perimeter_x 1.1.0 → 2.1.0

data/lib/perimeterx/internal/validators/hash_schema_validator.rb

@@ -0,0 +1,26 @@
+def validate_hash_schema(hash, schema)
+  hash.each do |key, value|
+    if schema.key?(key) && value != nil
+      # validate value types in hash are according to schema
+      if !schema[key][:types].include?(value.class)
+        raise PxConfigurationException.new("PerimeterX: Type of #{key} should be one of #{schema[key][:types]} but instead is #{value.class}")
+      end
+      
+      # validate arrays elments types are according to schema
+      if value.class == Array
+        value.each do |element|
+          if !schema[key][:allowed_element_types].include?(element.class)
+            raise PxConfigurationException.new("PerimeterX: #{key} may only contain elements of the following types: #{schema[key][:allowed_element_types]} but includes element of type #{element.class}")
+          end
+        end
+      end
+    end
+  end
+
+  # validate required fields exist in hash
+  schema.each do |key, value|
+    if value[:required] && hash[key].nil?
+      raise PxConfigurationException.new("PerimeterX: #{key} configuration is missing")
+    end
+  end
+end

data/lib/perimeterx/internal/validators/perimeter_x_cookie_validator.rb

@@ -1,7 +1,9 @@
 require 'perimeterx/utils/px_constants'
-require 'perimeterx/internal/perimeter_x_cookie'
-require 'perimeterx/internal/perimeter_x_cookie_v1'
-require 'perimeterx/internal/perimeter_x_cookie_v3'
+require 'perimeterx/internal/payload/perimeter_x_payload'
+require 'perimeterx/internal/payload/perimeter_x_token_v1'
+require 'perimeterx/internal/payload/perimeter_x_token_v3'
+require 'perimeterx/internal/payload/perimeter_x_cookie_v1'
+require 'perimeterx/internal/payload/perimeter_x_cookie_v3'
 
 module PxModule
   class PerimeterxCookieValidator
@@ -16,57 +18,63 @@ module PxModule
 
     def verify(px_ctx)
       begin
-        # Case no cookie
         if px_ctx.context[:px_cookie].empty?
-          @logger.warn("PerimeterxCookieValidator:[verify]: cookie not found")
+          @logger.warn("PerimeterxCookieValidator:[verify]: no cookie")
           px_ctx.context[:s2s_call_reason] = PxModule::NO_COOKIE
           return false, px_ctx
         end
-
+        
         # Deserialize cookie start
-        cookie = PerimeterxCookie.px_cookie_factory(px_ctx, @px_config)
-        if (!cookie.deserialize())
+        cookie = PerimeterxPayload.px_cookie_factory(px_ctx, @px_config)
+        if !cookie.deserialize()
           @logger.warn("PerimeterxCookieValidator:[verify]: invalid cookie")
+          px_ctx.context[:px_orig_cookie] = px_ctx.get_px_cookie
           px_ctx.context[:s2s_call_reason] =  PxModule::COOKIE_DECRYPTION_FAILED
           return false, px_ctx
         end
         px_ctx.context[:decoded_cookie] = cookie.decoded_cookie
         px_ctx.context[:score] = cookie.cookie_score()
         px_ctx.context[:uuid] = cookie.decoded_cookie[:u]
-        px_ctx.context[:vid] = cookie.decoded_cookie[:v]
         px_ctx.context[:block_action] = px_ctx.set_block_action_type(cookie.cookie_block_action())
         px_ctx.context[:cookie_hmac] = cookie.cookie_hmac()
 
-        if (cookie.expired?)
+        vid = cookie.decoded_cookie[:v]
+        if vid.is_a?(String) && vid.match(PxModule::VID_REGEX)
+          px_ctx.context[:vid_source] = "risk_cookie"
+          px_ctx.context[:vid] = vid
+        end
+
+        if cookie.expired?
           @logger.warn("PerimeterxCookieValidator:[verify]: cookie expired")
           px_ctx.context[:s2s_call_reason] = PxModule::EXPIRED_COOKIE
           return false, px_ctx
         end
 
