Hey, On Tue, 2011-07-26 at 10:44 +0200, Alexandre Mazari wrote: > Thinking along this line, it occurs to me that such a mecanism might > prove interesting within webkit-gtk both as an API user and a contributor.
Yes, I think it would be very, very useful. I even tried to discuss this year back or so, you may remember, but it didn't get far =(. > The HTML5 FileSystem specification looks like a good candidate to be > implemented in this way. > (http://dev.w3.org/2009/dap/file-system/pub/FileSystem/). No, that sounds like a very bad idea to me. It means we will be putting the nicely structured WebKit implementation aside and replacing it with a potentially buggy and (maybe even only subtly) incompatible implementation. I'm very pro giving the API users the power and ease of use of seed for exposing GObjects in their WebViews, hopefully with separate security domains of sorts, but I think we would be shooting ourselves in the foot if we started implementing DOM APIs ourselves with GObjects. > even a full application UI, see SeedKit ;) I have actually done this myself as a test; I wrote a patch to seedkit which is probably in bugzilla still, that allows you to initialize seed with an existing JSCore context. And I then used GObject APIs from inside my web application. > The idea is already implemented by Qt and Apple ports > http://doc.qt.nokia.com/latest/qwebframe.html#addToJavaScriptWindowObject > http://developer.apple.com/library/mac/#documentation/AppleApplications/Conceptual/SafariJSProgTopics/Tasks/ObjCFromJavaScript.html Similar API would be good to have, yes. > Still, some restructuration might be needed to make the imported Seed > code a bit more flexible and hardened security-wise. > > Would such an addition be worth ? Have some brain cycle to share ? I think we could start small, just providing APIs similar to those available to Qt, so a way to have applications add GObjects to the window object, and maybe a way to expose all libraries too, with a huge warning saying this should not be done to WebViews that might access untrusted content. Then when we better understand the security functionality that is made available by JSC we can improve on that and provide more granular and sophisticated APIs. Thanks for looking into this =) Cheers, -- Gustavo Noronha Silva <[email protected]> GNOME Project _______________________________________________ webkit-gtk mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-gtk
