Eos Editor Preview - Milovana's new interactive webtease editor
Eos Editor Preview - Milovana's new interactive webtease editor
It's been more than ten years since I started working on a replacement for Milovana's original interactive webtease editor Nyx. And today is the day those efforts finally pay off. Eos is a fully scriptable web-based visual novel and webteasing system. While Nyx basically stayed the same over its entire lifetime, Eos is designed to be a modular platform that can be extended with new features for years to come.
Caveat - This is a Preview!
There are still plenty of bugs and I haven't even started testing this in browsers other than Chrome. Please use a reasonably modern browser and report any bugs you find.
Eos will eventually support mobile devices as well but this pre-release does not. Please do NOT report any issues on mobile (Android and iOS).
First Steps with Eos - Video Tutorial
Step by Step Tutorials
You can find more step by step tutorials directly in the editor here: https://milovana.com/eos/editor/help
And here it is!
⋙ LAUNCH EOS EDITOR ⋘
(Note: You need to be logged in to create webteases.)
Caveat - This is a Preview!
There are still plenty of bugs and I haven't even started testing this in browsers other than Chrome. Please use a reasonably modern browser and report any bugs you find.
Eos will eventually support mobile devices as well but this pre-release does not. Please do NOT report any issues on mobile (Android and iOS).
First Steps with Eos - Video Tutorial
Step by Step Tutorials
You can find more step by step tutorials directly in the editor here: https://milovana.com/eos/editor/help
And here it is!
⋙ LAUNCH EOS EDITOR ⋘
(Note: You need to be logged in to create webteases.)
- Shattered
- Experimentor
- Posts: 1243
- Joined: Fri Jan 11, 2013 6:41 pm
- I am a: Switch
- Location: United Kingdom
Re: Eos Editor Preview - Milovana's new interactive webtease editor
Well isn't this game changing, right when I'm in the middle of writing I'm going to assume theres no backward compatibility, so I'll finnish this as a flashtease then get to look at Eos later?
First bug report being that drag and drop doesn't seem to work in firefox but is in chrome, don't know if im missing something
First bug report being that drag and drop doesn't seem to work in firefox but is in chrome, don't know if im missing something
Salutations, Stranger.
--
Like my work and want to see more? Consider supporting my Patreon or buying me a Ko-fi!
Try my teases on Milovana!
--
Like my work and want to see more? Consider supporting my Patreon or buying me a Ko-fi!
Try my teases on Milovana!
- MisterFlames
- Explorer At Heart
- Posts: 145
- Joined: Sun Apr 29, 2018 2:44 pm
- Gender: Male
- Sexual Orientation: Straight
- I am a: Switch
Re: Eos Editor Preview - Milovana's new interactive webtease editor
Wow, this is awesome.
I will certainly create a tease with Eos, seeing that it supports variables. After I'm done with my current tease.
Thanks for that.
I will certainly create a tease with Eos, seeing that it supports variables. After I'm done with my current tease.
Thanks for that.
-
- Explorer At Heart
- Posts: 559
- Joined: Sun Jul 06, 2014 2:11 pm
- Gender: Male
- Sexual Orientation: Open to new ideas!
- I am a: Slave
Re: Eos Editor Preview - Milovana's new interactive webtease editor
Actually, it does not only provide variables, in allows for embedded Javascript.
Have you actually written a Javascript interpreter in Javascript? Or are you using some kind of Sandboxing? (The comment that the interpreter is slow somewhere in the editor sounds like the first option).
Edit:
Just figured out such things already exist and you probably used one of those. Neat.
Is it possible to modify the structure of a tease using Javascript? I.e. generate new pages?
Could be great for teases that contain similar elemets over and over again, like mazes.
Have you actually written a Javascript interpreter in Javascript? Or are you using some kind of Sandboxing? (The comment that the interpreter is slow somewhere in the editor sounds like the first option).
Edit:
Just figured out such things already exist and you probably used one of those. Neat.
