Script iframe sandboxing example

  • 2
  • Idea
  • Updated 3 years ago
  • (Edited)
Sat down for a few hours to put this together. It's a bit rough, but it gets the concept across. let me know if you have any additional thoughts (manly from the devs' side).

http://www.eternagame.org/web/script/7323984/
Photo of LFP6

LFP6, Player Developer

  • 613 Posts
  • 109 Reply Likes

Posted 3 years ago

  • 2
Photo of LFP6

LFP6, Player Developer

  • 613 Posts
  • 109 Reply Likes
Quick afterthoughts:

In the real version, the window.postMessage calls would be abstracted away, so you would simply call game.get_full_sequence(0), or API.getMessages({size: 1, skip: 0}), and that would get translated into the postMessage (obviously with something to deal with the asynchronous nature of postMessage).

Also, if any libraries should be included by default (i.e. The EternaScript API or jQuery), they would be inserted in a script tag in the iframe. To make things simple/less expensive, you could even adjust the EternaScript editor to allow you to choose which you want (a la jsfiddle or something similar).
Photo of LFP6

LFP6, Player Developer

  • 613 Posts
  • 109 Reply Likes
It is worth nothing that the sandbox attribute is newer and not supported in legacy browsers. It would be wise to detect the user's browser version before embedding the code, and not allowing scripts to run (requesting a browser upgrade), or at the VERY least putting up a warning at that point. We would also need to keep close tabs on vulnerabilities with the sandbox attribute.
Photo of Omei Turnbull

Omei Turnbull, Player Developer

  • 977 Posts
  • 305 Reply Likes
@LFP6:  I think the goal -- allowing players to execute other player's boosters without introducing new security concerns (and hopefully, removing some existing ones) -- is really important. Thank you for putting this together.

I don't feel like I'm in a position to really evaluate the technical merits of your script. Can you summarize the key objectives you've addressed, and what would be needed to flesh it out to useable code?

@Nando, to what extent does this address your concerns?
Photo of LFP6

LFP6, Player Developer

  • 613 Posts
  • 109 Reply Likes
That was my point with "Figuring out where the iframe is for boosters"

Would there be any reason why we couldn't limit it to a sidebar/header/footer or modal? If needbe, we can have another option to set the iframe to be static, 100% width and height, and transparent background. The concern is just making it clear what the "actual" page is vs what the script generates.
Photo of Omei Turnbull

Omei Turnbull, Player Developer

  • 977 Posts
  • 305 Reply Likes
My vision for the booster framework is for it to provide the mechanism for players (including those without official developer status) to evolutionary design and develop a new game UI that doesn't require flash.  (This is well beyond the initial goal for boosters, or the simple boosters we have coded to date.)  If we are going to enable this, the "booster" needs to keep full control of the visible page, including the flash applet.  It might, for example, want to overlay the flash UI with something addition, put the flash UI into a slidable frame, of eventually just hide it entirely.

Hence my question of whether there is anything fundamental about your proposal that is incompatible with this vision.
Photo of LFP6

LFP6, Player Developer

  • 613 Posts
  • 109 Reply Likes
The method I suggested, possibly coupled with a couple minor additional hooks, should do everything you need (new UI could be overlayed, to the side, whatever). It is important to consider that anything inside the iframe should be considered untrusted.
Photo of Omei Turnbull

Omei Turnbull, Player Developer

  • 977 Posts
  • 305 Reply Likes
I'm feeling like I may be missing the point of the last sentence.  Just a reminder that the anything in the sandbox, including the flash app itself, would have to use the sandboxed iframe's parent as a proxy for getting data?  Or something more?
Photo of LFP6

LFP6, Player Developer

  • 613 Posts
  • 109 Reply Likes
Yes. And actually, I just realized that you can't load plugins into a sandboxed iframe, so it's a moot point anyways.
Photo of LFP6

LFP6, Player Developer

  • 613 Posts
  • 109 Reply Likes
Some additional information:

One thing that could mitigate some issues is if the script was served in an iframe from a separate domain, instead of just sandboxing it, like jsfiddle does. Another possible option would be using a JS interpriter like this one.