On Tue, Apr 28, 2009 at 6:22 PM, Aaron Boodman <a...@chromium.org> wrote:
>
> On Tue, Apr 28, 2009 at 6:18 PM, Michael Nordman <micha...@chromium.org>
> wrote:
> >
> > + chromium-dev
> >
> >> Can you please explain what you think has changed since such decisions
> were made (or why it's time to revisit such decisions)?
> >
> > I don't think there was code in webcore suitable for this purpose
> > before... html parsing, javascript,sql interpretting... all dangerous
> > from a security point of view (acting in very complex ways on
> > untrusted web content). The backend logic for these new features
> > aren't like that. Its not so much that its webcore code is untrusted,
> > as much as the data it operates on is untrusted.
>
> I think this gets at the core of my question: is it OK to run webcore
> code in the browser process if it is similar in nature to chromium
> code we would run in the browser process? Or is there some deeper
> structural reason we don't want to do that?
>
> I fear that this is really a question for Darin, who is on vacation.
>
can talk more when i get back, but in a nut shell:
1- we already use webcore indirectly (albeit in a very limited way) from the
browser process
2- the challenge with doing so is threading: what is the webcore main
thread? what things depend on this and what don't is not well defined.
-darin
>
> >> I have always felt like running the WebCore "backend" in the browser was
> elegant
> >
> > Yea, but we need a webcore backend to run :)
>
> Well last time I looked at this there was already a Database backend :)
>
> - a
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
-~----------~----~----~----~------~----~------~--~---
