[x3d-public] Latest X3DJSONLD uses scripts. New disclaimer. Do not use unless you *really* know what JSON you are loading! and have inspected the JSON!

John Carlson yottzumm at gmail.com
Sat Nov 21 01:54:27 PST 2015


DANGER DANGER DANGER

Okay, I modified my loader to accept #sourceText.  But fields don’t work on the script.  Straight javascript does.  I put an alert() into:

www.web3d.org/x3d/content/examples/Basic/ScriptConformance/TouchSensorIsOverEventECMAScript.json

and was able to see the alert.  The colors didn’t change because the Route isn’t connected to the script and the fields are not connected to the JavaScript.

This needs further development.


Beware of the Javascript you put in X3D JSON file.  I believe the #sourceText attribute can be placed almost anywhere, not just in a script.  Beware, beware.  We may want to limit where #sourceText goes with a schema entry, but right now, I don’t care where I see it, I just eval it.  Eval is bad.  I know.  Any JavaScript interpreter experts out there?

Disclaimer:  This loader https://github.com/coderextreme/X3DJSONLD <https://github.com/coderextreme/X3DJSONLD> could possibly be a security risk if you are downloading JSON from known and unknown sources.  Use with EXTREME caution.  Do not load JSON that you have not inspected.  Do not load JSON from database that have not been scrubbed for scripts inserted from unknown places.  If you use this script, you are responsible for the consequences. I am not liable if you use this script.   This script does not scrub JavaScript for nasties.  Does anyone know of a good JavaScript inspector.  Can I use Caja?
 

DANGER DANGER DANGER  THIS IS FOR REAL.

