[opensource-dev] Client side scripting.
Argent Stonecutter
secret.argent at gmail.com
Mon Sep 13 05:08:12 PDT 2010
The hard part isn't coming up with an embedded scripting language, it's not even coming up with a secure set of bindings that don't allow for unanticipated side-effects or privilege escalation, it's integrating the scripting engine into an event loop that wasn't designed to have a scripting engine in it.
And designing a secure set of bindings that do something useful without security holes is already pretty damn tough.
I would suggest starting with a restricted subset of Javascript in the web engine, for interactive notecards, and see what it takes just to get THAT part secure, reliable, and robust.
More information about the opensource-dev
mailing list