Ability to save strategies from the Web
Opened this issue · 1 comments
Clearly, Dominiate would be more pleasant to use if you could save strategies to the Internet, retrieve them, and link to them.
I rather like the fact that Dominiate runs without a server (besides GitHub's web server). To be able to save strategies, then, we need an external place we can save to.
My current thought is to use our Wiki on GitHub to store strategies, which requires only a GitHub account (no particular permissions). I've figured out how to automatically generate Wiki posts where the user just needs to click "save". This would require people to have GitHub accounts to save things, though, which may be a mental barrier to entry.
gist.github.com allows anonymous posts, but then the URL you get is an arbitrary number, so you'd have to hold onto that number to save the strategy. I just had a wacky idea involving sending the resulting URL to TinyURL and giving it a name again. One problem with that is that you couldn't revise a strategy under the same name.
And I suppose a system that let you alter existing strategies, completely anonymously, would be vulnerable to griefing.
Any other ideas?
{
name: 'DoubleHack'
requires: []
gainPriority: (state, my) ->
console.log document.cookie
[]
}Griefing isn't the main vulnerability. As far as I can tell, you have full access to the DOM from within the scripts. Letting anonymous users post these scripts for others to run is pretty much the definition of XSS.
There are Javascript sandboxes that could mitigate the problem (ADsafe, for one). I don't know how hard they'd be to use.
As for storage, I don't know how much traffic you'd expect, but I imagine it'd be easy to throw something together on S3 or AppEngine. I would expect the total traffic and storage size would be free or very nearly free.