Simple, secure scripting language implemented in JavaScript? [closed] - javascript

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
I would like to implement a scripting language to assist in partially automating certain tasks on a public wiki. I cannot install anything such as Google Caja on the server or modify the wiki software itself, but I can install JavaScript code for client-side execution. Because my intent is to allow ordinary users to create and post scripts, using JavaScript itself is insecure and could lead to account compromises.
Does such a scripting language implementation exist, or if not, is it relatively easy to create? My focus is on ease of text processing, Ajax requests, and implementation.
Here is an example task a script would need to perform, taken from Wikipedia's procedure for requesting article deletion:
Ask the user for the name of a wiki page and a good reason to delete it.
Get that page's source code, add a deletion notice to the top, and save the new text.
Create a new page (its name based on the first page's name) that includes the reason for deletion.
Get the list of users who edited the page and notify the first one (again, by editing a specific page) that the page he created is about to be deleted.

Here's an implementation of Tcl in javascript: Tcl in Javascript.
Here's the source: tcl.js.
And here's code implementing a live console in your browser to play with: A little tcl.js console
Tcl may not be your cup of tea but the implementation looks fairly simple straightforward. This is mainly because tcl itself is such a simple language. You can use it to get ideas on how to implement variables and functions.
Hint: in tcl, control structures are functions so look at where built-in functions are implemented to see the implementation of for, while and foreach.

Douglas Crockford's ADsafe is supposed to be a secure subset of JavaScript.
It consists of a runtime library (~20 KB minified) and a verifier (included in JSLint). If Crockford were to drop "The Software shall be used for Good, not Evil" from the license, both components would be GPL-compatible open-source programs.
Because JSLint is a JavaScript program, it can verify user scripts entirely within the web browser. This is in contrast to Google Caja, which is written in Java.

You could just sandbox; that is, scope in a couple of key variables so that the user's code is unable to access unsafe objects.
var execSandboxedJS = function (jsCode) {
var window = document.getElementById('myRootElement');
var document = window;
eval(jsCode);
};
Though, allowing user code to make ajax requests is, in itself, inherently unsafe. I would reconsider the sanity of the project if that's what's called for.

Related

HTML5 rendering [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I always read something like HTML5 games etc. But I don't believe that a game is entirely programmed in HTML5 because it is just a markup language. Normally, it is controlled though JavaScript, right?
I want to program a very very simple browser game, that I can play with my friends. But I want to code the logic in Scala.
So I came up with this structure.
The client is able to see HTML in his browser. HTML5 will be manipulated though JavaScript which opens a connection to my webserver (AJAX?). Now I can program all my logic in Scala and let JavaScript execute it (for example move pawn from position a to position b).
This would be possible, right?
As a webserver I would choose Lift.
But I have never done any rendering with JS/HTML5. Would you recommend to look in some frameworks such as LimeJs or CraftyJs?
"HTML5" is commonly used as an all-encompassing reference to a set of specifications for client-side scripting language APIs, in addition to the core markup language that gave rise to the "ML" part in the name. So "implement this-or-that in HTML5" generally means something like do it in client-side Javascript, manipulating a DOM tree as specificied by HTML5 in order to present a user interface.
It is somewhat inconsistent/illogical naming, but standardizing on inconsistent illogical terminology is what this industry is best at. :-)
http://en.wikipedia.org/wiki/HTML5
HTML5 is a markup language for structuring and presenting content for the World Wide Web, and is a core technology of the Internet originally proposed by Opera Software.[2] It is the fifth revision of the HTML standard ... a mixture of features introduced by various specifications, ... software products such as web browsers, ... common practice, and the many syntax errors in existing web documents. It is also an attempt to define a single markup language that can be written in either HTML or XHTML syntax
HTML5 on its own cannot be used for animation and interactivity - it must be supplemented with CSS3 or Javascript
Sticking with your example developers typically define an API to access your data via your web server.
Javascript would be responsible for manipulating your view (html dom), so it would actually contain a big chunck of your game logic
webserver would contain your data model (maybe it would have logic for a robot player and its next move)
client is the browser

