xiaoxu | 3 Feb 12:33 2016

[webkit]ask for help on how to build webkit using XCode

Hi all,
I confronted many problems when I was building webkit using Xcode, and I don't the exact method about how to build webkit in Xcode.

So could someone tell me the exact method about this, to make sure I can build webkit using Xcode successfully!

I want to build webkit successfully because I want to debug the source code so that I can learn the source code more clearly.

Now I am using XCode version 7.2.


Thank you very much!
------------------
Xiaoxu Lian 
tel:18601749056
xiaoxulian <at> qq.com
 
<div>
<div>Hi all,</div>
<div>I confronted many problems when I was building webkit using Xcode, and I don't the exact method about how to build webkit in Xcode.</div>
<div><br></div>
<div>So could someone tell me the exact method about this, to make sure I can build webkit using Xcode successfully!</div>
<div><br></div>
<div>I want to build webkit successfully because I want to debug the source code so that I can learn the source code more clearly.</div>
<div><br></div>
<div>Now I am using XCode version 7.2.</div>
<div><br></div>
<div><br></div>
<div>Thank you very much!</div>
<div>
<div>------------------</div>
<div>Xiaoxu Lian&nbsp;<div>tel:18601749056</div>
<div>xiaoxulian <at> qq.com</div>
</div>
</div>
<div>&nbsp;</div>
</div>
xiaoxu | 2 Feb 08:15 2016

[wekbit] ask for HTML5 ServiceWorker develop tips

Hi all,

I am realizing the Service Worker function in HTML5, I want some suggestions and tips on how to do this work well.

I am now working in one company that developing browser based on webkit, not chromium. Because our browser have the demand to run web app. So we need to realizing the Service Worker in HTML5. And I have seen this function has been realized in the browser chromium, I want to realize this function according to chromium.

Here is the questions:

1 about IDL:
[Exposed=(Window,Worker)]
 interface ServiceWorker
 readonly attribute USVString scriptURL;
 readonly attribute ServiceWorkerState state
 void postMessage(any message, optional sequence<Transferable> transfer); // 
event attribute EventHandler onstatechange; }; 

 enum ServiceWorkerState 
 "installing", 
 "installed",
"activating", 
 "activated", 
 "redundant" 
};

when I new one file and .cpp, .h file and added to my project. There was errors like cannot find JSUSVString.h or JSTransferable.h, file name like this it can not find. But My question is How did it created these files and How do I fix questions like this?

2: Does webkit group have the plan to fulfill the service worker function and submit this function to one version of webkit release.

Above are my questions I want to address in the near future!

Thank you very much!
looking forward to your answer!

------------------
Xiaoxu Lian 廉晓旭
tel:18601749056
xiaoxulian <at> qq.com
 
<div>
<div>Hi all,</div>
<div><br></div>
<div>I am realizing the Service Worker function in HTML5, I want some suggestions and tips on how to do this work well.</div>
<div><br></div>
<div>I am now working in one company that developing browser based on webkit, not chromium. Because our browser have the demand to run web app. So we need to realizing the Service Worker in HTML5. And I have seen this function has been realized in the browser chromium, I want to realize this function according to chromium.</div>
<div><br></div>
<div>Here is the questions:</div>
<div><br></div>
<div>1 about IDL:</div>
<div><span>[Exposed=(Window,Worker)]</span></div>
<div>
<span>&nbsp;interface </span>ServiceWorker<span> :&nbsp;</span>
</div>
<div>
<a href="https://dom.spec.whatwg.org/#eventtarget">EventTarget</a><span>&nbsp;</span>
</div>
<div><span>{&nbsp;</span></div>
<div>
<span>&nbsp;readonly attribute </span><a href="http://heycam.github.io/webidl/#idl-USVString">USVString</a><span> </span><a href="https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#service-worker-url-attribute">scriptURL</a><span>;</span>
</div>
<div>
<span>&nbsp;readonly attribute </span><a href="https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#service-worker-state-enum">ServiceWorkerState</a><span> </span><a href="https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#service-worker-state-attribute">state</a><span>;&nbsp;</span>
</div>
<div>
<span>&nbsp;void </span><a href="https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#service-worker-postmessage-method">postMessage</a><span>(any </span>message<span>, optional sequence&lt;</span><a href="https://html.spec.whatwg.org/multipage/infrastructure.html#transferable">Transferable</a><span>&gt; </span>transfer<span>);

