openscad.xyz support for "data:" URI scheme would be cool

Hermann-SW

"https://openjscad.xyz?uri=..." is cool.
"data:" URI scheme does not work for openjscad.xyz:
https://en.wikipedia.org/wiki/Data_URI_scheme#Syntax

I use this working minimal JSCAD file:
https://www.openjscad.xyz/?uri=https://stamm-wilbrandt.de/en/forum/JSCAD.minimal.js

module.exports=function main(){return require('@jscad/modeling').primitives.sphere({radius: 50})}

This URI does not work:
https://openjscad.xyz/?uri=data:text/html;module.exports=function main(){return require('@jscad/modeling').primitives.sphere({radius: 50})}

Base64 encoding and using application/json does not work either:
https://openjscad.xyz/?uri=data:application/json;base64,bW9kdWxlLmV4cG9ydHM9ZnVuY3Rpb24gbWFpbigpe3JldHVybiByZXF1aXJlKCdAanNjYWQvbW9kZWxpbmcnKS5wcmltaXRpdmVzLnNwaGVyZSh7cmFkaXVzOiA1MH0pfQo=

It would be cool to have "data:" links working with openjscad.xyz, because that would allow to share JSCAD files without storing them anywhere — they are stored as part of the link ...

For looking where&how to add "data:" scheme: How is "dist/jscad-web.min.js" generated?

P.S:
My GraphvizFiddle tool does not support links, but stores graphviz files in URL percent-encoded; click and see:
https://stamm-wilbrandt.de/GraphvizFiddle/?1660482135372#%2F* fsm for JSON "number" (http%3A%2F%2Ftools.ietf.org%2Fsearch%2Frfc4627%23page-4) *%2F digraph G { size%3D"12%2C12"%3B rankdir%3DLR%3B node[style%3Dinvis] A%3BB%3BC%3BD%3BE%3BF%3BG%3B node[style%3Dsolid]%3B { rank%3Dsame%3B "A"%3B "F"%3B "1"%3B } { rank%3Dsame%3B "E"%3B "G"%3B "11" } { rank%3Dsame%3B "B"%3B "2"%3B } { rank%3Dsame%3B "C"%3B "4"%3B } { rank%3Dsame%3B "D"%3B "7"%3B } "F" -> "G" [label%3D"number\n(rfc4627)"]%3B "A" -> "B" [label%3D"[minus]"]%3B "B" -> "C" [label%3D"int"]%3B "C" -> "D" [label%3D"[frac]"]%3B "D" -> "E" [label%3D"[exp]"]%3B "1" -> "2" [label%3D""]%3B "1" -> "2" [label%3D"%25x2D"]%3B "2" -> "4" [label%3D"%25x30"]%3B "2" -> "3" [label%3D"%25x31-39"]%3B "3" -> "3" [label%3D"%25x30-39"]%3B "3" -> "4" [label%3D""]%3B "4" -> "7" [label%3D""]%3B "4" -> "5" [label%3D"%25x2E"]%3B "5" -> "6" [label%3D"%25x30-39"]%3B "6" -> "6" [label%3D"%25x30-39"]%3B "6" -> "7" [label%3D""]%3B "7" -> "11" [label%3D""]%3B "7" -> "8" [label%3D"%25x65"]%3B "7" -> "8" [label%3D"%25x45"]%3B "8" -> "9" [label%3D""]%3B "8" -> "9" [label%3D"%25x2B"]%3B "8" -> "9" [label%3D"%25x2D"]%3B "9" -> "10" [label%3D"%25x30-39"]%3B "10" -> "10" [label%3D"%25x30-39"]%3B "10" -> "11" [label%3D""]%3B }

z3dev

@Hermann-SW Good questions...

The website has a little Perl script that does the download of the requested file, and checks the content. This does two things; only know file types are allowed, and this goes around CORS.

https://github.com/jscad/OpenJSCAD.org/blob/master/packages/web/remote.pl

I guess that supporting data URL would be possible, but there would have to be some similar checks for data type, etc.

Hermann-SW

@z3dev Thanks, I see your point wrt security.

But what is the difference of ...uri=data:... to this openscad.xyz link with model wrt security? In case you eval the uri= specified file (and that seems to be the case because the model gets rendered in browser) you break the same security rules ...
https://www.openjscad.xyz/?uri=https://stamm-wilbrandt.de/en/forum/JSCAD.minimal.js

z3dev

@Hermann-SW thanks for the suggestions.

The support of data URL contents is not trivia, especially if you expect the 'data' to be evaluated as a JavaScript module. That's kind of breaking every security rule in the book.

However, the support for DATA formats might be possible, such as supplying JSON contents. But that would be very limited.

I think the real solution would be allowing the require() to include modules from remote sites. There are many such requests (issues) for the same functionality.

If you have any ideas then let's discuss via the GitHub discussions. There may be a solution, as modern browsers have a lot of functionality.