On Tue, Apr 28, 2009 at 6:22 PM, Aaron Boodman <a...@chromium.org> wrote:
> > On Tue, Apr 28, 2009 at 6:18 PM, Michael Nordman <micha...@chromium.org> > wrote: > > > > + chromium-dev > > > >> Can you please explain what you think has changed since such decisions > were made (or why it's time to revisit such decisions)? > > > > I don't think there was code in webcore suitable for this purpose > > before... html parsing, javascript,sql interpretting... all dangerous > > from a security point of view (acting in very complex ways on > > untrusted web content). The backend logic for these new features > > aren't like that. Its not so much that its webcore code is untrusted, > > as much as the data it operates on is untrusted. > > I think this gets at the core of my question: is it OK to run webcore > code in the browser process if it is similar in nature to chromium > code we would run in the browser process? Or is there some deeper > structural reason we don't want to do that? > > I fear that this is really a question for Darin, who is on vacation. > can talk more when i get back, but in a nut shell: 1- we already use webcore indirectly (albeit in a very limited way) from the browser process 2- the challenge with doing so is threading: what is the webcore main thread? what things depend on this and what don't is not well defined. -darin > > >> I have always felt like running the WebCore "backend" in the browser was > elegant > > > > Yea, but we need a webcore backend to run :) > > Well last time I looked at this there was already a Database backend :) > > - a > > > > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---