  //&nbsp;</span>
</div>
<div>
<span>event
  attribute </span><a href="https://html.spec.whatwg.org/multipage/webappapis.html#eventhandler">EventHandler</a><span> </span><a href="https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#service-worker-onstatechange-attribute">onstatechange</a><span>;
};&nbsp;</span>
</div>
<div>
<a href="https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#service-worker-interface">ServiceWorker</a><span> implements </span><a href="https://html.spec.whatwg.org/multipage/workers.html#abstractworker">AbstractWorker</a><span>;&nbsp;</span>
</div>
<div><span><br></span></div>
<div>
<span>&nbsp;enum </span>ServiceWorkerState<span>&nbsp;</span>
</div>
<div><span>{&nbsp;</span></div>
<div><span>&nbsp;"installing",&nbsp;</span></div>
<div><span>&nbsp;"installed",</span></div>
<div><span>"activating",&nbsp;</span></div>
<div><span>&nbsp;"activated",&nbsp;</span></div>
<div><span>&nbsp;"redundant"&nbsp;</span></div>
<div><span>};</span></div>
<div><br></div>
<div><span>when I new one file and .cpp, .h file and added to my project. There was errors like cannot find JSUSVString.h or JSTransferable.h, file name like this it can not find. But My question is How did it created these files and How do I fix questions like this?</span></div>
<div><span><br></span></div>
<div><span>2: Does webkit group have the plan to fulfill the service worker function and submit this function to one version of webkit release.</span></div>
<div><span><br></span></div>
<div><span>Above are my questions I want to address in the near future!</span></div>
<div><span><br></span></div>
<div><span>Thank you very much!</span></div>
<div><span>looking forward to your answer!</span></div>
<div><br></div>
<div>
<div>------------------</div>
<div>Xiaoxu Lian &#24265;&#26195;&#26093;<div>tel:18601749056</div>
<div>xiaoxulian <at> qq.com</div>
</div>
</div>
<div>&nbsp;</div>
</div>

Full Screen Mode in JavaFX WebView

I have a custom Java application that uses JavaFX WebView to create a web browser (which uses WebKit).  I am trying to get the browser full screen mode to work (https://fullscreen.spec.whatwg.org/).

 

How can I get full screen mode to work in WebKit?

 

I’m also trying to get WebKit’s Web Inspector to work in my browser to help me debug this issue.  How can I activate Web Inspector in JavaFX WebView?


Thanks for any information,

 

Boyd Edmondson
Owner / Senior Software Engineer
Nebula Software


<div>
<p><span>I have a custom Java application that uses JavaFX WebView to create a web browser (which uses WebKit).&nbsp; I am trying to get the browser full screen mode to work (<a href="https://fullscreen.spec.whatwg.org/">https://fullscreen.spec.whatwg.org/</a>).</span></p>
<p><span>&nbsp;</span></p>
<p><span>How can I get full screen mode to work in WebKit?</span></p>
<p><span>&nbsp;</span></p>
<p><span>I&rsquo;m also trying to get WebKit&rsquo;s Web Inspector to work in my browser to help me debug this issue.&nbsp; How can I activate Web Inspector in JavaFX WebView?</span></p>
<p><span><br></span></p>
<p><span>Thanks for any information,</span></p>
<p><span>&nbsp;</span></p>
<span>Boyd Edmondson<br>
Owner / Senior Software Engineer<br>
Nebula Software</span>&#8203;
<p><br></p>
</div>
WoJ | 25 Dec 16:33 2015

Fwd: support for unicode

Hello,

Following a question I posted on Stack Exchange Super User (http://superuser.com/questions/1017269/is-it-possible-that-a-specific-browser-does-not-support-some-unicode) I was suggested to reach out to the epiphany mailing list for specific information.
​I was subsequently redirected to the webkit one. ​
Below is a copy of my initial question.

I wrote a HTML5/CSS/JS application which displays some text in Droid Sans (loaded directly from Google at page load). When developing under Windows, unicode characters are displayed correctly in Chrome.

I started the application with epiphany in Linux and some unicode characters are not displayed correctly:

  • \u00b0 is fine
  • \ud83d\udd15 is not displayed at all

What could be the reason for that?

  • It should not be the font as the same one is used in both Windows and Linux (the remaining of the page looks good).
  • This brings me to the browser: could it be the culprit? (I specifically need to use epiphany as others I tried do not support some features correctly, CSS' flexbox among others)

In other words: is it possible that a browser does not support some unicode characters, others being displayed correctly (and all of them being fine in another browser on another platform, with the same font)?

Thank you for any help regarding this - this character which does not display is a crossed bell to indicate that alarm clocks are not set at home, which, as you can imagine, is a national security level kind of issue.

