How to document a plugin?
-
It would be great to use the url query str to load and mount a plugin. Also provide parameters that one can read from within the plugin.
Something like: www.windy.com/plugins/traj/?parameter1=x&......
@mhaberler tells me the traj plugin appears to be gaining popularity among non-geek balloonists.
-
I second @rittels suggestion for "encode plugins to load in URL"
the current sequence (click hamburger menu -> Load plugin -> type name -> hit "Load") is fine for geeks, but rather cumbersome for non-technical users
why not have it as simple as:
https://www.windy.com/?plugin=traj
and show the map panel if the plugin loaded OK - just show an error message if the load failed
MUCH lower hassle factor
-
Basicly the plugins are a slight security threat running JS in the same context. We plan to make nice plugin Gallery and loading/opening plugins much more easy, yet we do not believe that opening URL is good idea.
This way an attacker can submit an attacker can submit a link with malware JS plugin in path. We routinely check source code of published plugins to make sure this will not happen.
-
@ivo how do you think about a signature check for verified plugins?
verified plugins which pass the signature check can load via URL, others must go via enter name/click load
-
@mhaberler Good idea
-
it's all about streamlining the common case.
An advanced user or developer can well be subjected to jump the occasional hoop.
-
@mhaberler The new plugin gallery is now live.
-
makes the common case a snap. very well done!
-
-
@TomSlavkovsky @ivo what do you think about making plugins a permanent affair, like in browsers?
so the whole clickety-click dance at startup becomes a one-time affair?
that does have UI implications like - no immediate popup of menus etc - only right-click
-
@ivo said in How to document a plugin?:
Basicly the plugins are a slight security threat running JS in the same context. We plan to make nice plugin Gallery and loading/opening plugins much more easy, yet we do not believe that opening URL is good idea.
This way an attacker can submit an attacker can submit a link with malware JS plugin in path. We routinely check source code of published plugins to make sure this will not happen.
A simple solution which is not a security risk is to open a pre-filled form which the user has to confirm. E.g. https://www.windy.com/?plugin=windy-plugin-pg-mapa would open this:
The user then needs to click Load & activate.