GuiWebCtrl (Web UI Control)

#1 This sounds cool. I may need something like this.

One question though:
Does the interface of Javascript to C/C++/Torque Script violate the sand boxing inherent to Javascript contexts? I know the IE and Firefox plugins had the notion of safe TS commands to prevent bad code from hacking someones desktop.

#2

Quote:Does the interface of Javascript to C/C++/Torque Script violate the sand boxing inherent to Javascript contexts?

Yes.

It does not prevent any code.
You can do anything you want to do.

#3 The main thing is:

Quote:safe TS commands to prevent bad code from hacking someones desktop.

Bad security is bad.

#4 Well, I don't see any connection between the webkit scripting, the C/C++, or Torque Script. So this would be a safe from what I can tell. I am not sure what is meant by this feature:
3. Javascript bindings for C,C++ and TorqueScript

I just don't see any path for Javascript to effect the engine.

#5 in c++:

jsValue JS_CALL tge_exec(jsExecState es)
{
    const char* argv[10];
    int argc = jsArgCount(es);
    if (argc > 10)
        argc = 10;

    for (int i = 0; i < argc; ++i)
    {
        argv[i] = jsToString(es, jsArg(es, i));
    }

    const char* ret = Con::execute(argc, argv);

    return jsString(es, ret);
}

jsValue JS_CALL tge_eval(jsExecState es)
{
    const char* str = jsToString(es, jsArg(es, 0));
    Con::evaluate(str);

    return jsUndefined();
}

.....

jsBindFunction("tge_exec", tge_exec, 10);
jsBindFunction("tge_eval", tge_eval, 1);

in javascript:

tge_exec("toggleWebBrowser");
tge_eval("toggleWebBrowser();");

#6 Okay, I didn't see anything like that in the source links posted above. So the bindings are done manually through the webkit api it looks like. That should be safe enough then. Only allow what you want to be called with no automatic bindings. This is good.