On Tue, Nov 14, 2006 at 05:55:43PM -0500, Gregory Maxwell wrote:
Better to just write a sandboxed ecmascript or python interpreter which runs in sandboxed Java... and then make an extension that lets you directly input the script code, which will then be handed out to clients. This then reduces the risk of it displaying penises on second tuesdays to the same risk as template code displaying penises on second tuesdays.
It's actually not the far out of an idea... there is already a python implementation in java (jython, http://www.jython.org/Project/index.html) and several of the python plotting libraries will work in jython (http://www.eckhartarnold.de/apppages/pyplotter.html). I imagine that interactive graphs are the largest driver for java apples beyond audio/video playback.
For that matter, I think there are JVM-embedded Ruby and Perl interpreters as well. Might as well allow it all, if you're going to do it that way.
A solution like this would give us real wikieditable software which we could open to the world, and not confine to sysop priests with java compilers and the patience to work offline.
That's an excellent point about the social significance of how we handle it.
Unfortunately jython needs non-sandboxed java because it mucks about with the VM for the ability to call arbritary java and native code functions. :-/
If anyone is aware of any dynamic languages which will run in sandboxed java and which have decent graphing libraries, I'd love to hear about it. :)
I don't know whether Ruby's implementations (there are several, in fact) within the JVM allow them to be run sandboxed and, believe it or not, I don't actually know for sure whether there's a Perl implementation to compare, even though I probably use Perl at least as often as any other single language (and significantly more than Ruby).