[sldev] Re: Scripting the client

[Lawson English]

Argent Stonecutter wrote:
> Lawson English:
>> You said  on the forums that you were working on a Python plug-in. Why
>> specifically Python, rather than Lua, given the relative simplicity of
>> implementing Lua as a plug-in scripting language (that is what it is
>> designed for) compared to implementing a Python plug-in, and the fact
>> that Lua is already used as the scripting language for the Worlds of
>> Warcraft client and has a proven track record for scripting such a 
>> system?
>
> The language I would rather see would be Tcl. It was designed from the 
> start as a glue language, has been ported widely (and even to as 
> limited environments as the old Palm III), and has standard mechanisms 
> (Safe Tcl) for creating restricted interpreters that *can not* be 
> broken out of because it creates fully sandboxed interpreters that do 
> not even have unsafe APIs exposed through them.

Another option, of course. Best would be something that would allow 
complete flexability in choice of language, of course.
>
> Failing that, it should be possible to create similarly sandboxed 
> ECMAscript interpreters, and the client already supports Javascript 
> and there is an extensive base of developers experienced in both 
> Javascript and Actionscript.

Is there an opensource drop-in library for ECMAscript? The fact that 
there is an interpreter in the browser doesn't mean it would be easy to 
use it for a non-web-based purpose, I would think.


>
> I do not think we should trust Microsoft's partial sandbox design: for 
> the last decade the same high level security model as implemented in 
> IE and ActiveX has been broken again and again by exploiting *design 
> flaws* that are inherent to the whole "security zone" model.