PLUGIN: AGS_BrowseTo

naltimari · Sat 20/09/2008 19:06:47

I wrote a very simple plugin to open a browser window in any given website. I was thinking in posting it here and give something back to this community, which has been awesome to me. But before doing so, I want to hear feedback from you.

Right now, the plugin can open a local html page, which sits in the same folder as the compiled game, or, if the address starts with http:, it opens a web page. Both of them open in iexplore.exe, which is hard-coded by now.

Do you guys have any use for this, and if so, any requirements that I should include? Also, suggestions are welcome.

DoorKnobHandle · Sat 20/09/2008 20:35:31

Well, it would be very practical to figure out a way to use the user's standard browser. Some people don't even have the Internet Explorer installed, etc.

I tried this myself with a plugin once, too, couldn't get it to work (although I'm really not that experienced with the win-api) and just concluded that AGS was not allowing these calls for safety purposes. How did you do it? :p And, is this really safe? I mean, if I download some guy from some guy, possibly from some[/b] webside, I don't want it to call porn or virus-infected sites or whatever.

naltimari · Sun 21/09/2008 04:07:23

Quote from: dkh on Sat 20/09/2008 20:35:31
Well, it would be very practical to figure out a way to use the user's standard browser. Some people don't even have the Internet Explorer installed, etc.

I totally agree with you, ideally, the default browser should pop up. It's an extra mile I was too lazy to go through, but I will look into it. But as for IE not being installed, I guess it's not even possible... IE is buried way too deep inside Windows.

Quote from: dkh on Sat 20/09/2008 20:35:31
How did you do it?

In the most simple way possible, using ShellExecuteEx(). CreateProcess() is also a way, but that would be a little more trouble.

Quote from: dkh on Sat 20/09/2008 20:35:31
And, is this really safe? I mean, if I download some guy from some guy, possibly from some[/b] webside, I don't want it to call porn or virus-infected sites or whatever.

That's definetly an issue, but you incur that risk whenever there's a plug-in involved. Any plugin can be used to host malicious code, since it is a DLL. I mean, even if you trust a plugin, there's nothing that guarantees that the DLL you're using is 'safe', unless you inspect the code and compile the plugin yourself. But that's not feasible, especially in windows-land.

Unless CJ implements code signing in the engine somehow, there is no way to prevent malicious code inside the plugins. It would be simple to do it, though. The plugins could be signed using a MD5 hash of the original source file, for example. Then in the editor, you should enter this hash in order to use the plugin and compile the game. Of course, the plugin author should publish the proper MD5 hash for his plugin, as well as having his plugin code verified by some trusted source, like CJ himself...

EDIT: Maybe I misinterpreted your post. Of course, using such a plugin, any game writer potentially could open a page to whatever website he wants. I wouldn't want to ask the user to confirm whether he wants to browse to some site or not, but that's a possibility.

DoorKnobHandle · Sun 21/09/2008 11:57:42

Quote from: naltimari on Sun 21/09/2008 04:07:23
Quote from: dkh on Sat 20/09/2008 20:35:31
Well, it would be very practical to figure out a way to use the user's standard browser. Some people don't even have the Internet Explorer installed, etc.

I totally agree with you, ideally, the default browser should pop up. It's an extra mile I was too lazy to go through, but I will look into it. But as for IE not being installed, I guess it's not even possible... IE is buried way too deep inside Windows.

I see, well, just a suggestion for a version 1.1, I guess!

Quote from: naltimari on Sun 21/09/2008 04:07:23
Quote from: dkh on Sat 20/09/2008 20:35:31
How did you do it?

In the most simple way possible, using ShellExecuteEx(). CreateProcess() is also a way, but that would be a little more trouble.

That's just what I tried, whatever, must've messed up something.

Quote from: naltimari on Sun 21/09/2008 04:07:23
Quote from: dkh on Sat 20/09/2008 20:35:31
And, is this really safe? I mean, if I download some guy from some guy, possibly from some[/b] webside, I don't want it to call porn or virus-infected sites or whatever.

That's definetly an issue, but you incur that risk whenever there's a plug-in involved. Any plugin can be used to host malicious code, since it is a DLL. I mean, even if you trust a plugin, there's nothing that guarantees that the DLL you're using is 'safe', unless you inspect the code and compile the plugin yourself. But that's not feasible, especially in windows-land.

Unless CJ implements code signing in the engine somehow, there is no way to prevent malicious code inside the plugins. It would be simple to do it, though. The plugins could be signed using a MD5 hash of the original source file, for example. Then in the editor, you should enter this hash in order to use the plugin and compile the game. Of course, the plugin author should publish the proper MD5 hash for his plugin, as well as having his plugin code verified by some trusted source, like CJ himself...

EDIT: Maybe I misinterpreted your post. Of course, using such a plugin, any game writer potentially could open a page to whatever website he wants. I wouldn't want to ask the user to confirm whether he wants to browse to some site or not, but that's a possibility.

You're absolutely right, there's no way to be safe with (AGS) games... ever. Any plugin could contain malware and in the end, people could even write their own malware and easily make it look like an AGS game in no time, just change a few names and icons and there you are. As you said in your edit, my concern is just that allowing people to redirect users to websites makes it all a lot easier. I mean, with the amount of joke-games we have and are still getting every month, I wonder how many would use this to direct you to questionable content just because the author thinks its funny. I'm undecided on this issue.