John
> On Nov 21, 2015, at 3:01 AM, John Carlson <yottzumm at gmail.com> wrote:
> 
> For example:
> 
> www.web3d.org/x3d/content/examples/Savage/Environment/TimeOfDay/TimeOfDay.json <http://www.web3d.org/x3d/content/examples/Savage/Environment/TimeOfDay/TimeOfDay.json>
> 
> has 3 set_boolean functions and in 3 different scripts.  It would seem like I should treat these differently.  I was thinking about adding a numbered object around the functions to create some scope for the function, but I think I’ll have to deal with fields, and routes to those fields etc. etc. If cobweb can handle multiple functions with the same name (can it?), can we use it?  I’m pretty sure ordinary JavaScript will overwrite the function declaration if it sees another one.
> 
> I will try a basic load for right now.  I think we’ll need something more complex.
> 
> John
>> On Nov 20, 2015, at 10:35 AM, John Carlson <yottzumm at gmail.com <mailto:yottzumm at gmail.com>> wrote:
>> 
>> Which is why I brought up name scopes.  Should we try a JSON -> Cobweb loader instead of a JSON -> X3DOM loader?
>> 
>> On Nov 20, 2015 9:07 AM, "Leonard Daly" <web3d at realism.com <mailto:web3d at realism.com>> wrote:
>> I think trying to figure out the encoding of a Script node is getting a little ahead of things. 
>> 
>> JSON code is typically executed to create the data structure(s). In this case it appears that the result will be to put the script code into a variable that needs to be executed again. Unless JSON is to be used as another encoding for storage and transport, I think the use within HTML needs to be settled first.
>> 
>> 
>> Leonard Daly
>> 
>> 
>> 
>> 
>>> The 3-way option for Script #source is now deployed in the examples, described on the X3dToJson stylesheet page, and implemented in X3D-Edit to facilitate testing.  Conversion parameters panel screenshot attached. 
>>> 
>>> http://www.web3d.org/x3d/stylesheets/X3dToJson.html#Options <http://www.web3d.org/x3d/stylesheets/X3dToJson.html#Options> 
>>> https://savage.nps.edu/X3D-Edit/#new <https://savage.nps.edu/X3D-Edit/#new> 
>>> https://savage.nps.edu/X3D-Edit/images/X3dToJsonConversionPanel.png <https://savage.nps.edu/X3D-Edit/images/X3dToJsonConversionPanel.png> 
>>> 
>>> On 11/18/2015 4:43 PM, Don Brutzman wrote: 
>>>> OK and now for the next level for Script source code in JSON form... 
>>>> 
>>>>      "When you come to a fork in the road, take it." Yogi Berra 
>>>> 
>>>> John:  let's make the #source content a string array, and then authors/tools/files can use any of the three forms equivalently.  first 2 out of 3 pass jslint, likely 3 out of 3 just plain work. 
>>>> 
>>>> as before, but in consistent ["string-array"] form: 
>>>> 
>>>> - array of one plaintext block string. 
>>>> - array of one single-line string with all linefeeds and tabs escaped as \n and \t. 
>>>> - array of multiple one-line strings as shown below. 
>>>> 
>>>> A commonly acceptable solution for each of the alternatives takes all the sting out of any choice, we don't have to worry about tradeoff advantages/disadvantages. 
>>>> 
>>>> Pretty exciting that a no-lose approach might exist to cope with this situation!  8) 
>>>> 
>>>> So I will change stylesheet support for the three alternatives to all be string _array_ and rebuild the examples. 
>>>> 
>>>> I hope this fine tuning doesn't interrupt your loader efforts. 
>>>> 
>>>> p.s. cosmetic: maybe we should rename #source to #sourceText or somesuch - a more descriptive key name might also be preferable. 
>>>> 
>>>> 
>>>> On 11/17/2015 10:17 PM, Don Brutzman wrote: 
>>>>> [summary: from plaintext block to total escapism and now to string array for #source block] 
>>>>> 
>>>>> On 11/17/2015 7:21 AM, John Carlson wrote: 
>>>>>> Why isn't an array of strings acceptable? 
>>>>> 
>>>>> On 11/17/2015 7:23 AM, John Carlson wrote: 
>>>>>> It's a typical javascript pattern to create arrays of strings and then join them. 
>>>>> 
>>>>> glad to hear it! 
>>>>> 
>>>>> If arrays of json strings are typical and acceptable and not an undue complication for plain old javascript programmers, then it is certainly fine with me.  I strongly believe that human readability is important.  Quoted strings are surely better than garble. 
>>>>> 
>>>>> It is no trouble for me to export .x3d to .json #source that way as well.  I have added another option to the stylesheet switch tonight to produce that alternative. 
>>>>> 
>>>>> Example attached, excerpt follows.  Hmmm, not too bad, and certainly not confusable. 
>>>>> 