-        if (cookie.high_score?)
+        if cookie.high_score?
           @logger.warn("PerimeterxCookieValidator:[verify]: cookie high score")
-          px_ctx.context[:s2s_call_reason] = PxModule::COOKIE_HIGH_SCORE
+          px_ctx.context[:blocking_reason] = 'cookie_high_score'
           return true, px_ctx
         end
 
-        if (!cookie.secured?)
+        if !cookie.secured?
           @logger.warn("PerimeterxCookieValidator:[verify]: cookie invalid hmac")
-          px_ctx.context[:s2s_call_reason] = PxModule::COOKIE_VALIDATION_FAILED
+          px_ctx.context[:s2s_call_reason] = PxModule:: COOKIE_VALIDATION_FAILED
+          return false, px_ctx
+        end
+
+        if px_ctx.context[:sensitive_route]
+          @logger.info("PerimeterxCookieValidator:[verify]: cookie was verified but route is sensitive")
+          px_ctx.context[:s2s_call_reason] = PxModule::SENSITIVE_ROUTE
           return false, px_ctx
         end
-		
-	if (px_ctx.context[:sensitive_route])
-	  @logger.info("PerimeterxCookieValidator:[verify]: cookie was verified but route is sensitive")
-	  px_ctx.context[:s2s_call_reason] = PxModule::SENSITIVE_ROUTE
-	  return false, px_ctx
-	end
 
         @logger.debug("PerimeterxCookieValidator:[verify]: cookie validation passed succesfully")
 
+        px_ctx.context[:pass_reason] = 'cookie'
         return true, px_ctx
       rescue Exception => e
         @logger.error("PerimeterxCookieValidator:[verify]: exception while verifying cookie => #{e.message}")
-        px_ctx.context[:px_orig_cookie] = cookie.px_cookie
+        px_ctx.context[:px_orig_cookie] = px_ctx.context[:px_cookie]
         px_ctx.context[:s2s_call_reason] = PxModule::COOKIE_DECRYPTION_FAILED
         return false, px_ctx
       end

data/lib/perimeterx/internal/validators/perimeter_x_s2s_validator.rb

@@ -5,11 +5,11 @@ module PxModule
 
     def initialize(px_config, http_client)
       super(px_config, http_client)
-      @logger.debug("PerimeterxS2SValidator[initialize]")
+      @logger.debug('PerimeterxS2SValidator[initialize]')
     end
 
     def send_risk_request(px_ctx)
-      @logger.debug("PerimeterxS2SValidator[send_risk_request]: send_risk_request")
+      @logger.debug('PerimeterxS2SValidator[send_risk_request]: send_risk_request')
 
       risk_mode = PxModule::RISK_MODE_ACTIVE
       if @px_config[:module_mode] == PxModule::MONITOR_MODE
@@ -31,6 +31,17 @@ module PxModule
           :risk_mode => risk_mode
         }
       }
+
+      #Check for cookie_origin
+      if !px_ctx.context[:px_cookie].empty?
+        request_body[:additional][:cookie_origin] = px_ctx.context[:cookie_origin]
+      end
+
+      #Override s2s_call_reason in case of mobile error
+      if !px_ctx.context[:mobile_error].nil?
+        request_body[:additional][:s2s_call_reason] = "mobile_error_#{px_ctx.context[:mobile_error]}"
+      end
+
       #Check for hmac
       @logger.debug("px_ctx cookie_hmac key = #{px_ctx.context.key?(:cookie_hmac)}, value is: #{px_ctx.context[:cookie_hmac]}")
       if px_ctx.context.key?(:cookie_hmac)
@@ -66,11 +77,19 @@ module PxModule
       };
 
       # Custom risk handler
+      risk_start = Time.now
       if (risk_mode == PxModule::ACTIVE_MODE && @px_config.key?(:custom_risk_handler))
-        response = @px_config[:custom_risk_handler].call(PxModule::API_V2_RISK, request_body, headers, @px_config[:api_timeout])
+        response = @px_config[:custom_risk_handler].call(PxModule::API_V3_RISK, request_body, headers, @px_config[:api_timeout], @px_config[:api_timeout_connection])
       else
-        response = @http_client.post(PxModule::API_V2_RISK , request_body, headers)
+        response = @http_client.post(PxModule::API_V3_RISK , request_body, headers, @px_config[:api_timeout], @px_config[:api_timeout_connection])
+      end
+
+      # Set risk_rtt
+      if(response)
+        risk_end = Time.now
+        px_ctx.context[:risk_rtt] = ((risk_end-risk_start)*1000).round
       end
+
       return response
     end
 
