-
-
Notifications
You must be signed in to change notification settings - Fork 72
PostScript Calling Convention
User Interface for the PostScript Resource
BWIPP encoders are invoked as named PostScript resources. The caller provides three arguments on the operand stack, then locates and executes the resource:
0 0 moveto <data> <options> /<encoder> /uk.co.terryburton.bwipp findresource exec
| Argument | Type | Description |
|---|---|---|
| data | string |
Content to be encoded by the symbology. Valid contents vary per encoder -- see the Symbologies Reference. |
| options |
string or dict
|
Properties of the symbol as space-separated key=value pairs, or a PostScript dictionary. Common options are listed in the Options Reference; some encoders accept additional options documented on their own pages. |
| encoder | name |
The symbology type, e.g. /qrcode, /ean13, /code128. |
The resource renders the barcode at the current point on the page.
For a hands-on introduction see the Quick Guide.
A user composing or editing a PostScript file directly controls the data and options as string literals within the document:
100 300 moveto (01234565) (includetext) /ean8 /uk.co.terryburton.bwipp findresource exec
Standard PostScript escaping rules apply (e.g. \(, \) for literal
parentheses). Malformed PostScript is the user's own responsibility.
See the Quick Guide for getting started.
When data or options originate from untrusted user input, a database, or an external service, the host application that is processing the data and driving the PostScript VM is responsible for ensuring that the supplied values cannot break out of the string arguments to inject and execute arbitrary PostScript.
See Developing a Frontend to BWIPP for guidance on safe argument passing, error handling, and image generation.
BWIPP's security policy defines vulnerabilities in terms of this calling convention: A security issue is one where data and options passed through the interface described above cause unintended behaviour such as code execution, information disclosure, or denial of service.
Home | Download | Documentation (PDF) | Source | Support | Issues | Online Barcode Generator