Re: [webkit-dev] a simple isolatedworlds alternative for uzbl?
Getting this right with the approach you seem to be taking is extremely difficult. The problem is not that the local script is untrustworthy. The problem is that the web page it's interacting with might be able to steal its privileges. Isolated worlds should be implemented in webkitgtk+ thanks to some contributors from Apple. I bet all that's left to do is add an API for accessing the functionality. The PDF is just being honest when it says "reasonable assurance." I'd be extremely skeptical of someone who claims more than reasonable assurance for a commercial-grade system. Adam On Wed, Jan 27, 2010 at 12:49 PM, Dieter Plaetinck wrote: > Hi guys, > as a continuation of my earlier topic: > https://lists.webkit.org/pipermail/webkit-dev/2010-January/011122.html > > We've read more about isolatedworlds ( > http://www.adambarth.com/papers/2010/barth-felt-saxena-boodman.pdf et > al) > > but given: > 1) it's not implemented yet in webkitgtk+ > 2) it looks kinda complex > 3) it doesn't give the impression it's waterproof (for example: "to > select the correct world with reasonable assurance (...)" on page 10 > of the pdf) > 4) we treat local code as trusted. after all we're talking about small > scripts the user explicitly enables, not untrustworthy addons. we > assume local scripts are written and treated with the same care as the > source code of the browser itself. > > we are investigating other directions to solve our issue. > > one such approach is can be seen at: > http://github.com/sloonz/uzbl/commit/662d7a1d88b5319877296348e83aa1db2cfc5a62 > > the idea is that we would only call our special (privileged) object by > 'this.Uzbl' and using a different 'this' for the local scripts and the > remote ones. > If we make sure we never pass around the instance of this.Uzbl as > arguments or put it in another object, we *think* we are good. > > more info: > http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000619.html > http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000683.html > > is this a good idea? is it safe? will it stay safe? > > thanks! > Dieter > ___ > webkit-dev mailing list > webkit-dev@lists.webkit.org > http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev > ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] WebKit displays page source instead of rendering html (Gtk+DirectfFB)
Thanks a lot! After installing mime info it works well. On 01/27/2010 12:23 PM, Jenson Lui wrote: Hello all, You are using gtk port of webkit? If it is, check the MIME datatype of your target board (/usr/share/mime) as the glib is using it. Regards, jenson On Wed, Jan 27, 2010 at 11:17 AM, Richard Kung wrote: Hi all, This may be an old question, but I can't find an answer on internet. WebKit is cross-compiled for ARM against Gtk+DirectfFB. GtkLauncher can render http://www.google.com and many other websites I tried. But it just won't render local html files. $ ./GtkLauncer file://testfile.html It opens the file and displays page source like plain text. I don't have this problem on x86. Any suggestion? Richard ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
[webkit-dev] my NPAPI still cannot work with QtWebKit, anybody help??
the plugin is got from mozilla-1.9.2/modules/plugin/sdk/samples/basic/unix/ , it's the Basic Demo of NPAPI, it's work well in firefox, and google's Chrome, but it cannot work in QtWebkit. When I run the Demo test page , I got some infomation from terminal, see below. ** (:3020): DEBUG: NP_Initialize ** (:3020): DEBUG: NP_Initialize succeeded ** (:3020): DEBUG: NP_Initialize ** (:3020): DEBUG: NP_Initialize succeeded ** (:3020): DEBUG: NP_Initialize ** (:3020): DEBUG: NP_Initialize succeeded ** (:3020): DEBUG: NP_Initialize ** (:3020): DEBUG: NP_Initialize succeeded So I think the plugin should be working, but in the browser of QtWebkit , I nerver get the plugin window, which I can see in the FireFox or Chrome. So I guess that there should do some change for the npapi plugin of QtWebKit, but I don't know how, the Demo's resource is from: http://mxr.mozilla.org/seamonkey/source/modules/plugin/tools/sdk/samples/basic/unix/ BTW: is there a BBS site about WebKit? ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] commit-queue is behind
The commit queue caught up over night, and is operating normally again. (aka if build.webkit.org is green, then your patch should be landed within 15 minutes of setting cq+) Thanks for your patience. -eric On Wed, Jan 27, 2010 at 3:12 AM, Eric Seidel wrote: > The tree was torched again this evening. :( The builders got way way > way behind. I cleared the slow ones just now. I expect them to roll > green and the commit-bot to start landing while we sleep. :) > > -eric > > On Tue, Jan 26, 2010 at 5:55 PM, Eric Seidel wrote: >> Sorry, the commit-queue got behind today (currently 19 patches in the >> queue) due to the bots being red much of the day and whole bunch of >> reviewing. :) >> http://build.webkit.org/console >> >> It should catch up over night. >> >> Thanks for your patience. >> >> -eric >> > ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
[webkit-dev] a simple isolatedworlds alternative for uzbl?