WoJ

​PS. I initially sent the email from the wrong (not subscription) address. I believe that my email was rejected (no feedback though), if this is not the case my apologies for the double post.​


<div><div dir="ltr">
<div class="gmail_default">Hello,<br>
</div>
<div class="gmail_quote">
<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr">
<div><br></div>
<div>Following a question I posted on Stack Exchange Super User (<a href="http://superuser.com/questions/1017269/is-it-possible-that-a-specific-browser-does-not-support-some-unicode" target="_blank">http://superuser.com/questions/1017269/is-it-possible-that-a-specific-browser-does-not-support-some-unicode</a>) I was suggested to reach out to the epiphany mailing list for specific information. <div>&#8203;I was subsequently redirected to the webkit one. &#8203;</div>Below is a copy of my initial question.</div>
<div><br></div>
<div>
<p>I wrote a HTML5/CSS/JS application which displays some text in&nbsp;<a href="https://fonts.googleapis.com/css?family=Droid%20Sans:400,700" rel="nofollow" target="_blank">Droid Sans</a>&nbsp;(loaded directly from Google at page load). When developing under Windows, unicode characters are displayed correctly in Chrome.</p>
<p>I started the application with&nbsp;<a href="https://wiki.gnome.org/Apps/Web" rel="nofollow" target="_blank">epiphany</a>&nbsp;in Linux and some unicode characters are not displayed correctly:</p>
<ul>
<li>\u00b0&nbsp;is fine</li>
<li>\ud83d\udd15&nbsp;is not displayed at all</li>
</ul>
<p>What could be the reason for that?</p>
<ul>
<li>It should not be the font as the same one is used in both Windows and Linux (the remaining of the page looks good).</li>
<li>This brings me to the browser: could it be the culprit? (I specifically need to use&nbsp;epiphany&nbsp;as others I tried do not support some features correctly, CSS'&nbsp;flexbox&nbsp;among others)</li>
</ul>
<p>In other words:&nbsp;is it possible that a browser does not support&nbsp;some&nbsp;unicode characters, others being displayed correctly (and all of them being fine in another browser on another platform, with the same font)?</p>
<p>Thank you for any help regarding this - this character which does not display is a crossed bell to indicate that alarm clocks are not set at home, which, as you can imagine, is a national security level kind of issue.</p>
<span class="HOEnZb"><span><p>WoJ</p></span></span>
</div>
</div>
</div>
<div class="gmail_default">&#8203;PS. I initially sent the email from the wrong (not subscription) address. I believe that my email was rejected (no feedback though), if this is not the case my apologies for the double post.&#8203;</div>
<br>
</div>
</div>
<br>
</div></div>
Edwin James | 23 Dec 06:20 2015
Picon

WebKitGTK & DirectFB?

Hello All,

 I have downloaded the latest WebkitGTK+ in linux & compiled & ran. The browser looks great. 

How ever our existing platform has a support for DirectFB drivers. Where the WebkitGTK+ kit  doesnt seem to support directFB directly.

I have seen in forums , still the WebKITGT+ can be built with directFB as backend using the cairo.  I tried to build cairo with directFBbackend , without X library.

But it throws me error 
---------------------------------------------------------------------------------------------------------
kit2gtk-4.0.so.37.10.0 <at> CMakeFiles/WebKit2.rsp  && :
Source/WebKit2/CMakeFiles/WebKit2.dir/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp.o:NetscapePluginX11.cpp:function WebKit::NetscapePlugin::platformPaint(WebCore::GraphicsContext&, WebCore::IntRect const&, bool): error: undefined reference to 'cairo_xlib_surface_create'
lib/libWebCoreGTK.a(lib/../Source/WebCore/CMakeFiles/WebCore.dir/platform/graphics/cairo/BackingStoreBackendCairoX11.cpp.o):BackingStoreBackendCairoX11.cpp:function WebCore::BackingStoreBackendCairoX11::BackingStoreBackendCairoX11(unsigned long, Visual*, int, WebCore::IntSize const&, float): error: undefined reference to 'cairo_xlib_surface_create'
---------------------------------------------------------------------------------------------------------

Looks like still GTK depends on X libraries.

Can you please give more idea whether its possible to build the GTK+ , cairo + directFB alone ( excluding the xlibrary)

Appreciate the help.

