[webkit-dev] a simple isolatedworlds alternative for uzbl?

[Dieter Plaetinck]

Hi guys,
as a continuation of my earlier topic:
https://lists.webkit.org/pipermail/webkit-dev/2010-January/011122.html

We've read more about isolatedworlds (
http://www.adambarth.com/papers/2010/barth-felt-saxena-boodman.pdf et
al)

but given:
1) it's not implemented yet in webkitgtk+
2) it looks kinda complex
3) it doesn't give the impression it's waterproof (for example: "to
select the correct world with reasonable assurance (...)" on page 10
of the pdf)
4) we treat local code as trusted. after all we're talking about small
scripts the user explicitly enables, not untrustworthy addons. we
assume local scripts are written and treated with the same care as the
source code of the browser itself.

we are investigating other directions to solve our issue.

one such approach is can be seen at:
http://github.com/sloonz/uzbl/commit/662d7a1d88b5319877296348e83aa1db2cfc5a62

the idea is that we would only call our special (privileged) object by
'this.Uzbl' and using a different 'this' for the local scripts and the
remote ones.
If we make sure we never pass around the instance of this.Uzbl as
arguments or put it in another object, we *think* we are good.

more info:
http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000619.html
http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000683.html

is this a good idea? is it safe? will it stay safe?

thanks!
Dieter