Windy Community
    • Unread
    • Categories
    • Groups
    • Go to windy.com
    • Register
    • Login

    How to document a plugin?

    Windy Plugins
    5
    12
    3.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mhaberlerM
      mhaberler @rittels | Premium
      last edited by mhaberler

      I second @rittels suggestion for "encode plugins to load in URL"

      the current sequence (click hamburger menu -> Load plugin -> type name -> hit "Load") is fine for geeks, but rather cumbersome for non-technical users

      why not have it as simple as:

      https://www.windy.com/?plugin=traj
      

      and show the map panel if the plugin loaded OK - just show an error message if the load failed

      MUCH lower hassle factor

      Michael

      1 Reply Last reply Reply Quote 0
      • ivoI
        ivo Administrator
        last edited by

        Basicly the plugins are a slight security threat running JS in the same context. We plan to make nice plugin Gallery and loading/opening plugins much more easy, yet we do not believe that opening URL is good idea.

        This way an attacker can submit an attacker can submit a link with malware JS plugin in path. We routinely check source code of published plugins to make sure this will not happen.

        mhaberlerM jakubvranaJ 2 Replies Last reply Reply Quote 0
        • mhaberlerM
          mhaberler @ivo | Premium
          last edited by

          @ivo how do you think about a signature check for verified plugins?

          verified plugins which pass the signature check can load via URL, others must go via enter name/click load

          Michael

          ivoI 1 Reply Last reply Reply Quote 1
          • ivoI
            ivo Administrator @mhaberler
            last edited by

            @mhaberler Good idea

            1 Reply Last reply Reply Quote 2
            • mhaberlerM
              mhaberler | Premium
              last edited by

              it's all about streamlining the common case.

              An advanced user or developer can well be subjected to jump the occasional hoop.

              Michael

              1 Reply Last reply Reply Quote 0
              • T
                TomSlavkovsky API developers | Premium
                last edited by

                @mhaberler The new plugin gallery is now live.

                mhaberlerM 1 Reply Last reply Reply Quote 1
                • mhaberlerM
                  mhaberler | Premium
                  last edited by

                  makes the common case a snap. very well done!

                  Michael

                  1 Reply Last reply Reply Quote 0
                  • mhaberlerM
                    mhaberler | Premium
                    last edited by

                    @ivo eye: https://www.figma.com/blog/how-we-built-the-figma-plugin-system/

                    Michael

                    1 Reply Last reply Reply Quote 0
                    • mhaberlerM
                      mhaberler @TomSlavkovsky | Premium
                      last edited by

                      @TomSlavkovsky @ivo what do you think about making plugins a permanent affair, like in browsers?

                      so the whole clickety-click dance at startup becomes a one-time affair?

                      that does have UI implications like - no immediate popup of menus etc - only right-click

                      Michael

                      1 Reply Last reply Reply Quote 0
                      • jakubvranaJ
                        jakubvrana @ivo | Premium
                        last edited by

                        @ivo said in How to document a plugin?:

                        Basicly the plugins are a slight security threat running JS in the same context. We plan to make nice plugin Gallery and loading/opening plugins much more easy, yet we do not believe that opening URL is good idea.

                        This way an attacker can submit an attacker can submit a link with malware JS plugin in path. We routinely check source code of published plugins to make sure this will not happen.

                        A simple solution which is not a security risk is to open a pre-filled form which the user has to confirm. E.g. https://www.windy.com/?plugin=windy-plugin-pg-mapa would open this:

                        pre-filled form

                        The user then needs to click Load & activate.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Windyty, S.E. - all rights reserved. Powered by excellent NodeBB
                        NodeBB & contributors, OSM & contributors, HERE maps
                        Terms of Use     Privacy Policy