@@ -78,14 +97,15 @@ module PxModule
       @logger.debug("PerimeterxS2SValidator[verify]")
       response = send_risk_request(px_ctx)
       if (!response)
+        px_ctx.context[:pass_reason] = "s2s_timeout"
         return px_ctx
       end
       px_ctx.context[:made_s2s_risk_api_call] = true
 
       # From here response should be valid, if success or error
-      response_body = eval(response.content);
+      response_body = eval(response.body);
       # When success
-      if (response.status == 200 && response_body.key?(:score) && response_body.key?(:action))
+      if (response.code == 200 && response_body.key?(:score) && response_body.key?(:action) && response_body.key?(:status) && response_body[:status] == 0 )
         @logger.debug("PerimeterxS2SValidator[verify]: response ok")
         score = response_body[:score]
         px_ctx.context[:score] = score
@@ -96,14 +116,18 @@ module PxModule
           px_ctx.context[:blocking_reason] = 'challenge'
         elsif (score >= @px_config[:blocking_score])
           px_ctx.context[:blocking_reason] = 's2s_high_score'
+        else
+          px_ctx.context[:pass_reason] = 's2s'
         end #end challange or blocking score
       end #end success response
 
       # When error
-      if(response.status != 200)
-        @logger.warn("PerimeterxS2SValidator[verify]: bad response, return code #{response.code}")
-        px_ctx.context[:uuid] = ""
-        px_ctx.context[:s2s_error_msg] = response_body[:message]
+      risk_error_status = response_body && response_body.key?(:status) && response_body[:status] == -1
+      if(response.code != 200 || risk_error_status)
+        @logger.warn("PerimeterxS2SValidator[verify]: bad response, returned code #{response.code} #{risk_error_status ? "risk status: -1" : ""}")
+        px_ctx.context[:pass_reason] = 'request_failed'
+        px_ctx.context[:uuid] = (!response_body || response_body[:uuid].nil?)? "" : response_body[:uuid]
+        px_ctx.context[:s2s_error_msg] = !response_body || response_body[:message].nil? ? 'unknown' : response_body[:message]
       end
 
       @logger.debug("PerimeterxS2SValidator[verify]: done")

data/lib/perimeterx/utils/px_constants.rb

@@ -4,33 +4,34 @@ module PxModule
   # Misc
   MONITOR_MODE = 1
   ACTIVE_MODE = 2
-  RISK_MODE_ACTIVE = "active_blocking"
-  RISK_MODE_MONITOR = "monitor"
+  RISK_MODE_ACTIVE = 'active_blocking'
+  RISK_MODE_MONITOR = 'monitor'
   SDK_NAME = "RUBY SDK v#{PxModule::VERSION}"
 
   # Routes
-  API_V1_S2S = "/api/v1/collector/s2s"
-  API_V1_CAPTCHA = "/api/v1/risk/captcha"
-  API_V2_RISK = "/api/v2/risk"
+  API_V1_S2S = '/api/v1/collector/s2s'
+  API_V3_RISK = '/api/v3/risk'
 
   # Activity Types
-  BLOCK_ACTIVITY = "block"
-  PAGE_REQUESTED_ACTIVITY = "page_requested"
+  BLOCK_ACTIVITY = 'block'
+  PAGE_REQUESTED_ACTIVITY = 'page_requested'
 
   # PxContext
-  NO_COOKIE = "no_cookie"
-  INVALID_COOKIE = "invalid_cookie"
-  EXPIRED_COOKIE = "cookie_expired"
-  COOKIE_HIGH_SCORE = "cookie_high_score"
-  COOKIE_VALIDATION_FAILED = "cookie_validation_failed"
-  COOKIE_DECRYPTION_FAILED = "cookie_decryption_failed"
-  SENSITIVE_ROUTE = "sensitive_route"
+  NO_COOKIE = 'no_cookie'
+  INVALID_COOKIE = 'invalid_cookie'
+  EXPIRED_COOKIE = 'cookie_expired'
+  COOKIE_HIGH_SCORE = 'cookie_high_score'
+  COOKIE_VALIDATION_FAILED = 'cookie_validation_failed'
+  COOKIE_DECRYPTION_FAILED = 'cookie_decryption_failed'
+  SENSITIVE_ROUTE = 'sensitive_route'
 