Rule Engine in JavaScript [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
Is there any Rule engine in JavaScript?
The question is in this context:
Consider a web application having a form that users fill up.
As a user fills up each field and proceeds to the next, business logic written in JavaScript controls the visibility(and other attributes) of form elements further down the page.
The same business logic is also applied at the server side after the form gets submitted, albeit, in Java to guard against any mishaps/manipulations at the browser side.
Now, Wouldn't it be nice if we have a JSR 94/Drools/JRules like rule engine that would execute rules in both Java and in JavaScript? With such a rule engine, I can avoid hard coding my rules, and I also retain the flexibility of having client-side as well as server-side validation
(PS: I've tried the AJAX route and seen that the application becomes a lot less responsive, making it hard to sell to users who've been accustomed to a hand-coded, pure-javascript version.)
JSR-94 is a Java specification, so I don't see what it has to do with the browser.
There's Google JSON rules:
http://code.google.com/p/jsonrules/
You said you tried the AJAX route. Does that mean a rules engine running on the server and an asynch call to access it?
This is a valid question. From this article, JSR 94
does not standardize the following:
The rule engine itself
The execution flow for rules
The language used to describe the rules
The deployment mechanism for Java EE technology
Thus, it may be possible to use a DSL that could be executed on the client and server, and this could be developed, executed, and managed as per the JSR 94 architecture. Or not.
Another article Creating a simple rules engine using the Java scripting API employs JSR-233 plus other stuff to create a rule engine system. This however predates the JSR 94.
I got to this stackoverflow page since I too was looking for a solution. Currently, I have a page to validate on client side where groups of fields can trigger different validation rules, and requirements are changing. To write this in imperative code just creates a mess with high cyclomatic complexity.
However, the easiest thing to do is use one of the many JavaScript form validation libraries out there. Still looking.
Since the javascript lives in the browser, it's fairly easy for a user to check your source code and bypass any js validation mechanisms. That's why it's usually done server-side.
It's a pain but I usually implement validation both in javascript and on the server, that way "normal" users will have a quick response, and "hackers" will be kept out of the system. Unfortunately I think that's the way you need to go if you want both good user experience and good security.
To answer your question, to my knowledge there's no common library that can be used both on the client side and the server side.
PS. remember JavaScript is not Java ! :-)
http://en.wikipedia.org/wiki/JavaScript#JavaScript_and_Java

Are there any HTML5 Canvas implementations for embedding in c++ [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I'm working on a browser based game atm and already looking into options porting it to other platforms such as consoles or devices where playing in a web browser may not be suitable.
The game is pretty much all JavaScript with rendering done via a 2d canvas context.
What i was hoping for is that there is already a c++ library/api that will work in conjunction with maybe google's v8 engine to handle the canvas calls in JavaScript and render them with opengl or something similar
Does anyone know of a project out there that may be providing this functionality?
Otherwise how would you suppose I go about embedding my javascript in c++ with as little changes required to the javascript as possible as I don't really want to have to maintain too many differences between platforms?
Qt is a very nice C++ library compatible with LGPL licensing that among other things includes a webkit based widget with javascript support. Also as scripting language Qt uses javascript with a tight integration with C++ (it's easy to write a C++ class and and make it visible at the javascript level).
Qt is multi platform and comes with an highly sophisticated IDE.
Qt is not currently using V8 but the porting is in progress and they aim at providing a 100% backward compatible solution.
The only "problems" of Qt are IMO that:
It's huge
It's a framework, not a library. You cannot just "use" Qt easily, you should embrace the view (the documentation is however of excellent quality).
The long term prospects are a bit fuzzy (not as bad as a few months ago, tho)
I guess I'm a bit late here, but I'm searching for a similar solution. I found node-canvas and I do not know if it is feasible to hook that so it renders into something like an SDL or SFML-managed window or not.
But for my own purposes, I will port my code over to C++ and use Cairo directly with SFML and OpenGL.
Interesting idea - another possibility is using Adobe Air, and rendering the game via StageWebView and Flex 4. Here's some example code for using the thing if you're interested:
https://github.com/JustinBeckwith/frink/blob/master/frink-flex/src/controls/WebBrowser.as
An interesting Project that I have uses id FireBreath(firebreath.org). This is not exactly what you are looking for, but in some ways it would get you close. Firebreath allows the creation of browser plugins in C++. One of the features of Firebreath is it allows you to access and modify the DOM from the C++ in you browser plugin as well as create methods and properties in C++ that can be accessed from JavaScript on your page.