Hi guys, as a continuation of my earlier topic: https://lists.webkit.org/pipermail/webkit-dev/2010-January/011122.html We've read more about isolatedworlds ( http://www.adambarth.com/papers/2010/barth-felt-saxena-boodman.pdf et al) but given: 1) it's not implemented yet in webkitgtk+ 2) it looks kinda complex 3) it doesn't give the impression it's waterproof (for example: "to select the correct world with reasonable assurance (...)" on page 10 of the pdf) 4) we treat local code as trusted. after all we're talking about small scripts the user explicitly enables, not untrustworthy addons. we assume local scripts are written and treated with the same care as the source code of the browser itself. we are investigating other directions to solve our issue. one such approach is can be seen at: http://github.com/sloonz/uzbl/commit/662d7a1d88b5319877296348e83aa1db2cfc5a62 the idea is that we would only call our special (privileged) object by 'this.Uzbl' and using a different 'this' for the local scripts and the remote ones. If we make sure we never pass around the instance of this.Uzbl as arguments or put it in another object, we *think* we are good. more info: http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000619.html http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000683.html is this a good idea? is it safe? will it stay safe? thanks! Dieter ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Need recommendation for Webkit port to use
This is the incorrect forum for this kind of question. Please use webkit-help instead. http://lists.webkit.org/mailman/listinfo.cgi/webkit-help Thanks, Adam On Wednesday 27 January 2010 08:15:40 am Duke5 wrote: > Hi, > > I am looking to embed Webkit into an application. In order to do this, I > need a port that meets the following major requirements: > > - Is Windows-based > - Supports a COM-based interface that is callable from VB6 > - All dependencies must be redistributable with a closed-source, for-profit > app > - Does not require Safari to be installed > > So far, I've only found ports that meet some of these requirements. > > Please keep in mind this is for an enhancement to an existing app and this > needs to be implemented with minimal resources, so targeting a > platform/architecture/language other than Win/COM/VB6 is not really a > viable option here. > > Any help would be appreciated. > > Duke ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
[webkit-dev] Need recommendation for Webkit port to use
Hi, I am looking to embed Webkit into an application. In order to do this, I need a port that meets the following major requirements: - Is Windows-based - Supports a COM-based interface that is callable from VB6 - All dependencies must be redistributable with a closed-source, for-profit app - Does not require Safari to be installed So far, I've only found ports that meet some of these requirements. Please keep in mind this is for an enhancement to an existing app and this needs to be implemented with minimal resources, so targeting a platform/architecture/language other than Win/COM/VB6 is not really a viable option here. Any help would be appreciated. Duke -- View this message in context: http://old.nabble.com/Need-recommendation-for-Webkit-port-to-use-tp27338878p27338878.html Sent from the Webkit mailing list archive at Nabble.com. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] commit-queue is behind
The tree was torched again this evening. :( The builders got way way way behind. I cleared the slow ones just now. I expect them to roll green and the commit-bot to start landing while we sleep. :) -eric On Tue, Jan 26, 2010 at 5:55 PM, Eric Seidel wrote: > Sorry, the commit-queue got behind today (currently 19 patches in the > queue) due to the bots being red much of the day and whole bunch of > reviewing. :) > http://build.webkit.org/console > > It should catch up over night. > > Thanks for your patience. > > -eric > ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] changelogs: a reprise
Tor Arne Vestbø wrote: Here's a wip patch to update-webkit's Git part I've been running locally for a few days now, it has basic resolve-ChangeLogs-support, as well as mirror support: http://gist.github.com/287646 https://bugs.webkit.org/show_bug.cgi?id=34206 tor arne ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] changelogs: a reprise
David Levin wrote: I think someone already wrote this for you: http://ivanz.com/2009/03/19/git-automatic-smart-changelog-merging/ which referrs to http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/git-merge-changelog.c;h=b9ab42947b2590b31d69544d566e1f6b04a90100;hb=HEAD A merge-driver would be cool. Here's a wip patch to update-webkit's Git part I've been running locally for a few days now, it has basic resolve-ChangeLogs-support, as well as mirror support: http://gist.github.com/287646 It might help a little bit on the way to a more non-wrapped future. tor arne ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev