file execution

GeometriX Maybe I'm playing devils advocate a little and personally have no use for running an Exe...

I would be the first to admit I am no web developer, and thought that the HTML5 environment was closed off from the system, but, I am pretty aware of exterior threats via internet or elsewhere, My concern is more general and for the people that are less careful...

I am a little confused as there seems to be a definitive yes and no response to this thread...

So My question is could a posted capx or exported game, uploaded to the scirra arcade for instance, carry a deliberately added, potentially unwanted program?

pixel perfick I don't see how that would be possible.

From what I do understand of web security, any capx that you download or any game that you run in a browser (be it the arcade, Kongregate, in preview or elsewhere) simply cannot run an executable without user approval*.

I suppose a capx could carry a dangerous exe as a project file, but you'd have to deliberately and manually extract and run that file yourself.

*Of course, there are always way around these things, but that's just the nature of the Internet.

I agree with GeometriX and —

This is the topic that's really often on the nw mailing list. There are ways to send malicious nodejs code to someone using node-webkit exported app. After all, it just an browser with capability to munch nodejs code.

There are ways to control this and be safe.

You can mess with the manifest file, and set "node-remote" field, or "nodejs" field to enabling/disabling nodejs.

With iframes, you can check out this wiki page for more info.

The idea is that your app doesn't have any malicious code, and that you protect yourself from others injecting possibly malicious code.

Although, i have contemplated of a fast platformer that deletes your hard drive when you die.

Cheers!

edit: Wiki on security

GeometriX and JohnnySheffield

Thanks for clearing that up, good to know that standard HTML5 security is not compromised by C2 and node-webkit...