Good work though and I think that - at least in theory - it's an important feature for AGS to allow this, especially for demos to redirect players to the project's website after ending the game, like many commercial games do.

naltimari · Mon 22/09/2008 03:22:17

Quote from: dkh on Sun 21/09/2008 11:57:42
You're absolutely right, there's no way to be safe with (AGS) games... ever. Any plugin could contain malware and in the end, people could even write their own malware and easily make it look like an AGS game in no time

Well, these days you must use extra caution to download only from trusted sources.

Anyway, I wrote the plugin with a clear use case in mind, which is to enable the user to print some stuff from the game on his local printer. Since AGS does not have printing functionality (which is totally understandable), I decided to use a Flash file, so I need to call the browser and point it to this Flash file when the game exits. Hence, the plugin was made.

As you said in your edit, my concern is just that allowing people to redirect users to websites makes it all a lot easier.

Well, anybody with a reasonable amount of knowledge can code a plugin like mine, but I see your point. I am going to insert some sort of confirmation to the end user, prior to opening the browser window.

Quote from: dkh on Sun 21/09/2008 11:57:42
I mean, with the amount of joke-games we have and are still getting every month, I wonder how many would use this to direct you to questionable content just because the author thinks its funny. I'm undecided on this issue.

Ok, so the confirmation seems to alleviate this...

Quote from: dkh on Sun 21/09/2008 11:57:42
Good work though and I think that - at least in theory - it's an important feature for AGS to allow this, especially for demos to redirect players to the project's website after ending the game, like many commercial games do.

Yeap, I wrote it with legitimate use in mind...

JpSoft · Tue 23/09/2008 22:52:51

I believe this is a wonderfull plugin to add. It could be usefull in demos (as mentioned before), to download expansions directly, to directly link to a walk-trhow page, and many other things;AGS could offer a new world of posibilites to the game creator and some games could be easily expanded.

I believe that the final user confirmation could be optional (as a programmer, i hate when the tools are not fully customizable); for security purposes, i believe is a good idea if the final release of the plugin is available in the same site as AGS, so the creator knows that the plugin is at least than trustable as AGS itself (of course, CJ must add a download link to it in the AGS main page)

Hope it helps.

Jpsoft

naltimari · Wed 24/09/2008 03:35:21

Quote from: JpSoft on Tue 23/09/2008 22:52:51
AGS could offer a new world of posibilites to the game creator and some games could be easily expanded.

Well, I really aprecciate your comments and enthusiasm Jp, but everything my plugin does so far is open a browser window on a given website...

To be able to 'expand a game' using my plugin, you would have to open a browser window, then ask the user to click on some link, most likely an .exe or a zip, and then ask him to extract/execute it. Two out of three actions are outside the scope of my plugin, then I wouldn't say that games can be 'easily expanded' with it...

Anyway, if you want to go in that direction, take a look at the FileNet plugin, I think it would suit this better.

Quote from: JpSoft on Tue 23/09/2008 22:52:51
I believe that the final user confirmation could be optional (as a programmer, i hate when the tools are not fully customizable)

Yes, I hate it too, but I wonder if you, as a gamer, would like to be taken, out of the blue, to some .ru website in the middle of the game, just because the game author wanted to increase his pageviews and generate traffic... :

I would hate to stain AGS's reputation as a safe gaming platform with my plugin, so, for the sake of it, and my own peace of mind, I guess some sort of confirmation is needed.

Quote from: JpSoft on Tue 23/09/2008 22:52:51
for security purposes, i believe is a good idea if the final release of the plugin is available in the same site as AGS, so the creator knows that the plugin is at least than trustable as AGS itself (of course, CJ must add a download link to it in the AGS main page)

This is not really necessary, and it would create yet another burden for Chris. The plugin author can post the MD5 hash of the DLL on the plugin thread, then anyone can check the file to see if it is legit, regardless of where it was downloaded from or hosted at.

scotch · Wed 24/09/2008 09:03:09

Dave Gilbert needed something like this a long time ago, and I gave him the ags shell plugin: http://www.adventuregamestudio.co.uk/yabb/index.php?topic=30948.msg397988#msg397988
So the ShellExecute method should work fine for loading a default browser.

naltimari · Thu 25/09/2008 21:40:37

Quote from: scotch on Wed 24/09/2008 09:03:09
Dave Gilbert needed something like this a long time ago, and I gave him the ags shell plugin: http://www.adventuregamestudio.co.uk/yabb/index.php?topic=30948.msg397988#msg397988
So the ShellExecute method should work fine for loading a default browser.

Yeah, that is basically what I encapsulated in my plugin. It was nice to see your handling of the URL, through rundll32.exe, to open the default browser. I used the same call and now my plugin opens the page in the default browser too!

I find a little scary that anyone using your plugin can call ShellExecute and basically do whatever they want on my machine... in windows land, this can lead to disastrous effects...

Anyway, my plugin also enables you to open a local page, provided it is on the same folder as the compiled game or the saved games folder. I have to rely on windows API to find the path to these folders, since AGS (for security reasons) won't tell you where they are.