Getting HTML5 going

Mark Wieder ahsoftware at
Wed Mar 25 17:23:38 EDT 2020

On 3/25/20 1:58 PM, Mark Waddingham via use-livecode wrote:

> However there are two rules which must be followed:
>    1) Downloaded code must not allow the app to access any more system 
> provided APIs that it could before.
>    2) Downloaded code must not allow the app to 'morph' (as Richard put 
> it) into something even slightly unrelated to what it was at the point 
> of review; nor should it add significantly different features 
> (particularly in terms of UI).
> In practice conforming to (1) is easy - you aren't allowed to download 
> LCB extensions, loading them at runtime, which use FFI to access system 
> functions.

My reading of 1) is that LCB extensions that use FFI are allowed as long 
as they don't expand the attack surface by introducing new system api 
calls that the app doesn't already use.

But then I'm not in a position to make, review, or enforce those rules.

  Mark Wieder
  ahsoftware at

More information about the use-livecode mailing list