Is it possible to modify the structure of a tease using Javascript? I.e. generate new pages?
Could be great for teases that contain similar elemets over and over again, like mazes.
- Quarz
- Explorer
- Posts: 82
- Joined: Sat Jan 09, 2016 11:31 pm
- Gender: Male
- Sexual Orientation: Straight
- I am a: Submissive
- Location: North Germany
- Contact:
Re: Eos Editor Preview - Milovana's new interactive webtease editor
This is awesome! So many new possibilities
Wish I could try writing something with it right away. Damn exam phase
Wish I could try writing something with it right away. Damn exam phase
- lolol2
- Explorer At Heart
- Posts: 507
- Joined: Mon Feb 20, 2017 10:33 am
- Gender: Male
- Sexual Orientation: Straight
Re: Eos Editor Preview - Milovana's new interactive webtease editor
Looks amazing thanks for all your hard work!
My creations:
- Spoiler: show
Re: Eos Editor Preview - Milovana's new interactive webtease editor
Please be very careful with allowing javascript - a lot of things can go badly wrong there from a privacy standpoint.
-
- Explorer At Heart
- Posts: 559
- Joined: Sun Jul 06, 2014 2:11 pm
- Gender: Male
- Sexual Orientation: Open to new ideas!
- I am a: Slave
Re: Eos Editor Preview - Milovana's new interactive webtease editor
Not really in this case. Appearently it's using a javascript interpreter written in javascript, I suspect this one: https://github.com/NeilFraser/JS-Interpreter
As it is running in a different interpreter, the javascript inside a tease can only do what is supported by that interpreter and it does not allow access to the DOM or create any kind of HTTP requests or whatever javascript can usually do. So it should be safe.
Re: Eos Editor Preview - Milovana's new interactive webtease editor
Glad you all like it.
If you work on something for this long, you build up a bit of anxiety about the release.
Using an interpreter is the safest option, but Eos actually goes much further than that.
<technical jargon="lots">
The Eos viewer runs in its own context on a different domain (eosscript.com) and communicates with Milovana using postMessage. That means that even if you can break out of the interpreter (inner sandbox), you still can't access the user's session token or any information that isn't explicitly exposed to the tease iframe (outer sandbox).
Furthermore, the Eos viewer has a Content-Security-Policy that doesn't allow inline-scripts, plugins, or loading any resources other than Milovana images and sounds. That means that even if you could otherwise break out of the inner sandbox and call "eval", the browser would reject it.
The Eos tease format is designed to be declarative, so all modules that a tease uses are defined ahead of time and the Eos outer sandbox doesn't expose any API methods associated with modules that aren't loaded. This is done in order to allow a permissioning system that's enforced by the outer sandbox. For example, suppose that we add a "webcam" module. We don't want any teases that haven't asked for the webcam permission to be able to access the webcam. With the two-layer sandbox system and declarative modules, even if somebody breaks the inner (JavaScript interpreter) sandbox, they still wouldn't be able to access the webcam because the outer sandbox would not allow it.
</technical>
I have no illusions that you can achieve perfect security. Given enough effort, anything can be hacked. But I believe that the Eos sandbox is quite strong. Just because perfect security isn't achievable doesn't mean you should never build anything. I've spent a decade making it as secure as it can be. Most other websites, even ones from large tech companies, usually use only one of the two layers of sandboxing that Eos uses. And keep in mind that the alternative right now is to download software and scripts and run them on your computer which is a lot more likely to get you hacked.
Note that some security features are only available in some browsers. If you aren't technical and you just want to know how to stay as safe as possible, use Chrome and make sure you're always on the latest version. In the future, I may add a warning to Eos if I think your browser isn't providing enough security.
It also further reduces the attack surface of the inner sandbox so I feel a bit more comfortable not allowing that feature for now.
If somebody has a use case for dynamically generated pages, please let me know and I'm happy to help you think through other ways to achieve the same effect.
If you work on something for this long, you build up a bit of anxiety about the release.
