intfiction.org

Sounds like you're reinventing Java and Silverlight.

Maybe. But when we open up the sandbox of the VM we have to do something. And because it's possible that something like Vorple might one day be included in Inform 7 I'd like to come up with a solution that doesn't require the user to approve every story file they play, both because it would be annoying, and because it would train people to approve everything without thinking.

Now you could already be evil and write a game which would delete other game's data files. But web terps are a lot more vulnerable because with an iframe you could do that without the user's knowledge. (This is possibly already possible? I haven't tried.) There are other concerns too, because a malicious script could not only delete stuff, but get access to your library/play history etc and send it elsewhere on the net.

Sure, you definitely need some kind of security system if you're going to let the game pass arbitrary code out to its host. But this is the point in the process where I'd be reconsidering whether that's worth doing, at least with a JavaScript host. I mean, if you want Java, it's right over there.

No one wants java. We want html and javascript. Even davec seems to have moved away from silverlight.

Well, I continue to be baffled by the desire to force JavaScript into roles it's unsuited for, but surely in any case there's a better alternative than reinventing the sandbox -- that sounds like the kind of thing only Bruce Schneier should do, like inventing a new encryption algorithm. Maybe come up with a set of useful external tasks and let the game just invoke them, which would have the added advantage of being platform-independent?

Signing is a good solution I think, and libraries already exist: http://kjur.github.com/jsrsasign/ Just have to decide if the code footprint of such a library is acceptable. I think that one is around 10kb which is fine.

I agree with vaporware. This is the wrong direction. Any system that needs concern itself with security in this day and age is a really bad idea. Working with the constructs of the standard web is the way to go.

That being said, when I open up my portal, I'm unlikely to allow anything but image, text, and game file uploads. If someone wants to alter the JavaScript code base, they'll have to work with me on that.

I still don't see why anyone is building anything custom regarding styles. The browser has solved this (like it or not) with CSS and JavaScript and HTML. Let the author identify context and let the browser do the rest.

David C.
textfyre.com

Unless we deny everyone the ability to use these new features at playif.com security will be something we need to address. I want people to be able to make a game with vorple or maybe a html version of glimmr, upload it to the archive and instantly send their friends a link to iplayif.com. There is a place for curated portals, but that's not what parchment is.

Denying everyone the ability to embed arbitrary code for visitors' browsers to execute doesn't seem like such a bad idea.

This approach works fine when the context is "room header" or "emphasized text", but anything beyond that requires custom, author-provided styles.

_________________
Vorple UI library — Beta testing site — Blog