Now we’ll briefly examine Frank
Holtry’s PerlPlus Plug-in, a loadable Netscape extension that
executes Perl programs on a client computer. The Perl programs
themselves can exist anywhere on the Net—the mere act of
browsing a PerlPlus program (or any page with an HTML
<EMBED> tag pointing to a PerlPlus program)
may start it executing, subject to the result of an authentication
Netscape publishes an API for C language plug-ins that describes how to register a plug-in instance, read streaming data from a browsed URL, access system services, and so on. In 1996, Stan Melax used these specifications and developed the first plug-in for the Perl world so he could run Perl OpenGL programs in a browser. Basically, Stan’s plug-in would read the browsed OpenGL program, wrap it in a Safe module, and feed the result to Perl. The Safe wrapper code provided security, and passed window information to the OpenGL code so it could properly embed itself within the browser.
In 1999, Frank rewrote the plug-in with an eye toward enhanced security. His idea was to use the Opcode module and restrict the opcodes available to the browsed Perl program. It’s a multilevel scheme, from no security, in which all Perl opcodes are legal, to high security, where so many opcodes are forbidden that only the simplest Perl programs can run. Furthermore, a CGI program must first validate the browsed URL and return its opcode security level, a single digit from 0 through ...