Hi all, I'm working on a desktop notifications javascript API for web apps; on Mac these calls will go out to the Growl notification system if it's installed and user has granted permission to get notifications from that origin. I'm still trying to completely grasp the sandbox architecture, so the question I need some input on is how to design the integration with respect to sandboxing & security.
The Growl code that would be included in Chrome is just a stub that works by marshalling data over to a separate Growl process, so the surface area is small, but as a design question, is calling to a third-party library something that should happen in the sandboxed renderer process, or should it be kept in the browser process? One other factor is that the notification requires an icon to be downloaded, which should happen outside the sandbox. So there are two possible flows: A. renderer gets notification(iconURL, text) call => hop to browser to download icon => call Growl from browser B. renderer gets notification(iconURL, text) call => hop to browser to download icon => pass back icon data to renderer => call Growl from renderer My instinct is that B is safer for the remote possibility that Growl chokes on the input and causes a crash. What do people think? Is there an existing precedent for similar library calls? Thanks, -John --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
