XWidgetSoft Forum

Some of the code questions recently have be relating to accessing files on the uses computer and sending or receiving information from the net.
Is it possible that code written in a widget can do harm to your computer or be sending information from your computer via the net ?
If yes, do widgets need to have some form of security that prevent internet access unless allowed by the user, because giving xwidget access to the net in your firewall settings allows all widgets to access the net and do what ever they want.
If code in widgets can create or delete files on the users computer what prevents them from harming your computer when you first start a widget, virus scanners would not detect this script as a risk.

Are any of my concerns valid

Sorry meme but there absolutely NO REASON to worry about all these!!! Xwidget just using the codes/script takes info from YOUR computer hardware! And for the net is nothing to do with firewall settings or sending informations. The various script codes (not always used) are made by who create the widget and changing even a single "," doesn't work. Is like a designing software that you give the commands to your designs to work. The codes just NOT create or delete files on the computer!!! Tony surely can explain it better but enjoy XWidget without fear!

_________________
...and remember: don't take life too seriously...
My profile on Deviantart: http://jimking.deviantart.com/

In fact, you can delete files from your PC via codes and upload some information to internet.
Tony will check whether there are harmful codes in widget before collect widget to gallery. All widgets in gallery are safe.
Be careful when use widget got from other places, it may do harm to your PC.

Thank you qiancang for your reply
So any code instructions that are possible in javascript can be run on your computer with out your knowledge.
Tony may check the widgets that make it to the gallery, but the ones shared in this forum are not checked.
When you unpack and install a new widget its code may automatically run and by then it is too late.
Is there any way the code can be viewed before starting the widget ?
I know the code can be viewed by looking at the "script.js" file, but how can you unpack and install the widget without starting it ?

open .xwidgetpkg file with winrar or 7zip , then you can check the code.

Thanks again qiancang, good to know

In fact this is the issue Ms removed windows sidebar in windows 7 sp 1. I think it will be a good thing to implement a sandbox with permissions... something like that is done in Java

_________________
Life is a myriad game... Just play it!

It is also similar to the risk that VBA macros have in MS office documents.
Some macros pose a potential security risk, a person with malicious intent can introduce a destructive macro, in a document or file, which can harm your computer or send information from your computer via the internet.
Maybe a similar approach can be used for xwidget code security.

But it's difficult... you need to develop your own script engine (tremendous task). It will also increase the size of executable. Currently XWidget uses Windows Script Host. It has a security model but IMHO, it's too difficult to implement... Lets see if Tony, includes it.

_________________
Life is a myriad game... Just play it!