Some way to run chat scripts from the chat api website

[hackmud-dtr]

Right now, the chat api website supports auto-coloring with solid colors, using code that was basically pulled from one of my ancient chat scripts. it works, but some people want to do things it doesn't support (apekis's gray punctuation comes to mind, or things like AlTeRnAtInG cApS or rainbow colors, etc). In game, this is easy: you just use a chat script. But on the chat API it's a pain.

I can think of 2 main ways to do this

1. run some user-supplied code client-side in the browser, to transform the text they enter before sending it. The user would enter a function somewhere, it takes the user's entered text, and whatever it returns is sent. Pros: no new code on the server = no new load on the server. Cons: Running untrusted code in the browser seems bad, plus no way to kill while(1);s. User-entered which reduces issues, but still if someone convinces someone to post some code it could probably start sending chat tokens.

2. have some way in-game to designate severely restrained scripts (like, no db, no subscripts, probably blanket no #-stuff at all), and chat api sends are filtered through that function on the server. Pros: running code on the server doesn't have as many security issues. Also, this would then work for people using the chat API manually in custom stuff rather than using the website, which is nice. Cons, need a way to designate limited scripts (to prevent the chat API basically being a funky client), etc etc etc. Lot more work.

[bosconian-dynamics]

RE 1, I think the user script could be ran in an iframe with a bunch of the sandboxing features enabled to mitigate some security risk, or maybe even a web-worker? It might be possible to restrict communication to passing messages between the two contexts - string in, string out.