[opensource-dev] Client-side scripting in Snowglobe
edward.artaud at gmail.com
Fri Feb 19 11:49:10 PST 2010
Smartest point made on the topic, and it really makes sense to stop
conflating the two, there are distinct untrusted script and trusted
plug-in problems. For client-side scripts to be something worth
prioritizing implementing in mainstream viewers, their usage must be
based on the assumption that some large percentage (80+% maybe) of
attachment scripts, for example, would be running client-side, and
possibly even allowing in-world objects to specify that specific
scripts as meant to run viewer-side as well. The analogy would be
and any single browser user is downloading and running *thousands* of
scripts over the course of a day with no awareness or explicit
permission given. Getting a similar system to work in the viewer is a
big problem in and of itself to solve, and the one that would have the
most direct impact in the in-world experience of the most users in the
shortest period of time. Plug-ins would be great, but then we get
into the questions of the whole process of how installation works, is
there an auto-installer ala IE or some form of manual mechanism that
will be prone to user error. If there isn't a way that a very large
number of users would have easy access to trusted plug-ins, it's hard
to imagine it would be a highly prioritized feature.
On Thu, Feb 18, 2010 at 11:16 PM, Ricky <kf6kjg at gmail.com> wrote:
> I suspect that there are two things being discussed here without
> distinction: Client scripting, and client extensions. Confusing the two is
> Client-side scripting SHOULD be sandboxed, and in a controlled set of
> Client extensions, or alternatively named as "plugins", would be modules
> that can be plugged in and out of the client and run /as if/ they were a
> part of the client. Think of browser add-ons/plugins/extensions.
> Client side scripts could (read might be, could possibly, needs further
> thought, etc.) be given permission to be loaded in by worn items
> automatically. Other objects would likely need to request permission via a
> security warning.
> Client extensions would have to be downloaded and installed externally; not
> delivered in-world. These would truly be programs on your computer, and
> should be treated as such.
> Just my thoughts hoping for a clearer discussion.
> Cron Stardust
More information about the opensource-dev