[opensource-dev] Client side scripting.
secret.argent at gmail.com
Mon Sep 13 05:08:12 PDT 2010
The hard part isn't coming up with an embedded scripting language, it's not even coming up with a secure set of bindings that don't allow for unanticipated side-effects or privilege escalation, it's integrating the scripting engine into an event loop that wasn't designed to have a scripting engine in it.
And designing a secure set of bindings that do something useful without security holes is already pretty damn tough.
More information about the opensource-dev