kappa
|
 |
«
Reply #30 - Posted
2011-01-10 10:32:19 » |
|
Again wrapping the applet within an iframe will prevent this.
From the impression of the posts above security seems to be the main reason this won't ever be built, but I still fail to understand what these security concerns are.
http://usablelayout.com/articles/automatically-break-out-iframeand you can access and modify things in the parent of an iframe from a child iframe. |
|
|
|
|
|
DzzD
|
|
«
Reply #31 - Posted
2011-01-10 11:07:54 » |
|
Again wrapping the applet within an iframe will prevent this.
From the impression of the posts above security seems to be the main reason this won't ever be built, but I still fail to understand what these security concerns are.
http://usablelayout.com/articles/automatically-break-out-iframeand you can access and modify things in the parent of an iframe from a child iframe. no you should not be able to acces DOM of the parent iframe if it come from another domain, this one is IMO twice wrong, first it use page from the same domain, second it does not really acces DOM of the parent iframe but just change the location of the main window |
|
|
|
|
JL235
|
|
«
Reply #32 - Posted
2011-01-10 11:09:03 » |
|
According to this applets cannot communicate with JavaScript by default. It needs to be turned on via the 'mayscript' applet attribute. So I stand corrected, an iframe isn't even needed. Again, as long as JGO is generating the applet tag are there any security concerns? |
|
|
|
Games published by our own members! Check 'em out!
|
|
|
DzzD
|
|
«
Reply #33 - Posted
2011-01-10 11:11:20 » |
|
to be safe you have to embed the iframe from the author domain, everything must come from the external domain and nothing from JGO, this will ensure that everything will be keep separated by the browser
as mentionned above, a minimum number of post is a nice idea too
|
|
|
|
|
kappa
|
|
«
Reply #34 - Posted
2011-01-10 11:15:02 » |
|
According to this applets cannot communicate with JavaScript by default. It needs to be turned on via the 'mayscript' applet attribute. So I stand corrected, an iframe isn't even needed. As mentioned above, since Java 1.6.0_10+ (which is now over 60% of java installs) the mayscript attribute no longer does anything. JavaScript communication is allowed by default, haven't seen a switch to allow disabling it yet. |
|
|
|
|
|
arielsan
|
|
«
Reply #35 - Posted
2011-01-10 18:01:28 » |
|
Anyone knows people of Funorb? They have a nice solution for applets, I know it is a different platform (not a forum) but they could be of help |
|
|
|
|
kappa
|
|
«
Reply #36 - Posted
2011-01-10 18:31:58 » |
|
Anyone knows people of Funorb? They have a nice solution for applets, I know it is a different platform (not a forum) but they could be of help All their applets are written in-house, so are all from trusted sources. |
|
|
|
|
Riven
|
|
«
Reply #37 - Posted
2012-01-07 07:38:32 » |
|
(LWJGL) Applets are (hopefully) functional now: Warning! Untrusted content: Riven submitted an applet to JGO. If the applet asks for permissions, it will have full access to your system. ( read more) - If you allow to launch the applet, it will run in sandbox mode by default.
- Signed applets will popup a security-dialog, which asks for permission to full access to your system.
- The applets are launched from a seperate sub-domain, to protect you from eavesdroppers.
- Only run applets of people you trust, regardless of whether the applet asks for permissions or not.
