I like the idea, because it is useful information for the users. Here are some of the thoughts I gathered for this:
<brainstorm xmlns="https://en.wikipedia.org/wiki/Brainstorming";> Why can't the About= entry contain this information? I'm unsure whether "UnlockInfo" is the best name. Is it safe to assume that this entry will only be relevant for modules with a CipherKey= entry? Using HTML might be a can of worms: * What version of HTML is permitted? * How do we ensure future-compatibility? * If the contents for the UnlockInfo field are to contain a segment of HTML (and not a whole HTML document), what is the content model? * For example, would it be safe to embed the contents of the UnlockInfo field directly inside a <td> element or should it be a <p>? * Can UnlockInfo= contain <img>/<audio>/<video>/<object>/<embed>/<script> etc elements? * How about attributes, e.g. <strong style='background:url("http://track.me/I_consent";)'> or <span onClick="doBadStuff()">? Modules can originate from untrusted sources. I think it might be a bit too much to assume that all frontends can properly sanitize the HTML value, unless we only allow a very restricted subset of the HTML syntax, e.g. only plain text, HTML entities and <a> elements only one allowed and mandatory href attribute. Note that <b> and <i> etc are discouraged in HTML5, <u> was completely redefined. Will <a> ("anchor") still be valid in HTML6 or will <link> be repurposed for hyperlinks as well? Hence I suggest to use a simple URL (or URI, RFC 3986) instead of HTML. Simple documents (including HTML pages, PDF or any other types of files) could be embedded using the data: URI scheme (RFC 2397). Frontends could pass the URI to the OS/desktop/browser to be opened or attempt to display the information inline (e.g. show a web view widget for HTTP/HTTPS URIs or similar). Optionally, frontends can display a warning/confirmation dialog to the user before opening the URI. Perhaps it would be wiser to have two fields: one for the URI and another for plain text? I currently have no suggestions for the exact semantics of naming of such entries, but both of these could be displayed by frontends. The plain text could be a description of the URI, or contain full information about obtaining the key. One or both of the entries could be optional. Frontends could opt to detect URLs in the plain text as well and render these as hyperlinks. Or perhaps we should use a subset of markdown or similar instead? However, other markup languages could suffer from problems similar to HTML. </brainstorm> J On 30.12.18 00:02, Troy A. Griffitts wrote: > Dear Frontend Developers, > > In an effort to gain more publishers-- even those who desire to lock and > sell some of their modules, I would like to add a new .conf entry: > > UnlockInfo > > Up until now, we've relied on the About entry containing something that > lets the user know how to obtain unlock codes from publishers selling > codes to unlock their modules. This entry would isolate just those > instructions to a specific entry and would allow a frontend to do > something like: > > If (moduleToInstall.getConfEntry("UnlockInfo")) { > > showDialog("<p>The publisher of this modules requires for you to > obtain an unlock code. This code can be entered below, instructions > from the publisher are as follows:</p>" + > moduleToInstall.getConfEntry("UnlockInfo")); > > } > > Like many of our entries, this new UnlockInfo entry will allow HTML > links and will likely contain a direct link from the publisher to their > store entry to purchase an unlock code. > > An example would be something like: > > UnlockInfo=An unlock code for the Larry Fitzgerald NFL HOF Edition of > the New Testament, with memorable career moments encouraging the > believer to press on when those around fall short, may be obtained > directly from the NFL store here: <a target="_blank" > href="https://nfl.com/shop/lf-nfl-hof-nt-sword-module";>Larry Fitzgerald > NFL HOF Edition of the New Testament - SWORD Module</a> > > Let me know if you have any comments or ideas, > > Troy > > > > _______________________________________________ > sword-devel mailing list: sword-devel@crosswire.org > http://www.crosswire.org/mailman/listinfo/sword-devel > Instructions to unsubscribe/change your settings at above page > _______________________________________________ sword-devel mailing list: sword-devel@crosswire.org http://www.crosswire.org/mailman/listinfo/sword-devel Instructions to unsubscribe/change your settings at above page