Python library for rendering HTML and javascript [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
Is there any python module for rendering a HTML page with javascript and get back a DOM object?
I want to parse a page which generates almost all of its content using javascript.
The big complication here is emulating the full browser environment outside of a browser. You can use stand alone javascript interpreters like Rhino and SpiderMonkey to run javascript code but they don't provide a complete browser like environment to full render a web page.
If I needed to solve a problem like this I would first look at how the javascript is rendering the page, it's quite possible it's fetching data via AJAX and using that to render the page. I could then use python libraries like simplejson and httplib2 to directly fetch the data and use that, negating the need to access the DOM object. However, that's only one possible situation, I don't know the exact problem you are solving.
Other options include the selenium one mentioned by Łukasz, some kind of webkit embedded craziness, some kind of IE win32 scripting craziness or, finally, a pyxpcom based solution (with added craziness). All these have the drawback of requiring pretty much a fully running web browser for python to play with, which might not be an option depending on your environment.
You can probably use python-webkit for it. Requires a running glib and GTK, but that's probably less problematic than wrapping the parts of webkit without glib.
I don't know if it does everything you need, but I guess you should give it a try.

What JavaScript Repository should I use? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
Many languages have standard repositories where people donate useful libraries that they want others to have access to. For instance Perl has CPAN, PHP has PEAR, Ruby has RubyGems, and so on. What is the best option for JavaScript?
I ask because a few months ago I ported Statistics::Distributions from Perl to JavaScript. (When I say ported I mean, "Ran text substitutions, fixed a few things by hand." I did not rewrite it.) Since I've used this module a number of times in Perl, I figure that statistics-distributions.js is likely to be useful to someone. So I've put it under the same open source license as the original (your choice of the GPL or the Artistic License). But I have no idea where to put it so that people who might want it are likely to find it.
It doesn't fit into any sort of framework. It is just a standalone library that gives you the ability to calculate a number of useful statistics distributions to 5 digits of accuracy. In JavaScript.
JSAN (JavaScript Archive Network) sounds like the kind of thing you're looking for, but I've never personally used anything from it apart from Test.Builder.
As long as your JavaScript can be dropped in to people's projects without polluting the global namespace or doing things which are liable to cause breakage in other people's code (adding to Object.prototype, for example) I would just stick it somewhere like Google Code as already suggested.
There is no centralized repository for JavaScript. JS Libraries usually have their own plugin-repositories, but for stand-alone scripts, The best way to promote it is to send it to famous website such as ajaxian or mashable
AFAIK, there is no central JavaScript repository, but you might have success promoting it on Snipplr or as a project on Google Code.
You could start a project on SourceForge to contain useful snippets of code like this (or google for snippets to find one).
Perl, Ruby, PHP, etc all have distribution mechanisms built into the language to consume such libraries.
There's not such a thing built into JS.
There are tons of script archives out there - but no "central" JS repo.
Consider packaging it up as a plugin for one of the major Javascript libraries such as jQuery - see http://docs.jquery.com/Plugins/Authoring for more details. This way it can be included on their plugin page which will get it good exposure as they have a huge developer base and it'll be one of their first ports of call when a need arises for such functionality.
Whilst jQuery is one of the most popular frameworks (if not the most) out there, there are a host if other libraries you could consider using in addition to/instead of it.

Categories