The basic rule of thumb: minimize parsing of content downloaded from the web. So, for instance, we delegate to a renderer to download and decode favicons. We then send the resultant bitmap up to the browser so it can display it in the UI. In this case, what does it mean to call Growl from the renderer? Do the functions you would call require access to the system? If they do, then presumably the sandbox should not be allowing such access.
-Darin On Thu, Jun 18, 2009 at 1:58 PM, John Gregg <[email protected]> wrote: > Hi all, > > I'm working on a desktop notifications javascript API for web apps; on Mac > these calls will go out to the Growl notification system if it's installed > and user has granted permission to get notifications from that origin. I'm > still trying to completely grasp the sandbox architecture, so the question I > need some input on is how to design the integration with respect to > sandboxing & security. > > The Growl code that would be included in Chrome is just a stub that works > by marshalling data over to a separate Growl process, so the surface area is > small, but as a design question, is calling to a third-party library > something that should happen in the sandboxed renderer process, or should it > be kept in the browser process? One other factor is that the notification > requires an icon to be downloaded, which should happen outside the sandbox. > > So there are two possible flows: > > A. renderer gets notification(iconURL, text) call => hop to browser to > download icon => call Growl from browser > > B. renderer gets notification(iconURL, text) call => hop to browser to > download icon => pass back icon data to renderer => call Growl from renderer > > My instinct is that B is safer for the remote possibility that Growl chokes > on the input and causes a crash. What do people think? Is there an > existing precedent for similar library calls? > > Thanks, > -John > > > > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
