[opensource-dev] Client-side scripting in Snowglobe

[Edward Artaud]

Smartest point made on the topic, and it really makes sense to stop
conflating the two, there are distinct untrusted script and trusted
plug-in problems.  For client-side scripts to be something worth
prioritizing implementing in mainstream viewers, their usage must be
based on the assumption that some large percentage (80+% maybe) of
attachment scripts, for example, would be running client-side, and
possibly even allowing in-world objects to specify that specific
scripts as meant to run viewer-side as well.  The analogy would be
that of web browsers, most of which have javascript enabled by default
and any single browser user is downloading and running *thousands* of
scripts over the course of a day with no awareness or explicit
permission given.  Getting a similar system to work in the viewer is a
big problem in and of itself to solve, and the one that would have the
most direct impact in the in-world experience of the most users in the
shortest period of time.  Plug-ins would be great, but then we get
into the questions of the whole process of how installation works, is
there an auto-installer ala IE or some form of manual mechanism that
will be prone to user error.  If there isn't a way that a very large
number of users would have easy access to trusted plug-ins, it's hard
to imagine it would be a highly prioritized feature.

On Thu, Feb 18, 2010 at 11:16 PM, Ricky <kf6kjg at gmail.com> wrote:
> I suspect that there are two things being discussed here without
> distinction: Client scripting, and client extensions.  Confusing the two is
> easy.
> Client-side scripting SHOULD be sandboxed, and in a controlled set of
> languages.  For a close example think of javascript in web browsers.
> Client extensions, or alternatively named as "plugins", would be modules
> that can be plugged in and out of the client and run /as if/ they were a
> part of the client.  Think of browser add-ons/plugins/extensions.
> Client side scripts could (read might be, could possibly, needs further
> thought, etc.) be given permission to be loaded in by worn items
> automatically.  Other objects would likely need to request permission via a
> security warning.
> Client extensions would have to be downloaded and installed externally; not
> delivered in-world.  These would truly be programs on your computer, and
> should be treated as such.
> Just my thoughts hoping for a clearer discussion.
> Ricky
> Cron Stardust