[opensource-dev] Client side scripting.

Argent Stonecutter secret.argent at gmail.com
Mon Sep 13 05:08:12 PDT 2010


The hard part isn't coming up with an embedded scripting language, it's not even coming up with a secure set of bindings that don't allow for unanticipated side-effects or privilege escalation, it's integrating the scripting engine into an event loop that wasn't designed to have a scripting engine in it.

And designing a secure set of bindings that do something useful without security holes is already pretty damn tough.

I would suggest starting with a restricted subset of Javascript in the web engine, for interactive notecards, and see what it takes just to get THAT part secure, reliable, and robust.


More information about the opensource-dev mailing list