[Engineering] Reviving 'EmbedScript' extension for sandboxed JavaScript widgets

[Brion Vibber]

Hey all!

I'm reviving an old project to embed sandboxed HTML/JavaScript "widgets"
into wiki pages as a click-to-play media type, using modern browsers'
<iframe> sandbox and Content-Security-Policy restrictions.

Intro and detail notes which I'll keep updating:
https://www.mediawiki.org/wiki/User:Brion_VIBBER/EmbedScript_2019

I hope to extend it with a headless "plugin" mode which allows less-trusted
user-written code to interact safely with fully-trusted host APIs, and a
dependency system to let common library modules, string localizations,
image files from Commons, and data from Wikidata be bundled up and used
safely, without cross-site data exposure.

I'm hoping to solicit some more feedback while I'm in the prototyping
stage, with an eye towards issues we'll need to resolve before it reaches a
productizable stage we could seriously deploy.

Open questions include:

* Can we really replace some user scripts and gadgets with a split-trust
model, and which ones are good ones to start experimenting with?
* What should a user-permissions UX look like for plugins? What threat
models are not examined yet?
* What kind of comment / code review system is needed?
* What about patches, and forks, and copies and centralization? what's the
best Commons-centric or alternate model that will prevent fragmentation of
code?
* How should libraries / dependencies work?
* How should localization work?
* How much coupling to MediaWiki is desired/required?
* How to implement mobile app and offline support?

Feel free to poke me directly or on the wiki talk page with
questions/comments/ideas. Love it? Hate it? Great! Let me know. :)

-- brion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/engineering/attachments/20190118/8d0e65e6/attachment.html>