Hey all!

I'm reviving an old project to embed sandboxed HTML/JavaScript "widgets" into wiki pages as a click-to-play media type, using modern browsers' <iframe> sandbox and Content-Security-Policy restrictions.

Intro and detail notes which I'll keep updating: https://www.mediawiki.org/wiki/User:Brion_VIBBER/EmbedScript_2019

I hope to extend it with a headless "plugin" mode which allows less-trusted user-written code to interact safely with fully-trusted host APIs, and a dependency system to let common library modules, string localizations, image files from Commons, and data from Wikidata be bundled up and used safely, without cross-site data exposure.

I'm hoping to solicit some more feedback while I'm in the prototyping stage, with an eye towards issues we'll need to resolve before it reaches a productizable stage we could seriously deploy.

Open questions include:

* Can we really replace some user scripts and gadgets with a split-trust model, and which ones are good ones to start experimenting with? * What should a user-permissions UX look like for plugins? What threat models are not examined yet? * What kind of comment / code review system is needed? * What about patches, and forks, and copies and centralization? what's the best Commons-centric or alternate model that will prevent fragmentation of code? * How should libraries / dependencies work? * How should localization work? * How much coupling to MediaWiki is desired/required? * How to implement mobile app and offline support?

Feel free to poke me directly or on the wiki talk page with questions/comments/ideas. Love it? Hate it? Great! Let me know. :)

-- brion