   # Templates
-  BLOCK_TEMPLATE = "block.mustache"
-  CAPTCHA_TEMPLATE = "captcha.mustache"
+  CHALLENGE_TEMPLATE = 'block_template'
+  TEMPLATE_EXT = '.mustache'
+  RATELIMIT_TEMPLATE = 'ratelimit'
 
-  # Tempalte Props
+
+  # Template Props
   PROP_REF_ID = :refId
   PROP_APP_ID = :appId
   PROP_VID = :vid
@@ -39,7 +40,24 @@ module PxModule
   PROP_CUSTOM_LOGO = :customLogo
   PROP_CSS_REF = :cssRef
   PROP_JS_REF = :jsRef
+  PROP_BLOCK_SCRIPT = :blockScript
+  PROP_JS_CLIENT_SRC = :jsClientSrc
+  PROP_HOST_URL = :hostUrl
+  PROP_FIRST_PARTY_ENABLED = :firstPartyEnabled
+
+  # Hosts
+  CLIENT_HOST = 'client.px-cloud.net'
+  CAPTCHA_HOST = 'captcha.px-cloud.net'
 
   VISIBLE = 'visible'
   HIDDEN = 'hidden'
+
+  # Mobile SDK
+  TOKEN_HEADER = 'X-PX-AUTHORIZATION'
+  ORIGINAL_TOKEN_HEADER = 'X-PX-ORIGINAL-TOKEN'
+
+  # Regular Expressions
+  VID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/
+  MOBILE_TOKEN_V3_REGEX = /\A3:(.*)\z/ 
+  MOBILE_ERROR_REGEX = /\A[0-9]\z/           
 end

data/lib/perimeterx/utils/px_http_client.rb

@@ -1,53 +1,47 @@
-require "perimeterx/utils/px_logger"
-require "httpclient"
+require 'perimeterx/utils/px_logger'
+require 'typhoeus'
+require 'concurrent'
 
 module PxModule
   class PxHttpClient
+    include Concurrent::Async
+
     attr_accessor :px_config
-    attr_accessor :BASE_URL
-    attr_accessor :http_client
+    attr_accessor :px_client
 
     def initialize(px_config)
       @px_config = px_config
-      @http_client = HTTPClient.new(:base_url => px_config[:perimeterx_server_host])
       @logger = px_config[:logger]
-      @logger.debug("PxHttpClient[initialize]: HTTP client is being initilized with base_uri: #{px_config[:perimeterx_server_host]}")
+      @logger.debug("PxHttpClient[initialize]: HTTP client is being initilized with base_uri: #{px_config[:backend_url]}")
     end
 
-    def post(path, body, headers, api_timeout = 0, timeoute = 0)
-      s = Time.now
-      begin
-        @logger.debug("PxHttpClient[post]: posting to #{path} headers {#{headers.to_json()}} body: {#{body.to_json()}} ")
-        response = @http_client.post(path,
-                    :header => headers,
-                    :body => body.to_json(),
-                    :timeout => api_timeout
-                  )
-      rescue Net::OpenTimeout, Net::ReadTimeout => error
-        @logger.warn("PerimeterxS2SValidator[verify]: request timedout")
-        return false
-      end
-      e = Time.now
-      @logger.debug("PxHttpClient[post]: runtime: #{e-s}")
-      return response
-    end
+    # Runs a POST command to Perimeter X servers
+    # Params:
+    # +path+:: string containing uri
+    # +body+:: hash object, containing the request body, must be converted to json format
+    # +headers+:: hash object, hold headers
+    # +api_timeout+:: int, sets the timeout for a request
+    # +connection_timeout+:: int, sets the timeout for opening a connection
 
