On Tue, Apr 28, 2009 at 6:22 PM, Aaron Boodman <a...@chromium.org> wrote:
> On Tue, Apr 28, 2009 at 6:18 PM, Michael Nordman <micha...@chromium.org>
> wrote:
>>
>> + chromium-dev
>>
>>> Can you please explain what you think has changed since such decisions were
>>> made (or why it's time to revisit such decisions)?
>>
>> I don't think there was code in webcore suitable for this purpose
>> before... html parsing, javascript,sql interpretting... all dangerous
>> from a security point of view (acting in very complex ways on
>> untrusted web content). The backend logic for these new features
>> aren't like that. Its not so much that its webcore code is untrusted,
>> as much as the data it operates on is untrusted.
>
> I think this gets at the core of my question: is it OK to run webcore
> code in the browser process if it is similar in nature to chromium
> code we would run in the browser process? Or is there some deeper
> structural reason we don't want to do that?
>
> I fear that this is really a question for Darin, who is on vacation.
Me too, when i asked him he said "thats not a problem".
>
>>> I have always felt like running the WebCore "backend" in the browser was
>>> elegant
>>
>> Yea, but we need a webcore backend to run :)
>
> Well last time I looked at this there was already a Database backend :)
Right... interpretting random SQL from the web :)
>
> - a
>
--~--~---------~--~----~------------~-------~--~----~
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
-~----------~----~----~----~------~----~------~--~---
