhere you wrap a value in MASK[[[ ... ]]], it is replaced on Save with a MASKED[[[credential_1]]] reference. Once saved, the value is hidden and cannot be viewed, edited or copied from the Scripting Engine.
Syntax: MASK[[[MY_PASSWORD]]]
- There are three opening brackets
[[[and three closing brackets]]]. - The same syntax also works in custom Web Apps. Use it in the Scripting Engine text field to mask any value there too.
How masking behaves
Keep these rules in mind:
- A masked credential cannot be edited. Once a value is stored as
MASKED[[[credential_1]]], you cannot change it in place. To update it, replace it withMASK[[[YOUR_NEW_VALUE]]]and save again. - A masked credential cannot be reused. If
MASKED[[[credential_1]]]already appears in the script, you cannot referencecredential_1again elsewhere. Doing so reports an error. - Each credential is used once per script.
- You can mask a single value, a single line, or the entire script.
How to mask your stored credentials
This example uses the Microsoft account template.
Unmasked script
type("""#i0116""", """MY_EMAIL""")
pause(1)
runScript("""
document.querySelector("#i0116").dispatchEvent(new Event("change"))
""")
pause(2)
click("""#idSIButton9""")
pause(2)
type("""#i0118""", """MY_PASSWORD""")
pause(1)
runScript("""
document.querySelector("#i0118").dispatchEvent(new Event("change"))
""")
pause(2)
clickAndWait("""#idSIButton9""")
click("""#KmsiCheckboxField""")
pause(2)
click("""#idSIButton9""")
To mask the email and password, wrap each value in MASK[[[ ... ]]]:
| Before | After |
|---|---|
MY_EMAIL | MASK[[[MY_EMAIL]]] |
MY_PASSWORD | MASK[[[MY_PASSWORD]]] |
How the script looks after masking, before you save
type("""#i0116""", """MASK[[[MY_EMAIL]]]""")
pause(1)
runScript("""
document.querySelector("#i0116").dispatchEvent(new Event("change"))
""")
pause(2)
click("""#idSIButton9""")
pause(2)
type("""#i0118""", """MASK[[[MY_PASSWORD]]]""")
pause(1)
runScript("""
document.querySelector("#i0118").dispatchEvent(new Event("change"))
""")
pause(2)
clickAndWait("""#idSIButton9""")
click("""#KmsiCheckboxField""")
pause(2)
click("""#idSIButton9""")
How the script looks after you save the web page
type("""#i0116""", """MASKED[[[credential_1]]]""")
pause(1)
runScript("""
document.querySelector("#i0116").dispatchEvent(new Event("change"))
""")
pause(2)
click("""#idSIButton9""")
pause(2)
type("""#i0118""", """MASKED[[[credential_2]]]""")
pause(1)
runScript("""
document.querySelector("#i0118").dispatchEvent(new Event("change"))
""")
pause(2)
clickAndWait("""#idSIButton9""")
click("""#KmsiCheckboxField""")
pause(2)
click("""#idSIButton9""")
How to mask an entire script or a single line
You can also mask the whole script so no details are visible to other users. Take this script:
type("""#i0116""", """MY_EMAIL""")
pause(1)
type("""#i0118""", """MY_PASSWORD""")
pause(1)
click("""#idSIButton9""")
Wrap the entire thing in MASK[[[ ... ]]]:
MASK[[[
type("""#i0116""", """MY_EMAIL""")
pause(1)
type("""#i0118""", """MY_PASSWORD""")
pause(1)
click("""#idSIButton9""")
]]]
After you save the web page, the whole script becomes a single masked reference:
MASKED[[[credential_1]]]
Wrong syntax
You cannot mask individual credentials and then also mask the entire script around them. Choose one approach: mask the whole script, or mask the values inside it.
The Scripting Engine will not accept a masked value nested inside a masked script, like this:
MASK[[[
type("""#i0116""", """MASK[[[MY_EMAIL]]]""")
pause(1)
type("""#i0118""", """MASK[[[MY_PASSWORD]]]""")
pause(1)
click("""#idSIButton9""")
]]]
Related articles
Useful Scripts To Use — scrolling, hiding elements, CSS injection and more
Scripting Engine Reference — full command and syntax reference
Scripting Templates — ready-made login patterns
Scripting FAQ — fixes for common problems