Sapphari - HTTP Web browser for OneOS/CraftOS - I want YOUR input!

Sapphari is OUT!
I've been working on a browser that uses the HTTP API for sites, but does not require you to host them. How I'm doing that, well, you'll find out when it's out. But I want to know what you'd like to see as a developer of a website for Sapphari, and as a user. What would you like to see in the API, or the UI.
Thanks.

Well… How are these sites going to be programmed? Is it going to be a Lua program, just like in FireWolf, or HTML, or something else?

As a user I would like it to be compatible with all of CC devices: computers, turtles and PDAs, non-advanced and CC 1.58 and earlier support. I would also like to be able to enter fullscreen mode, because CC's screens are pretty small. Tabs would also be nice to have. FireWolf support would be a good feature, so I wouldn't have to have two internet/Rednet browsers And don't forget to pick some nice colors and make a nice GUI.

As a developer I would like it if had automatically layout GUI elements. It would be very good if it had and API or something else for creating GUI elements (textboxes, buttons, lists, tables). It would really help if there would be scrollbar support. Also, I would like it if there would be a way to allow a user to download files from your site. It would also help if we could do server-side programming, like PHP. And lastly, it would be nice if there would be argument support, ex.: www.mysite.com?test=none&command=login.

Good luck creating it!

MKlegoman357, on 05 April 2014 - 04:53 PM said:

Well… How are these sites going to be programmed? Is it going to be a Lua program, just like in FireWolf, or HTML, or something else?

As a user I would like it to be compatible with all of CC devices: computers, turtles and PDAs, non-advanced and CC 1.58 and earlier support. I would also like to be able to enter fullscreen mode, because CC's screens are pretty small. Tabs would also be nice to have. FireWolf support would be a good feature, so I wouldn't have to have two internet/Rednet browsers And don't forget to pick some nice colors and make a nice GUI.

As a developer I would like it if had automatically layout GUI elements. It would be very good if it had and API or something else for creating GUI elements (textboxes, buttons, lists, tables). It would really help if there would be scrollbar support. Also, I would like it if there would be a way to allow a user to download files from your site. It would also help if we could do server-side programming, like PHP. And lastly, it would be nice if there would be argument support, ex.: www.mysite.com?test=none&command=login.

Good luck creating it!

Bit demanding :P/> No seriously Hithere_, this would be amazing if you could get oeed to put this into OneOS. As MK said, good luck.

Building on the idea of compatibility for all devices, perhaps a mobile view?

Yeah, I've done the entire thing to support different sizes. I've only tested it once and it worked the first time– I did the GUI with maths.
unfortaintly examplesite/slashthinghere will not be supported. Maybe in a future version, I could pass it as arguments.
Mobile views… humph. I feel like that's the site's job to put that in.
noncolor support? Sorry no. I feel as though most people's PCs are color nowadays, usually normal computers are only used when GUIs aren't necessary or as a computer to run help on while you edit.
As for GUIs, I'll probably just find some GUI API on the forums or maybe I'll make my own, but I hate GUI coding. Though the problem is with GUI apis is that it's very hard to make them to work with all screen sizes. Maybe if they where designed on the lowest screen size(in4advancedturtles), but other than that I don't know. Do people really want to design a site on a turtle?
Firewolf support? Hah, no.
Downloading files? I don't know, we'll see. The problem is that opens up many security flaws. Maybe ask the user?
I have almost gotten Sapphari finished– once it is I'll be "putting it on ice" for a while to work on the homepage, and then a really cool game. After that I will add more features, but generally it has:
urls
tabs
bookmarks
compatibility with all screen sizes
terminate in the event a site is not responding, will go to homepage
still no need for any kind of host(you'll see how this is possible in a little bit)

Maybe you could put something in the code which told the website what it was running on (PDA, Computer, Turtle (Monitor?) ) and then the website could send the appropriate information to the client, or send none at all if it isn't supported.

