CWebBrowser: Difference between revisions

From Multi Theft Auto: Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
==Potential issues with implementation of CEF (Chromium Embedded Framework==
==Potential issues with implementation of CEF (Chromium Embedded Framework==
*Flash
 
**Not everyone has it
== Awesomium vs CEF ==
**Requires a special version (other browsers)
* Awesomium has already been implemented, and is a proven library for embedding web browsers
*Pop-ups/New windows
* CEF is an open source alternative, which is also established
**How to handle?
Verdict: Go with CEF.  We can link the source tree, and push updates frequently as needed.  This may prove vital with critical security updates.  It'll just require Jusonex to do small 2-600hour changes.
***Proposal from Woovie: Fire an event
 
*Other plugins
 
**Are they supported? If so, which ones?
== Flash ==
*Whitelist/Blacklist
*Not everyone has flash, and there's likely to be great demand for streaming video.  HTML5 doesn't cut it at the moment.
**Global blacklist?
*For it to function, the special "Other Browsers" version of Flash Player needs to be installed from Adobe's Website
**How to implement whitelist popup?
** Should a suggestion of installation of "Flash for other browsers" be included in the MTA installer?
*** I think that we shouldn't be prematurely suggesting/promoting/forcing the install of 3rd party software without knowing the exact demand for it.  Server owners might find ways around this problem, and we might end up looking like fools for spyware-like adverts (extreme case scenario :P) --[[User:Talidan|Talidan]] 18:32, 17 April 2014 (UTC)
** Using user-agent to spoof various HTML5 Browsers may allow dodging of the use of flash.  This requires a few things:
*** A scripting function to set the user agent of the session
*** Some sample scripts, or some nagging to make sure the community uses HTML5 wherever possible, by the use of user agent or otherwise.  We should try and make server owners responsible to avoid taking the lazy route (flash streaming)
 
 
== Pop-ups/New windows ==
*How to handle?
**Proposal from Woovie: Fire an event.  This means an event is fired when a web page requests a pop-up or a href in a new window, and it's left for the scripter to deal with it.
 
== Alerts ==
* How to handle Alert message boxes?
** Either we create a message box GUI in CEGUI to fulfil this
** Otherwise, we ignore alerts and make them incompatible.  This might end up being the better solution.
 
== Other plugins ==
*Are they supported? If so, which ones?
**I'm gonna say we disable most plugins, and have a whitelist for approved ones, if feasible.  Who want's to deal with crap like Java? --[[User:Talidan|Talidan]] 18:32, 17 April 2014 (UTC)
 
== Whitelist/Blacklist of websites ==
*Global blacklist?
*How to implement whitelist popup?
 
Current proposal consists of:
* A global whitelist of approved websites, that are always allowed.  E.g. youtube, google, reddit
* All other websites have a message box popup requesting that you allow access to certain websites
* A possible global blacklist/killswitch for bad websites or the entire web browser.
 
== Audio & 3D ==
* Audio support in Chromium/Awesomium/CEF is currently multi-threaded.  This means it can't be integrated with BASS, which would have opened up possibilities for all the nice BASS functions we have.
* This also means 3D support can't be added as easily.  We can however adjust the volume manually, like we do currently. 
** Unfortunately, Chromium uses COM volume control.  This means that it uses Windows global settings, and for XP/2000 probably can't be controlled easily.  3D might not be possible for these systems.
*** HTML5 does support volume control.  So long as the audio source is on an HTML5 page, these can be wrapped locally with a crafted .html document.  This can be fed with volume controls to simulate 3D in Lua, rather than in MTA itself.
 
== Privacy and cookies ==
* Cookies should not be transferred from one server to another.  If you login to Google on one server, another server should not be able to hijack that session.
** Easy solution: Delete cookie and cache data upon quit every single time (or perhaps on start in case of crashes?)
** Otherwise, CEF offers a Cookie Manager where cookie sessions can be created.  Each server could have it's own cookie session so it could remember logins etc, which could be handy for login panels
*** If this option is chosen, we should have a button in the settings menu to clear all browsing data.

Revision as of 18:32, 17 April 2014

Potential issues with implementation of CEF (Chromium Embedded Framework

Awesomium vs CEF

  • Awesomium has already been implemented, and is a proven library for embedding web browsers
  • CEF is an open source alternative, which is also established

Verdict: Go with CEF. We can link the source tree, and push updates frequently as needed. This may prove vital with critical security updates. It'll just require Jusonex to do small 2-600hour changes.


Flash

  • Not everyone has flash, and there's likely to be great demand for streaming video. HTML5 doesn't cut it at the moment.
  • For it to function, the special "Other Browsers" version of Flash Player needs to be installed from Adobe's Website
    • Should a suggestion of installation of "Flash for other browsers" be included in the MTA installer?
      • I think that we shouldn't be prematurely suggesting/promoting/forcing the install of 3rd party software without knowing the exact demand for it. Server owners might find ways around this problem, and we might end up looking like fools for spyware-like adverts (extreme case scenario :P) --Talidan 18:32, 17 April 2014 (UTC)
    • Using user-agent to spoof various HTML5 Browsers may allow dodging of the use of flash. This requires a few things:
      • A scripting function to set the user agent of the session
      • Some sample scripts, or some nagging to make sure the community uses HTML5 wherever possible, by the use of user agent or otherwise. We should try and make server owners responsible to avoid taking the lazy route (flash streaming)


Pop-ups/New windows

  • How to handle?
    • Proposal from Woovie: Fire an event. This means an event is fired when a web page requests a pop-up or a href in a new window, and it's left for the scripter to deal with it.

Alerts

  • How to handle Alert message boxes?
    • Either we create a message box GUI in CEGUI to fulfil this
    • Otherwise, we ignore alerts and make them incompatible. This might end up being the better solution.

Other plugins

  • Are they supported? If so, which ones?
    • I'm gonna say we disable most plugins, and have a whitelist for approved ones, if feasible. Who want's to deal with crap like Java? --Talidan 18:32, 17 April 2014 (UTC)

Whitelist/Blacklist of websites

  • Global blacklist?
  • How to implement whitelist popup?

Current proposal consists of:

  • A global whitelist of approved websites, that are always allowed. E.g. youtube, google, reddit
  • All other websites have a message box popup requesting that you allow access to certain websites
  • A possible global blacklist/killswitch for bad websites or the entire web browser.

Audio & 3D

  • Audio support in Chromium/Awesomium/CEF is currently multi-threaded. This means it can't be integrated with BASS, which would have opened up possibilities for all the nice BASS functions we have.
  • This also means 3D support can't be added as easily. We can however adjust the volume manually, like we do currently.
    • Unfortunately, Chromium uses COM volume control. This means that it uses Windows global settings, and for XP/2000 probably can't be controlled easily. 3D might not be possible for these systems.
      • HTML5 does support volume control. So long as the audio source is on an HTML5 page, these can be wrapped locally with a crafted .html document. This can be fed with volume controls to simulate 3D in Lua, rather than in MTA itself.

Privacy and cookies

  • Cookies should not be transferred from one server to another. If you login to Google on one server, another server should not be able to hijack that session.
    • Easy solution: Delete cookie and cache data upon quit every single time (or perhaps on start in case of crashes?)
    • Otherwise, CEF offers a Cookie Manager where cookie sessions can be created. Each server could have it's own cookie session so it could remember logins etc, which could be handy for login panels
      • If this option is chosen, we should have a button in the settings menu to clear all browsing data.