[webkit-help] NPAPI plugins
Konstantin Tokarev
annulen at yandex.ru
Mon Dec 14 01:34:50 PST 2015
11.12.2015, 06:13, "Kotteeswaran E" <kotteeswaran at lukup.com>:
> Hi,
>
> Thanks for your reply and support.
>
> Our idea is develop a web based customized application (substitute to android) with webkit (option A).
>
> Our product is having wifi, BT, etc. We want to control all these via plugins. When I was analysing this, I found NPAPI & PPAPI plugins and security concerns. I just wanted to confirm, hacking may happen as it is web based. When I make these calls via plugins.
If your environment does not allow execution of 3rd party plugins, security concerns of plugin APIs should not worry you much. (Though you can still have security issues if code of your plugins is not designed with security in mind)
OTOH, since you don't need portability between engines, you should probably use InjectedBundle APIs of WebKit instead of generic plugin APIs - this way will give you more control and performance. Grep code of WebKit for InjectedBundle, WKBundleClient, WKBundleRef to see examples of usage.
>
> thanks & regards,
> Kotteeswaran.E
>
> On Thu, Dec 10, 2015 at 5:44 PM, Konstantin Tokarev <annulen at yandex.ru> wrote:
>> 10.12.2015, 15:01, "Kotteeswaran E" <kotteeswaran at lukup.com>:
>>> Hi,
>>>
>>> Thanks for your prompt reply.
>>>
>>> My concern is that as Google says, the NPAPI plugins are having security issues as they plugins are available to the hackers.
>>>
>>> We plan to implement PPAPI & NACL in webkit instead of NPAPI Plugin calls.
>>>
>>> But We are not sure whether the PPAPI & NACL are portable to webkit environment as a topic in firebreath says that Nacl is supported only in google browsers i.e. it won't support third party browsers. And firebreath is doing its own native messaging.
>>>
>>> Please share ur valuable suggestions in this.
>>
>> Could you specify your goals more precisely? Are you going to
>> a) develop native application using customized WebKit engine, with your additions implemented via plugin, or
>> b) develop plugin which would be possible to use in different WebKit-based browsers?
>>
>> If the answer is (a), portability should not be a concern for you, since you are in control of your environment, but you also don't have to use NPAPI/PPAPI-style plugins, because you can modify engine at your will.
>>
>>>
>>> thanks & regards,
>>> Kotteeswaran.E
>>>
>>> On Thu, Dec 10, 2015 at 3:03 PM, Konstantin Tokarev <annulen at yandex.ru> wrote:
>>>> 10.12.2015, 07:06, "Kotteeswaran E" <kotteeswaran at lukup.com>:
>>>>> Hi,
>>>>>
>>>>> We are planning to develop our a webkit based GUI kind of thing. When we browsed in the net, we came to know that Chrome and Mozilla are not supporting NPAPI plugins due to security reasons and chrome is switching to PPAPI plugin with NACl.
>>>>> But in firebreath url, we saw that "PPAPI can be used in conjunction with NaCL but NACl is supported only on google chrome."
>>>>>
>>>>> Our plan is to use python based plugin based calls in our product.
>>>>>
>>>>> Please suggest us a way to proceed.
>>>>
>>>> FYI, there is a wrapper that allows running PPAPI plugin in NPAPI-enabled browser:
>>>>
>>>> https://github.com/i-rinat/freshplayerplugin
>>>>
>>>> Currently it is focused on running modern versions of Flash plugin inside Firefox.
>>>>
>>>> --
>>>> Regards,
>>>> Konstantin
>>>
>>> --
>>> Thanks & regards,
>>> E. Kotteeswaran | Tech Lead – DVB Middleware
>>>
>>> M: +91 94811 34803 | e: kotteeswaran at lukup.com
>>>
>>> This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and solely for the use of the person(s) or entity to whom it is intended. The contents is issued in confidence for the purpose only for which it is produced. If you have received this message in error and are not the intended recipient, please notify the sender immediately and delete this message and any attachment from your system. If you are not the intended recipient, be advised that any use of this message is prohibited and may be unlawful, and you must not copy this message or attachment or disclose the contents to any other person.
>>>
>>> Internet correspondence is not secure and neither Lukup Media Pvt. Ltd. nor the sender accepts responsibility for viruses or other forms of data corruption caused by such. It is your responsibility to scan this e-mail and any attachments for viruses. Neither Lukup Media Pvt. Ltd. nor the sender does accept liability for any errors or omissions in the contents of this message or attachments that arise as a result of e-mail transmission.
>>
>> --
>> Regards,
>> Konstantin
>
> --
> Thanks & regards,
> E. Kotteeswaran | Tech Lead – DVB Middleware
>
> M: +91 94811 34803 | e: kotteeswaran at lukup.com
>
> This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and solely for the use of the person(s) or entity to whom it is intended. The contents is issued in confidence for the purpose only for which it is produced. If you have received this message in error and are not the intended recipient, please notify the sender immediately and delete this message and any attachment from your system. If you are not the intended recipient, be advised that any use of this message is prohibited and may be unlawful, and you must not copy this message or attachment or disclose the contents to any other person.
>
> Internet correspondence is not secure and neither Lukup Media Pvt. Ltd. nor the sender accepts responsibility for viruses or other forms of data corruption caused by such. It is your responsibility to scan this e-mail and any attachments for viruses. Neither Lukup Media Pvt. Ltd. nor the sender does accept liability for any errors or omissions in the contents of this message or attachments that arise as a result of e-mail transmission.
--
Regards,
Konstantin
More information about the webkit-help
mailing list