-
Notifications
You must be signed in to change notification settings - Fork 14
A Note About Web Page Security
QuestJS runs in the browser, and so the user's security is protected just as much as with any web site. This is inherently far safer for the user than downloading and installing an app to run your game or supplying your game as an executable itself.
There are issues authors may need to be aware of however. Browsers can have different ideas about what is safe, and so could potentially stop the game at some point. This is complicated by the fact that the user can set up the browser in different ways.
A user might choose to have LocalStorage wiped when the browser closes for example. Quest will give a warning about LocalStorage, but there is not much else we can do there.
For other features, QuestJS has a Content Security Policy (CSR) in the head that tells the browser what it wants to be able to do - and in particular what sites it wants to get assets from - and the browser can make a decision based on that. QuestJS has been written so the CSR can be as restrictive as possible to make it more universally acceptable. Two notable points:
The CSR prohibits the eval
JavaScript function, which is generally regarded as unsafe.
The CSR prohibits loading files from other sites. If, for example, you want to host images elsewhere you will need to update the CSR to allow that. As long as you specify the site you will be using, browsers will still consider your game to be secure.
With regards to privacy, QuestJS games have no facilities to send any data to the server (besides the initial HTTP requests for the files) and do not use cookies. They only save data to the user's hard drive (in a place provided by your browser called localStorage) when she chooses to save her game progress (if a transcript is recorded, that is also saved to localStorage).
It would be possible to add features to a game, but that is beyond my control, and no different to any other web site. If a game does start asking you for personal information, be suspicious.
As QuestJS games do not communicate back to the server, there is no way to access files on the server via the game. There is no way a user can hack your game to gain access to the files on the server.
This does not mean your files cannot be hacked - but that depends on the security of the server you are using, how good your password it, etc.
On the other hand, there is virtually no security for the game when running. This means that once the game is running in the browser, the user can do whatever she likes to it. It must be emphasised that this only affects the copy on the user's computer, so cannot affect other users, but authors should appreciate that a savvy user can readily hack the game to give herself extra money, health, etc. find secret codes or whatever.
Tutorial
- First steps
- Rooms and Exits
- Items
- Templates
- Items and rooms again
- More items
- Locks
- Commands
- Complex mechanisms
- Uploading
QuestJS Basics
- General
- Settings
- Attributes for items
- Attributes for rooms
- Attributes for exits
- Naming Items and Rooms
- Restrictions, Messages and Reactions
- Creating objects on the fly
- String Functions
- Random Functions
- Array/List Functions
- The
respond
function - Other Functions
The Text Processor
Commands
- Introduction
- Basic commands (from the tutorial)
- Complex commands
- Example of creating a command (implementing SHOOT GUN AT HENRY)
- More on commands
- Shortcut for commands
- Modifying existing commands
- Custom parser types
- Note on command results
- Meta-Commands
- Neutral language (including alternatives to "you")
- The parser
- Command matching
Templates for Items
- Introduction
- Takeable
- Openable
- Container and surface
- Locks and keys
- Wearable
- Furniture
- Button and Switch
- Readable
- Edible
- Vessel (handling liquids)
- Components
- Countable
- Consultable
- Rope
- Backscene (walls, etc.)
- Merchandise (including how to create a shop)
- Shiftable (can be pushed from one room to another)
See also:
- Custom templates (and alternatives)
Handing NPCs
- Introduction
- Attributes
- Allowing the player to give commands
- Conversations
- Simple TALK TO
- SAY
- ASK and TELL
- Dynamic conversations with TALK TO
- Following an agenda
- Reactions
- Giving
- Followers
- Changing the player point-of-view
The User Experience (UI)
The main screen
- Basics
- Printing Text Functions
- Special Text Effects
- Output effects (including pausing)
- Hyperlinks
- User Input
The Side Panes
Multi-media (sounds, images, maps, etc.)
- Images
- Sounds
- Youtube Video (Contribution by KV)
- Adding a map
- Node-based maps
- Image-based maps
- Hex maps
- Adding a playing board
- Roulette!... in a grid
Dialogue boxes
- Character Creation
- Other example dialogs [See also "User Input"]
Other Elements
- Toolbar (status bar across the top)
- Custom UI Elements
Role-playing Games
- Introduction
- Getting started
- Items
- Characters (and Monsters!)
- Attributes for characters
- Attacking and guarding
- Skills and Spells
- Limiting Magic
- Effects
- The Attack Object
- Quests for Quest
- User Interface
Web Basics
- HTML (the basic elements of a web page)
- CSS (how to style web pages)
- SVG (scalable vector graphics)
- Colours
- JavaScript
- Regular Expressions
How-to
Time
- Events (and Turnscripts)
- Date and Time (including custom calendars)
- Timed Events (i.e., real time, not game time)
Items
- Phone a Friend
- Using the USE verb
- Display Verbs
- Change Listeners
- Ensembles (grouping items)
Locations
- Large, open areas
- Region,s with sky, walls, etc.
- Dynamic Room Descriptions
- Transit system (lifts/elevators, buses, trains, simple vehicles)
- Rooms split into multiple locations
Exits
- Alternative Directions (eg, port and starboard)
- Destinations, Not Directions
Meta
- Customise Help
- Provide hints
- Include Achievements
- Add comments to your code
-
End The Game (
io.finish
)
Meta: About The Whole Game
- Translate from Quest 5
- Authoring Several Games at Once
- Chaining Several Games Together
- Competition Entry
- Walk-throughs
- Unit testing
- Debugging (trouble-shooting)
Releasing Your Game
Reference
- The Language File
- List of settings
- Scope
- The Output Queue
- Security
- Implementation notes (initialisation order, data structures)
- Files
- Code guidelines
- Save/load
- UNDO
- The editor
- The Cloak of Darkness
- Versions
- Quest 6 or QuestJS
- The other Folders
- Choose your own adventure