If there is enough demand for a converter, I may make one eventually but for now please assume that converting won't be possible.
Thanks for the report, I'll look into it!
I'm indeed using the interpreter you linked. This interpreter only supports very basic JavaScript (most of ECMAScript 5 syntax) and it doesn't provide a browser-like environment so loading JavaScript libraries usually won't work and it's not meant for that. But for some simple conditions and calculations, it's great.kerkersklave wrote: ↑Sun Jan 20, 2019 7:50 pm Actually, it does not only provide variables, in allows for embedded Javascript.
Have you actually written a Javascript interpreter in Javascript? Or are you using some kind of Sandboxing? (The comment that the interpreter is slow somewhere in the editor sounds like the first option).
This is the main reason why it took ten years to build Eos. I rewrote it from scratch a dozen times over the years mostly because I was never happy with the security. Running untrusted code is the equivalent of trying to contain a rabid badger hulk on crack.
Using an interpreter is the safest option, but Eos actually goes much further than that.
<technical jargon="lots">
The Eos viewer runs in its own context on a different domain (eosscript.com) and communicates with Milovana using postMessage. That means that even if you can break out of the interpreter (inner sandbox), you still can't access the user's session token or any information that isn't explicitly exposed to the tease iframe (outer sandbox).
Furthermore, the Eos viewer has a Content-Security-Policy that doesn't allow inline-scripts, plugins, or loading any resources other than Milovana images and sounds. That means that even if you could otherwise break out of the inner sandbox and call "eval", the browser would reject it.
The Eos tease format is designed to be declarative, so all modules that a tease uses are defined ahead of time and the Eos outer sandbox doesn't expose any API methods associated with modules that aren't loaded. This is done in order to allow a permissioning system that's enforced by the outer sandbox. For example, suppose that we add a "webcam" module. We don't want any teases that haven't asked for the webcam permission to be able to access the webcam. With the two-layer sandbox system and declarative modules, even if somebody breaks the inner (JavaScript interpreter) sandbox, they still wouldn't be able to access the webcam because the outer sandbox would not allow it.
</technical>
I have no illusions that you can achieve perfect security. Given enough effort, anything can be hacked. But I believe that the Eos sandbox is quite strong. Just because perfect security isn't achievable doesn't mean you should never build anything. I've spent a decade making it as secure as it can be. Most other websites, even ones from large tech companies, usually use only one of the two layers of sandboxing that Eos uses. And keep in mind that the alternative right now is to download software and scripts and run them on your computer which is a lot more likely to get you hacked.
Note that some security features are only available in some browsers. If you aren't technical and you just want to know how to stay as safe as possible, use Chrome and make sure you're always on the latest version. In the future, I may add a warning to Eos if I think your browser isn't providing enough security.
No, that is deliberately not allowed. This has some pragmatic reasons like making the preload engine a lot easier to reason about. (In order to stream the tease assets like images and sounds without buffering, Eos needs to be able to predict which pages the user may navigate to next.)kerkersklave wrote: ↑Sun Jan 20, 2019 7:50 pm Just figured out such things already exist and you probably used one of those. Neat.
Is it possible to modify the structure of a tease using Javascript? I.e. generate new pages?
Could be great for teases that contain similar elemets over and over again, like mazes.
It also further reduces the attack surface of the inner sandbox so I feel a bit more comfortable not allowing that feature for now.
If somebody has a use case for dynamically generated pages, please let me know and I'm happy to help you think through other ways to achieve the same effect.
-
- Explorer At Heart
- Posts: 559
- Joined: Sun Jul 06, 2014 2:11 pm
- Gender: Male
- Sexual Orientation: Open to new ideas!
