Talk:LSL Browser HUD
Revision as of 22:38, 9 April 2008 by Strife Onizuka (talk | contribs)
Thoughts
It looks good, though i have a few ideas:
- There should be an address bar even if it is read only (don't want to make spoof attacks possible).
- The window should be user resizable without limitation other then the SL window size.
- It needs to be one or more of these a) minimizable b) tab browsing or c) window roll up (a button that collapses it to a title bar)
- There needs to be a BROWSER_HUD_JAVASCRIPT command that allows the object to manipulate it's Browser HUD. It would look something like [BROWSER_HUD_JAVASCRIPT, string eval].
- string eval - Would be executed in the Browser Hud window by the eval function.
- This would allow for a script to manipulate it's Browser Hud without having to bounce the user off a webserver.
- The user should only be able to eval javascript on approved URL handlers (http & https for starters, more could be added with some hidden pref), we don't want accidental privilege elevation by hijacking about:kitchensink.
- Consider extensions to navigator javascript object so that javascript can access viewer specific informations such as SL location, camera position, etc. Might be useful. Consider adding new events so that javascript can hook them. Imagine a user map HUD that updated with the camera (and didn't rely upon script having to know where the camera was; would be a bandwidth savings).
- Permissions? Auto-grant?
- [BROWSER_HUD_PERMISSIONS, integer mask] ?
- Permissions? Auto-grant?
--Strife Onizuka 22:28, 9 April 2008 (PDT)
Impersonation
I just gots to know what would happen if... <lsl>llMiniBrowserCreate( llGetOwner(), "Sillyness",
"secondlife:///app/browserhudchat/I'm not a script impersonating the user, no really I'm not!", <0,0,0>, 0);</lsl>
--Strife Onizuka 22:38, 9 April 2008 (PDT)