-    def async_post(path, body, headers, api_timeout = 0, timeoute = 0)
-      @logger.debug("PxHttpClient[async_post]: posting to #{path} headers {#{headers.to_json()}} body: {#{body.to_json()}} ")
+    def post(path, body, headers, api_timeout = 1, connection_timeout = 1)
       s = Time.now
       begin
         @logger.debug("PxHttpClient[post]: posting to #{path} headers {#{headers.to_json()}} body: {#{body.to_json()}} ")
-        response = @http_client.post_async(path,
-                    :header => headers,
-                    :body => body.to_json(),
-                    :timeout => api_timeout
-                  )
-      rescue Net::OpenTimeout, Net::ReadTimeout => error
-        @logger.warn("PerimeterxS2SValidator[verify]: request timedout")
-        return false
+        response = Typhoeus.post(
+            "#{px_config[:backend_url]}#{path}",
+            headers: headers,
+            body: body.to_json,
+            timeout: api_timeout,
+            connecttimeout: connection_timeout
+        )
+        if response.timed_out?
+          @logger.warn('PerimeterxS2SValidator[verify]: request timed out')
+          return false
+        end
+      ensure
+        e = Time.now
+        @logger.debug("PxHttpClient[post]: runtime: #{(e-s) * 1000.0}")
       end
-      e = Time.now
-      @logger.debug("PxHttpClient[post]: runtime: #{e-s}")
       return response
     end
 

data/lib/perimeterx/utils/px_template_factory.rb

@@ -3,19 +3,25 @@ require 'perimeterx/utils/px_constants'
 module PxModule
   module PxTemplateFactory
 
-    def self.get_template(px_ctx, px_config)
+    def self.get_template(px_ctx, px_config, px_template_object)
       logger = px_config[:logger]
-      if (px_config[:challenge_enabled] && px_ctx.context[:block_action] == "challenge")
-        logger.debug("PxTemplateFactory[get_template]: px challange triggered")
+      if (px_config[:challenge_enabled] && px_ctx.context[:block_action] == 'challenge')
+        logger.debug('PxTemplateFactory[get_template]: px challange triggered')
         return px_ctx.context[:block_action_data].html_safe
       end
 
-      logger.debug("PxTemplateFactory[get_template]: rendering template")
-      template_type = px_config[:captcha_enabled] ? PxModule::CAPTCHA_TEMPLATE : BLOCK_TEMPLATE
-
-      Mustache.template_file =  "#{File.dirname(__FILE__) }/templates/#{template_type}"
       view = Mustache.new
 
+      if (px_ctx.context[:block_action] == 'rate_limit')
+        logger.debug('PxTemplateFactory[get_template]: rendering ratelimit template')
+        template_type = RATELIMIT_TEMPLATE
+      else
+        logger.debug('PxTemplateFactory[get_template]: rendering template')
+        template_type = CHALLENGE_TEMPLATE
+      end
+
+      Mustache.template_file =  "#{File.dirname(__FILE__) }/templates/#{template_type}#{PxModule::TEMPLATE_EXT}"
+
       view[PxModule::PROP_APP_ID] = px_config[:app_id]
       view[PxModule::PROP_REF_ID] = px_ctx.context[:uuid]
       view[PxModule::PROP_VID] = px_ctx.context[:vid]
@@ -23,9 +29,13 @@ module PxModule
       view[PxModule::PROP_CUSTOM_LOGO] = px_config[:custom_logo]
       view[PxModule::PROP_CSS_REF] = px_config[:css_ref]
       view[PxModule::PROP_JS_REF] = px_config[:js_ref]
+      view[PxModule::PROP_HOST_URL] = "https://collector-#{px_config[:app_id]}.perimeterx.net"
       view[PxModule::PROP_LOGO_VISIBILITY] = px_config[:custom_logo] ? PxModule::VISIBLE : PxModule::HIDDEN
+      view[PxModule::PROP_BLOCK_SCRIPT] = px_template_object[:block_script]
+      view[PxModule::PROP_JS_CLIENT_SRC] = px_template_object[:js_client_src]
+      view[PxModule::PROP_FIRST_PARTY_ENABLED] = false
 
       return view.render.html_safe
     end
   end #end class
-end #end module
+end #end module

