The allowed function list prevents the Arbortext PE Request Manager from executing applications that are not authorized to run. Each time you create an application, you must add an entry to the AllowedFunctions list in e3config.xml. The entry gives Arbortext Publishing Engine permission to execute the application when it's called from a request. Insert a ClientFunction element under the AllowedFunctions element, and then specify the pattern and type attributes.

Each ClientFunction entry specifies a pattern that's used to check incoming application names for a match. When the Arbortext PE Request Manager receives a request containing an f=acl, f=java, f=javascript, or f=vbscript query parameter, it compares the application name specified by the application query parameter (class for f=java and function for f=acl, f=javascript and f=vbscript) against each entry of the appropriate language type in the AllowedFunctions list.

The pattern attribute can use wildcard characters to expand matching capabilities for a set of applications with similar names. Use the wildcards * to match zero or more characters and ? to match one character. The ClientFunction entry also has a type to specify the application’s programming language, acl, java, javascript, or vbscript. A match occurs if the application name matches any pattern for its particular function type.