On Tue, Apr 28, 2009 at 6:22 PM, Aaron Boodman <a...@chromium.org> wrote: > On Tue, Apr 28, 2009 at 6:18 PM, Michael Nordman <micha...@chromium.org> > wrote: >> >> + chromium-dev >> >>> Can you please explain what you think has changed since such decisions were >>> made (or why it's time to revisit such decisions)? >> >> I don't think there was code in webcore suitable for this purpose >> before... html parsing, javascript,sql interpretting... all dangerous >> from a security point of view (acting in very complex ways on >> untrusted web content). The backend logic for these new features >> aren't like that. Its not so much that its webcore code is untrusted, >> as much as the data it operates on is untrusted. > > I think this gets at the core of my question: is it OK to run webcore > code in the browser process if it is similar in nature to chromium > code we would run in the browser process? Or is there some deeper > structural reason we don't want to do that? > > I fear that this is really a question for Darin, who is on vacation.
Me too, when i asked him he said "thats not a problem". > >>> I have always felt like running the WebCore "backend" in the browser was >>> elegant >> >> Yea, but we need a webcore backend to run :) > > Well last time I looked at this there was already a Database backend :) Right... interpretting random SQL from the web :) > > - a > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---