data/lib/perimeterx/utils/templates/block_template.mustache

@@ -0,0 +1,175 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Access to this page has been denied.</title>
+    <link href="https://fonts.googleapis.com/css?family=Open+Sans:300" rel="stylesheet">
+    <style>
+        html, body {
+            margin: 0;
+            padding: 0;
+            font-family: 'Open Sans', sans-serif;
+            color: #000;
+        }
+
+        a {
+            color: #c5c5c5;
+            text-decoration: none;
+        }
+
+        .container {
+            align-items: center;
+            display: flex;
+            flex: 1;
+            justify-content: space-between;
+            flex-direction: column;
+            height: 100%;
+        }
+
+        .container > div {
+            width: 100%;
+            display: flex;
+            justify-content: center;
+        }
+
+        .container > div > div {
+            display: flex;
+            width: 80%;
+        }
+
+        .customer-logo-wrapper {
+            padding-top: 2rem;
+            flex-grow: 0;
+            background-color: #fff;
+            visibility: {{logoVisibility}};
+        }
+
+        .customer-logo {
+            border-bottom: 1px solid #000;
+        }
+
+        .customer-logo > img {
+            padding-bottom: 1rem;
+            max-height: 50px;
+            max-width: 100%;
+        }
+
+        .page-title-wrapper {
+            flex-grow: 2;
+        }
+
+        .page-title {
+            flex-direction: column-reverse;
+        }
+
+        .content-wrapper {
+            flex-grow: 5;
+        }
+
+        .content {
+            flex-direction: column;
+        }
+
+        .page-footer-wrapper {
+            align-items: center;
+            flex-grow: 0.2;
+            background-color: #000;
+            color: #c5c5c5;
+            font-size: 70%;
+        }
+
+        @media (min-width: 768px) {
+            html, body {
+                height: 100%;
+            }
+        }
+    </style>
+    <!-- Custom CSS -->
+    {{#cssRef}}
+        <link rel="stylesheet" type="text/css" href="{{{cssRef}}}"/>
+    {{/cssRef}}
+</head>
+
+<body>
+<section class="container">
+    <div class="customer-logo-wrapper">
+        <div class="customer-logo">
+            <img src="{{customLogo}}" alt="Logo"/>
+        </div>
+    </div>
+    <div class="page-title-wrapper">
+        <div class="page-title">
+            <h1>Please verify you are a human</h1>
+        </div>
+    </div>
+    <div class="content-wrapper">
+        <div class="content">
+
+            <div id="px-captcha">
+            </div>
+            <p>
+                Access to this page has been denied because we believe you are using automation tools to browse the
+                website.
+            </p>
+            <p>
+                This may happen as a result of the following:
+            </p>
+            <ul>
+                <li>
+                    Javascript is disabled or blocked by an extension (ad blockers for example)
+                </li>
+                <li>
+                    Your browser does not support cookies
+                </li>
+            </ul>
+            <p>
+                Please make sure that Javascript and cookies are enabled on your browser and that you are not blocking
+                them from loading.
+            </p>
+            <p>
+                Reference ID: #{{refId}}
+            </p>
+        </div>
+    </div>
+    <div class="page-footer-wrapper">
+        <div class="page-footer">
+            <p>
+                Powered by
+                <a href="https://www.perimeterx.com/whywasiblocked">PerimeterX</a>
+                , Inc.
+            </p>
+        </div>
+    </div>
+</section>
+<!-- Px -->
+<script>
+    window._pxAppId = '{{appId}}';
+    window._pxJsClientSrc = '{{{jsClientSrc}}}';
+    window._pxFirstPartyEnabled = {{firstPartyEnabled}};
+    window._pxVid = '{{vid}}';
+    window._pxUuid = '{{uuid}}';
+    window._pxHostUrl = '{{{hostUrl}}}';
+</script>
+<script>
+    var s = document.createElement('script');
+    s.src = '{{{blockScript}}}';
+    var p = document.getElementsByTagName('head')[0];
+    p.insertBefore(s, null);
+    if ({{firstPartyEnabled}}) {
+        s.onerror = function () {
+            s = document.createElement('script');
+            var suffixIndex = '{{{blockScript}}}'.indexOf('captcha.js');
+            var temperedBlockScript = '{{{blockScript}}}'.substring(suffixIndex);
+            s.src = '//captcha.px-cdn.net/{{appId}}/' + temperedBlockScript;
+            p.parentNode.insertBefore(s, p);
+        };
+    }
+</script>
+
+<!-- Custom Script -->
+{{#jsRef}}
+    <script src="{{{jsRef}}}"></script>
+{{/jsRef}}
+</body>
+</html>