Talk
Intermediate

How I built secure plugin system on the web

Approved

Session Description

Last year, as part of my Google Summer of Code project, I worked on developing a plugin system for a web-based application, MIT App Inventor 2. In this talk, I will share my journey of designing a secure, sandboxed environment for executing untrusted code on the web. I will discuss the key challenges I encountered, the security implications of running untrusted code, the various approaches I explored including iframes, a JS engine compiled to web assembly, and web workers, and how I settled on the final solution.

Key Takeaways

  • What is MIT App Inventor?
  • What are plugins?
  • Need for enhancing App Inventor's existing extension system.
  • What makes building a plugin system on the web so hard?
  • Various ways that I researched during GSoC for untrusted code execution, including iframes, a JS engine compiled to web assembly, and web workers.
  • Why I decided to go with the final solution?

References

https://summerofcode.withgoogle.com/archive/2024/projects/RFL60jSR
https://github.com/shreyashsaitwal/gsoc24

Session Categories

FOSS

Speakers

Shreyash Saitwal
Student
https://bento.me/shreyashsaitwal
Shreyash Saitwal

Reviews

0 %
Approvability
0
Approvals
0
Rejections
0
Not Sure
No reviews yet.