JGO cannot be held responsible for the contents and/or behavior of the hosted applets. It should look like a 512x512 black rectangle with a single triangle rendered. Please test!  Syntax: 1
2
3
4
5
| [ lwjgl archive=your.jar class=your.Applet width=512 height=512 ]
[ applet archive=your.jar class=your.Applet width=512 height=512 ] |
I will have to add the upload feature later. I don't quite get why there isn't some abstract class in LWJGL that you extend for your applet, I had to rip out code from the GearsApplet demo, resulting in rather messy and verbose code to render 1 triangle, which IMHO the developer shouldn't be exposed to. Anyway, I disgress... Here's the code to get that triangle on screen: 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
| import java.applet.Applet;
import java.awt.BorderLayout;
import java.awt.Canvas;
import org.lwjgl.LWJGLException;
import org.lwjgl.opengl.Display;
import static org.lwjgl.opengl.GL11.*;
public class JgoLwjglApplet extends SuggestedTemplateApplet
{
public void drawTriangle()
{
glBegin(GL_TRIANGLES);
glColor3f(1, 0, 0);
glVertex3f(-0.5f, -0.5f, 0.0f);
glColor3f(0, 1, 0);
glVertex3f(+0.5f, -0.5f, 0.0f);
glColor3f(0, 0, 1);
glVertex3f(+0.5f, +0.5f, 0.0f);
glEnd();
}
@Override
public void displayReady()
{
glClearColor(0.0f, 0.0f, 0.0f, 1.0f);
while (running)
{
glClear(GL_COLOR_BUFFER_BIT);
glMatrixMode(GL_PROJECTION);
glLoadIdentity();
glMatrixMode(GL_MODELVIEW);
glLoadIdentity();
drawTriangle();
Display.update();
try
{
Thread.sleep(100);
}
catch (Exception exc)
{
}
}
Display.destroy();
}
}
public abstract class SuggestedTemplateApplet extends Applet
{
Canvas holder;
Thread gameThread;
volatile boolean running;
void startLWJGL()
{
gameThread = new Thread()
{
public void run()
{
running = true;
try
{
Display.setParent(holder);
Display.create();
}
catch (LWJGLException e)
{
displayFailed(e);
return;
}
displayReady();
}
};
gameThread.start();
}
public abstract void displayReady();
public abstract void displayFailed(LWJGLException exc);
void stopLWJGL()
{
running = false;
try
{
gameThread.join();
}
catch (InterruptedException e)
{
e.printStackTrace();
}
}
public void destroy()
{
remove(holder);
super.destroy();
}
public void init()
{
setLayout(new BorderLayout());
try
{
holder = new Canvas()
{
public void addNotify()
{
super.addNotify();
startLWJGL();
}
public void removeNotify()
{
stopLWJGL();
super.removeNotify();
}
};
holder.setSize(getWidth(), getHeight());
add(holder);
holder.setFocusable(true);
holder.requestFocus();
holder.setIgnoreRepaint(true);
setVisible(true);
}
catch (Exception e)
{
System.err.println(e);
throw new RuntimeException("Unable to create display");
}
}
} |
|
|
|
|
|
lhkbob
|
|
«
Reply #38 - Posted
2012-01-07 08:16:42 » |
|
It works on Mac 10.6 in Safari 5, which is impressive since I usually see applets fail.
Is there a reason why there are two tags, one for LWJGL and one for regular applets? I haven't made a LWJGL applet before, so I don't know if you need to configure it differently.
|
|
|
|
|
kappa
|
|
«
Reply #39 - Posted
2012-01-07 08:17:20 » |
|
oh nice work, really awesome how you are gradually improving JGO.
testing:
[lwjgl archive=http://kappa.dreamhosters.com/test/boing/ball.jar class=org.bossattack.boing.BallApplet width=640 height=480]
|
|
|
|
|
Games published by our own members! Check 'em out!
|
|
|
|
|
CommanderKeith
|
|
«
Reply #41 - Posted
2012-01-07 08:58:08 » |
|
Great stuff Riven. The java loading logo came up and it was looking really good. Unfortunately it failed for me with a message along the lines of: 1
| loadlibrary failed with error 998: invalid memory access violation |
But that seems to be a bug in lwjgl or my drivers since their main applet page threw the same errors: http://lwjgl.org/applet/This is such a good feature idea |
|
|
|
|
kappa
|
|
«
Reply #42 - Posted
2012-01-07 09:03:06 » |
|
Is there a reason why there are two tags, one for LWJGL and one for regular applets? I haven't made a LWJGL applet before, so I don't know if you need to configure it differently.
LWJGL Applets need a bit more magic to work, since they deploy stuff like native files. Riven's tag handles all that for you in the background, so you just need to worry about your game/app jars. |
|
|
|
|
|
kappa
|
|
«
Reply #43 - Posted
2012-01-07 09:33:38 » |
|
testing again: Warning! Untrusted content: kappa submitted an applet to JGO. If the applet asks for permissions, it will have full access to your system. ( read more) - If you allow to launch the applet, it will run in sandbox mode by default.
- Signed applets will popup a security-dialog, which asks for permission to full access to your system.
- The applets are launched from a seperate sub-domain, to protect you from eavesdroppers.
- Only run applets of people you trust, regardless of whether the applet asks for permissions or not.
JGO cannot be held responsible for the contents and/or behavior of the hosted applets. nice, it works for me now  |
|
|
|
|
|
Riven
|
|
«
Reply #44 - Posted
2012-01-07 09:42:36 » |
|
Unfortunately it failed for me with a message along the lines of: 1
| loadlibrary failed with error 998: invalid memory access violation |
But that seems to be a bug in lwjgl or my drivers since their main applet page threw the same errors: http://lwjgl.org/applet/Sorry to see it fail, but I doubt I can help  This is such a good feature idea Oh yeah  |
|
|
|
|
Riven
|
|
«
Reply #45 - Posted
2012-01-07 10:47:48 » |
|
I will have to add the upload feature later.