The website could do that by itself. Websites are given full access with the exception of file-making or deleting, or generally fs stuff
—
Sapphari 1.0 will be out today. It might be out late at night though, I have a bit of finishing work to do on it.
edit: actually I forgot I'd already prepared for the major new thing in sapphari. I have the API for it, I've made the initiation function work with it.. all I have to do is put the code in the right place and I'll be done–although I can't guarantee that because there might be bugs. There's also a minor feature I haven't implemented at all. I'm hopping to get it done in two hours– I don't know. At the very latest possible, if it's going to be out today, it'll be out before 10:31PM
edit: one of my functions was troubling me, add like 1 hour to the time it'll take to get out.
–
Yeah I'll have to finish this tomarrow. My ask a pro topic is a ghost town, there's a weird bug I can't explain in my code I patched it for now and FINALLY finished tabs, but I have to go to bed now. Tomorrow I will, for SURE, have this out. I have so little to do.

Unfortunately, due to a major program flaw that was fixed and I've added extra security to make it impossible to happen again, I'm 1-day banned from pastebin. In short, this will delay the time Sapphari will be released by 1 day. The issue was that the homepage had an error and it spammed pastebin trying to get the homepage and failed and it did this so many times pastebin blocked my IP. This has happened before and I patched it, but I accidentally removed the patch and forgot about it. It's a 12 hour ban I think.

So it uses pastebin for hosting?

Yes. It's being released today after I put some games on the homepage.
I did end up making downloads. It's a little WIP at the moment and doesn't return weather it was a succsess or not, nor does it prompt the user. It cannot overwrite files but the files can be placed anywhere. I'll work on it later unless it's a major issue. Other than that, there's no way for a site to harm contents of your computer– they don't have access to fs or io Bewarned, there is other things they could do, but your files are safe.
edit: actually they could make trojan horses. But that's your fault for running it without checking.
Sapphari is OUT!

Erm. I don't see anything blocking FS. View E7fMbJKq. Try setfenv for a good sandbox. And beware about os.queueEvent. People can fake someone pressing a key or clicking something.

I can't just block queueEvent. I suppose I should probably just check if it's a mouse event and if it is, make sure it won't interfere.. They can only queue a single event of a single type at a time.
Yeah, I kinda couldn't figure out how to globally block FS. How does that work? I know my program is sandbox'd so it can't use local or global variables I use.
What does setfenv really do?
Was the malware really necessary? By the way, that site is invalid because it will not run forever. Sites must continue running or it will automatically go to the homepage.

Im going to assume this is the code used to run websites

function sapphInt.getSite(paste)
  responce = sapphInt.getSiteStr(paste)
  if responce then
	return loadstring(responce.readAll())
  else
	return false
  end
end

loadstring runs in the global environment(_G), so unless you disabled fs globally, it's still acessible.

I did a quite thorough sandboxing recently, which you can have a look at

local tDisabled = { --disabled APIs and functions, edit them if you wish...
  fs = true,
  term = true,
  turtle = true,
  loadfile = true,
  dofile = true,
  io = true,
  paintutils = true,
  window = true,
  shell = true,
  multishell = true,
  print = true,
  write = true
}
local disabled_G = {}
for k,v in pairs(_G) do
  if tDisabled[k] then
	disabled_G[k] = (
	  type(v) == "table"
	  and setmetatable(
		{},
		{
		  __index = function()
			error(k.." functions are disabled within the code tool!",2)
		  end
		}
	  )
	) or (
	  function()
		error(k.." is disabled within the code tool!",2)
	  end
	)
  elseif type(v) == "table" then
	disabled_G[k] = setmetatable({},{__index = v})
  end
end
disabled_G.getfenv = function(level)
  local env = getfenv(level)
  if env == progEnv
  or env == disabled_G
  or env == _G then
	return codeEnv
  end
  return env
end
setmetatable(
  codeEnv,
  {
	__index = setmetatable(
	  disabled_G,
	  {
		__index = _G,
		__metatable = {}
	  }
	),
	__metatable = codeEnv
  }
)
codeEnv._G = codeEnv

setfenv(loadedFunc,codeEnv)

Setfenv simply changes the environment of a given function or the current execution environment. So what you have to do, is create your own environment which the web pages have access to. Then you have to make sure they can't access the functions you don't want them to access from there, while still being able to access the ones you want them to.

os.queueEvent could easily be locally modified to ignore mouse clicks.

No, I'm not going to disable queueEvent like that. I want to give websites as much access I can without letting them be malicous
I'm very confused at your code. It's probably because your style is much different then mine, but I generally can't read it.