On Tue, Apr 28, 2009 at 6:18 PM, Michael Nordman <[email protected]> wrote: > > + chromium-dev > >> Can you please explain what you think has changed since such decisions were >> made (or why it's time to revisit such decisions)? > > I don't think there was code in webcore suitable for this purpose > before... html parsing, javascript,sql interpretting... all dangerous > from a security point of view (acting in very complex ways on > untrusted web content). The backend logic for these new features > aren't like that. Its not so much that its webcore code is untrusted, > as much as the data it operates on is untrusted.
I think this gets at the core of my question: is it OK to run webcore code in the browser process if it is similar in nature to chromium code we would run in the browser process? Or is there some deeper structural reason we don't want to do that? I fear that this is really a question for Darin, who is on vacation. >> I have always felt like running the WebCore "backend" in the browser was >> elegant > > Yea, but we need a webcore backend to run :) Well last time I looked at this there was already a Database backend :) - a --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