Added it under [My Files] in the forum-header.  |
|
|
|
|
Riven
|
|
«
Reply #46 - Posted
2012-01-07 12:08:50 » |
|
Added buttons for [ spoiler ], [ qr ], [ countdown ], [ applet ], [ lwjgl ] on the post/reply/modify screens. Pixel artists are welcome. |
|
|
|
|
ReBirth
|
|
«
Reply #47 - Posted
2012-01-07 13:08:10 » |
|
Hey it works. however I can't use my mouse scroll right after the applet loaded. Great feature!  |
|
|
|
|
Riven
|
|
«
Reply #48 - Posted
2012-01-07 13:10:04 » |
|
Applet grabs focus (see line #135 in previous post).
|
|
|
|
|
ReBirth
|
|
«
Reply #49 - Posted
2012-01-07 13:12:07 » |
|
Oh yeah you right. It's not matter though, since can still use scroll bar  |
|
|
|
|
roland
|
|
«
Reply #50 - Posted
2012-01-07 13:25:01 » |
|
The buttons don't work for me (They don't do anything when I click them) EDIT: It worked this time |
|
|
|
|
|
Riven
|
|
«
Reply #51 - Posted
2012-01-07 13:32:27 » |
|
The buttons don't work for me (They don't do anything when I click them) EDIT: It worked this time Ah thanks. The problem is/was that the buttons do not work if the page is loaded through ajax (the autoloader feature). Fixed now. |
|
|
|
|
roland
|
|
«
Reply #52 - Posted
2012-01-07 13:40:15 » |
|
How about an "approval" system for uploading stuff to your "directory"(if it isn't a .jar file), that way you can upload whatever you want but it has to be checked first (and will be deleted if it isnt appropriate/part of your game + you will get a warning or something). 10mb + only jar files is fine for small games I guess but ... if you want a php script for high scores or custom levels that can be saved? or if you don't want to put everything in the jar file?
|
|
|
|
|
|
Riven
|
|
«
Reply #53 - Posted
2012-01-07 13:55:40 » |
|
JGO is not meant to be a host for any (small or big) games. It's a place to demo/share your WIP. 10MB might not sound like a lot, but remember JGO runs on a VPS where harddisk space is limited, just like datatraffic. If it would turn out to be necessary, we'll eventually move to a situation where old data is purged automatically. Regarding your highscore-PHP-script (which would mean running untrusted code on the server...), no, nothing like that will ever happen The problem with 'approval by moderators' is that it is an excellent attack vector to infect our moderators.  |
|
|
|
|
roland
|
|
«
Reply #54 - Posted
2012-01-07 14:03:19 » |
|
how about a PHP checker? You could restrict it to only certain keywords and specific directories. Anyway I guess it doesn't matter, people can run my applet off my website anyway. 1
2
3
4
5
6
7
8
| <?php
$name = $_REQUEST['name'];
$key = $_REQUEST['key'];
$fp = fopen("data/user/" . $name . ".txt", "w");
fwrite($fp, $key);
fclose($fp);
?> |
|
|
|
|
|
|
Riven
|
|
«
Reply #55 - Posted
2012-01-07 14:05:05 » |
|
how about a PHP checker? You could restrict it to only certain keywords and specific directories. Anyway I guess it doesn't matter, people can run my applet off my website anyway. 1
2
3
4
5
6
7
8
| <?php
$name = $_REQUEST['name'];
$key = $_REQUEST['key'];
$fp = fopen("data/user/" . $name . ".txt", "w");
fwrite($fp, $key);
fclose($fp);
?> |
Code like that makes me cringe. If I were to use that code, JGO would be hacked in minutes. |
|
|
|
|
roland
|
|
«
Reply #56 - Posted
2012-01-07 14:06:08 » |
|
how about a PHP checker? You could restrict it to only certain keywords and specific directories. Anyway I guess it doesn't matter, people can run my applet off my website anyway. 1
2
3
4
5
6
7
8
| <?php
$name = $_REQUEST['name'];
$key = $_REQUEST['key'];
$fp = fopen("data/user/" . $name . ".txt", "w");
fwrite($fp, $key);
fclose($fp);
?> |
Code like that makes me cringe. If I were to use that code, JGO would be hacked in minutes. oh  |
|
|
|
|
|
|
|
Riven
|
|
«
Reply #58 - Posted
2012-01-07 14:18:53 » |
|
|
|
|
|
|
roland
|
|
«
Reply #59 - Posted
2012-01-07 14:20:42 » |
|
Oh. Adblock plus blocked it |
|
|
|
|
|
