Gregory Maxwell wrote:
Even ignoring the sandbox breakout issues, the halting problem ultimately means that we can not determine what arbitrary code will do... The possibilities for vandalism are endless.. Imagine a little animation of an atom turns into dancing penises for ten minutes on alternate tuesdays.
Humans can't solve the halting problem either, but despite that, I can guarantee that there are no hidden dancing penises embedded in the MediaWiki core. I can do that because it is possible to classify programs into three categories: bad, suspicious and good. We can reject the suspicious programs, making it irrelevant what the programmer has hidden in them.
That's not to say I would support having user-supplied Java applets. I agree with all your other concerns. And it would indeed be difficult (but not impossible) to review applets.
We've been talking about putting Jmol Java applets on chemical compound pages, with a MediaWiki extension. When I posted a demo link to #wikipedia, all I got back were complaints about the long load time, and the performance impact of starting Java. A JavaScript "click to load" link would be necessary for usability.
-- Tim Starling