Is there a guideline that should be used to evaluate what can acceptably run in the same process for different sites?
I assume the primary goal is to prevent one site from reading information that should only be available to another site? There would also be defense-in-depth value from having each site sandboxed separately because a security breach from one site could not compromise another. I guess a single compositor process is acceptable because there is essentially no information returning from the compositor? A font server may be acceptable, because information returned is of limited power? Use of system font, graphics, or audio servers is in a similar bucket I guess. Would using a single process for network be acceptable, not because information returned is limited, but because we're willing to have some compromise because there is a small API surface? Or would that be acceptable because content JS does not run in that process? Would it be acceptable to perform layout in a single process for multiple sites (if that were practical)? Would it be easier to answer the opposite question? What should not run in a shared process? JS is a given. Others? _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