- I am a: Slave
Re: Eos Editor Preview - Milovana's new interactive webtease editor
Well, yes, but if it can be hacked, I highly doubt it will be because you forgot something. At least not at this point, the risk increases should you add functionality of course, especially exposing further APIs for whatever reason to the embedded javascript. I would expect, it would be due to some security bugs in the browser. Think of things like the recent hardware bugs in processors or in random access memory. There is probably more stuff out there like that and if it can be exploited from within a browser (as was the case with these bugs) it might just be that it can be exploided even from within this interpreter. But this is so far beyond anything one could protect against, I would not lose any sleep about it. Also, milovana is not a small site, but attacs of that complexity won't be developed for the milovana tease engine. It would be easier to attack the milovana webservers directly.
Also, there have been enough security issues with static content as well, e.g. jpeg images or audio files.
I don't think there is anything one could achieve this way that cannot be achieved now. Basically all content of teases can be generated dynamically, so there is no reason to generate pages. I just had startet a little side project of generating teases (especially mazes) programatically, and was wondering, if this could now be done directly in the tease engine.seraph0x wrote: ↑Mon Jan 21, 2019 12:33 am No, that is deliberately not allowed. This has some pragmatic reasons like making the preload engine a lot easier to reason about. (In order to stream the tease assets like images and sounds without buffering, Eos needs to be able to predict which pages the user may navigate to next.)
But it cannot and still has to be done ahead of time, but that does make more sense anyway.
-
- Explorer At Heart
- Posts: 111
- Joined: Wed Mar 15, 2017 7:16 pm
Re: Eos Editor Preview - Milovana's new interactive webtease editor
The effort to exploit these things are VERY high, and the 'payoff' (someone email address and private messages) is extremely low. There are maybe 10,000 active users on Milovana. That is tiny.kerkersklave wrote: ↑Mon Jan 21, 2019 1:27 am I would expect, it would be due to some security bugs in the browser. Think of things like the recent hardware bugs in processors or in random access memory.
It's good to be paranoid, but if you seek perfect security you will never do anything because perfect is impossible.
Re: Eos Editor Preview - Milovana's new interactive webtease editor
Knowing that you're not trying to write your own, new JS interpreter allays most of my fears. From its documentation, it looks like a good choice.
One other question - is the Eos code available anywhere? I've done some debugging of it out of curiosity (just with the Firefox console) but occasionally will get stack traces that reference the minified code instead of anything understandable.
One other question - is the Eos code available anywhere? I've done some debugging of it out of curiosity (just with the Firefox console) but occasionally will get stack traces that reference the minified code instead of anything understandable.
- xman911
- Explorer At Heart
- Posts: 390
- Joined: Wed Feb 08, 2012 2:39 am
- Gender: Male
- Sexual Orientation: Straight
Re: Eos Editor Preview - Milovana's new interactive webtease editor
When I go to the timer and set the Behavior to Asynchronous, two errors are showing up.
pages.page4[2].timer The property isAsync is not defined and the definition does not allow additional properties
pages.page4[2].timer The property commands is not defined and the definition does not allow additional properties
- slaveashish
- Explorer At Heart
- Posts: 222
- Joined: Sat Sep 26, 2009 10:18 pm
- Gender: Male
- Sexual Orientation: Straight
- I am a: Submissive
- Location: Colombia
Re: Eos Editor Preview - Milovana's new interactive webtease editor
Went through the whole tutorial and I must say it is very well done. The way you explained how to create randomness was so good that even I understood it. Gonna start making a tease later today.
Goodbye Nyx. You were great. But now it is time for us to move on
Goodbye Nyx. You were great. But now it is time for us to move on
-
- Explorer
- Posts: 51
- Joined: Tue Aug 23, 2011 11:55 pm
- Gender: Male
- Sexual Orientation: Straight
- I am a: Submissive
Re: Eos Editor Preview - Milovana's new interactive webtease editor
I tried to upload images to the Gallery and Files using edge and they do not actually show up. I tried dragging the images I want in and I tried using the upload button neither of them work. I get the Uploading files message but when it finishes there are no images uploaded.
I switched to Chrome and it works fine.
I switched to Chrome and it works fine.
Who is online
Users browsing this forum: No registered users and 10 guests