>>>>> I will again regenerate all examples in that form if opinions are leaning that way. 
>>>>> 
>>>>> ========================================== 
>>>>>              "-children":[ 
>>>>>                { "Script": 
>>>>> [...snip...] 
>>>>>                    "#source":[ 
>>>>> "ecmascript:", 
>>>>> "function initialize ()", 
>>>>> "{", 
>>>>> "    checkCoordinatePoints ();", 
>>>>> "}", 
>>>>> "function checkCoordinatePoints ()", 
>>>>> "{", 
>>>>> "    // A parallelepiped has three sets of four parallel edges; the edges within each set are of equal length.", 
>>>>> "    // Quality assurance: check that lengths of corresponding sides match.", 
>>>>> "    ", 
>>>>> "    edge01 = length2(point[0], point[1]); // top", 
>>>>> "    edge12 = length2(point[1], point[2]);", 
>>>>> "    edge23 = length2(point[2], point[3]);", 
>>>>> "    edge30 = length2(point[3], point[0]);", 
>>>>> "    edge45 = length2(point[4], point[5]); // bottom", 
>>>>> "    edge56 = length2(point[5], point[6]);", 
>>>>> "    edge67 = length2(point[6], point[7]);", 
>>>>> "    edge74 = length2(point[7], point[4]);", 
>>>>> "    edge04 = length2(point[0], point[4]); // sides", 
>>>>> "    edge15 = length2(point[1], point[5]);", 
>>>>> "    edge26 = length2(point[2], point[6]);", 
>>>>> "    edge37 = length2(point[3], point[7]);", 
>>>>> "    ", 
>>>>> "    epsilon = edge01 * 0.001;", 
>>>>> "    ", 
>>>>> "    if      ((Math.abs(edge01 - edge23) > epsilon) ||", 
>>>>> "             (Math.abs(edge23 - edge67) > epsilon) ||", 
>>>>> "             (Math.abs(edge67 - edge45) > epsilon) ||", 
>>>>> "             (Math.abs(edge45 - edge01) > epsilon))", 
>>>>> "         Browser.println ('Warning, mismatched parallelopiped sides 02/33/45/67');", 
>>>>> "    else if ((Math.abs(edge30 - edge12) > epsilon) ||", 
>>>>> "             (Math.abs(edge12 - edge56) > epsilon) ||", 
>>>>> "             (Math.abs(edge56 - edge74) > epsilon) ||", 
>>>>> "             (Math.abs(edge74 - edge30) > epsilon))", 
>>>>> "         Browser.println ('Warning, mismatched parallelopiped sides 30/12/56/74');", 
>>>>> "    else if ((Math.abs(edge04 - edge15) > epsilon) ||", 
>>>>> "             (Math.abs(edge15 - edge26) > epsilon) ||", 
>>>>> "             (Math.abs(edge26 - edge37) > epsilon) ||", 
>>>>> "             (Math.abs(edge37 - edge04) > epsilon))", 
>>>>> "         Browser.println ('Warning, mismatched parallelopiped sides 04/15/26/37');", 
>>>>> "}", 
>>>>> "function length2 (pointA, pointB)", 
>>>>> "{    ", 
>>>>> "    return Math.sqrt((pointA.x - pointB.x)*(pointA.x - pointB.x) +", 
>>>>> "                     (pointA.y - pointB.y)*(pointA.y - pointB.y) +", 
>>>>> "                     (pointA.z - pointB.z)*(pointA.z - pointB.z));", 
>>>>> "}", 
>>>>> "function set_point (eventValue)", 
>>>>> "{", 
>>>>> "   // input eventValue received for inputOutput field", 
>>>>> "    point = eventValue;", 
>>>>> "    checkCoordinatePoints ();", 
>>>>> "}" 
>>>>> ] 
>>>>>                  } 
>>>>>                } 
>>>>>              ] 
>>>>> ========================================== 
>>>>> 
>>>>> Example reassembly to join strings back together in javascript: 
>>>>> 
>>>>> http://stackoverflow.com/questions/2392766/multiline-strings-in-json <http://stackoverflow.com/questions/2392766/multiline-strings-in-json> 
>>>>>> Once parsed, I just use myData.modify_head.join('\n') or myData.modify_head.join(), 
>>>>>> depending upon whether I want a line break after each string or not. 
>>>>> 
>>>>> Wondering, what would that join() code specifically look like for an X3D JSON loader? 
>>>>> 
>>>>> Looking forward: seems like a group/community decision if we want to specify a string array as X3D JSON default for #source blocks. 
>>> 
>>> all the best, Don 
>>> 
>>> 
>>> _______________________________________________
>>> x3d-public mailing list
>>> x3d-public at web3d.org <mailto:x3d-public at web3d.org>
>>> http://web3d.org/mailman/listinfo/x3d-public_web3d.org <http://web3d.org/mailman/listinfo/x3d-public_web3d.org>
>> 
>> 
>> -- 
>> Leonard Daly
>> X3D Co-Chair
>> Cloud Consultant
>> President, Daly Realism - Creating the Future
>> 
>> _______________________________________________
>> x3d-public mailing list
>> x3d-public at web3d.org <mailto:x3d-public at web3d.org>
>> http://web3d.org/mailman/listinfo/x3d-public_web3d.org <http://web3d.org/mailman/listinfo/x3d-public_web3d.org>
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20151121/04a21803/attachment-0001.html>


More information about the x3d-public mailing list