Skip to Main Content
Talk Intermediate

How I built secure plugin system on the web

Approved
Session Description

Last year, as part of my Google Summer of Code project, I worked on developing a plugin system for a web-based application, MIT App Inventor 2. In this talk, I will share my journey of designing a secure, sandboxed environment for executing untrusted code on the web. I will discuss the key challenges I encountered, the security implications of running untrusted code, the various approaches I explored including iframes, a JS engine compiled to web assembly, and web workers, and how I settled on the final solution.

Key Takeaways
  • What is MIT App Inventor?
  • What are plugins?
  • Need for enhancing App Inventor's existing extension system.
  • What makes building a plugin system on the web so hard?
  • Various ways that I researched during GSoC for untrusted code execution, including iframes, a JS engine compiled to web assembly, and web workers.
  • Why I decided to go with the final solution?

References

https://summerofcode.withgoogle.com/archive/2024/projects/RFL60jSR
https://github.com/shreyashsaitwal/gsoc24

Session Categories

FOSS

Speakers

Shreyash Saitwal
Student

Shreyash is an engineering undergrad. He's a Google Summer of Code contributor and is currently working as a SWE at a US-based startup. He loves to code and has been involved in the world of open-source for many years. He also leads the FOSS Club at his college, fostering and promoting free and open-source software and its development.

 https://bento.me/shreyashsaitwal
Shreyash Saitwal

Reviews

No reviews yet.