Best Regards
-Edwin
<div><div dir="ltr">Hello All,<div><br></div>
<div>&nbsp;I have downloaded the latest WebkitGTK+ in linux &amp; compiled &amp; ran. The browser looks great.&nbsp;<br>
</div>
<div><br></div>
<div>How ever our existing platform has a support for DirectFB drivers. Where the WebkitGTK+ kit &nbsp;doesnt seem to support directFB directly.</div>
<div><br></div>
<div>I have seen in forums , still the WebKITGT+ can be built with directFB as backend using the cairo.&nbsp; I tried to build cairo with directFBbackend , without X library.</div>
<div><br></div>
<div>But it throws me error&nbsp;</div>
<div>---------------------------------------------------------------------------------------------------------</div>
<div>
<div>kit2gtk-4.0.so.37.10.0  <at> CMakeFiles/WebKit2.rsp &nbsp;&amp;&amp; :</div>
<div>Source/WebKit2/CMakeFiles/WebKit2.dir/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp.o:NetscapePluginX11.cpp:function WebKit::NetscapePlugin::platformPaint(WebCore::GraphicsContext&amp;, WebCore::IntRect const&amp;, bool): error: undefined reference to 'cairo_xlib_surface_create'</div>
<div>lib/libWebCoreGTK.a(lib/../Source/WebCore/CMakeFiles/WebCore.dir/platform/graphics/cairo/BackingStoreBackendCairoX11.cpp.o):BackingStoreBackendCairoX11.cpp:function WebCore::BackingStoreBackendCairoX11::BackingStoreBackendCairoX11(unsigned long, Visual*, int, WebCore::IntSize const&amp;, float): error: undefined reference to 'cairo_xlib_surface_create'</div>
</div>
<div>---------------------------------------------------------------------------------------------------------<br>
</div>
<div><br></div>
<div>Looks like still GTK depends on X libraries.</div>
<div><br></div>
<div>Can you please give more idea whether its possible to build the GTK+ , cairo + directFB alone ( excluding the xlibrary)</div>
<div><br></div>
<div>Appreciate the help.</div>
<div><br></div>
<div>Best Regards</div>
<div>-Edwin</div>
</div></div>
Kotteeswaran E | 14 Dec 10:49 2015

Re: NPAPI plugins [Kotteeswaran]

Hi,

Thanks for your reply which would be very helpful and useful information that I get. In our case, we planned to give the plugin stuff to our clients (the plugins will be developed by us only). 

So I hope there is no need about security issues.

I still have one more concern that NPAPI won't work properly in mobile environment (Saw in some post while googling). Is it the case?

If yes, what is the reason for that.

thanks & regards,
Kotteeswaran.E


On Mon, Dec 14, 2015 at 3:04 PM, Konstantin Tokarev <annulen <at> yandex.ru> wrote:


11.12.2015, 06:13, "Kotteeswaran E" <kotteeswaran-pjSKRT2oLsQAvxtiuMwx3w@public.gmane.org>:
> Hi,
>
> Thanks for your reply and support.
>
> Our idea is develop a web based customized application (substitute to android) with webkit (option A).
>
> Our product is having wifi, BT, etc. We want to control all these via plugins. When I was analysing this, I found NPAPI & PPAPI plugins and security concerns. I just wanted to confirm, hacking may happen as it is web based. When I make these calls via plugins.

If your environment does not allow execution of 3rd party plugins, security concerns of plugin APIs should not worry you much. (Though you can still have security issues if code of your plugins is not designed with security in mind)

OTOH, since you don't need portability between engines, you should probably use InjectedBundle APIs of WebKit instead of generic plugin APIs - this way will give you more control and performance. Grep code of WebKit for InjectedBundle, WKBundleClient, WKBundleRef to see examples of usage.

>
> thanks & regards,
> Kotteeswaran.E
>
> On Thu, Dec 10, 2015 at 5:44 PM, Konstantin Tokarev <annulen-o+MxOtu4lMCHXe+LvDLADg@public.gmane.org> wrote:
>> 10.12.2015, 15:01, "Kotteeswaran E" <kotteeswaran-pjSKRT2oLsQAvxtiuMwx3w@public.gmane.org>:
>>> Hi,
>>>
>>> Thanks for your prompt reply.
>>>
>>> My concern is that as Google says, the NPAPI plugins are having security issues as they plugins are available to the hackers.
>>>
>>> We plan to implement PPAPI & NACL in webkit instead of NPAPI Plugin calls.
>>>
>>> But We are not sure whether the PPAPI & NACL are portable to webkit environment as a topic in firebreath says that Nacl is supported only in google browsers i.e. it won't support third party browsers. And firebreath is doing its own native messaging.
>>>
>>> Please share ur valuable suggestions in this.
>>
>> Could you specify your goals more precisely? Are you going to
>> a) develop native application using customized WebKit engine, with your additions implemented via plugin, or
>> b) develop plugin which would be possible to use in different WebKit-based browsers?
>>
>> If  the answer is (a), portability should not be a concern for you, since you are in control of your environment, but you also don't have to use NPAPI/PPAPI-style plugins, because you can modify engine at your will.
>>
>>>
>>>  thanks & regards,
>>> Kotteeswaran.E
>>>
>>> On Thu, Dec 10, 2015 at 3:03 PM, Konstantin Tokarev <annulen-o+MxOtu4lMCHXe+LvDLADg@public.gmane.org> wrote:
>>>> 10.12.2015, 07:06, "Kotteeswaran E" <kotteeswaran-pjSKRT2oLsQAvxtiuMwx3w@public.gmane.org>:
>>>>> Hi,
>>>>>
>>>>> We are planning to develop our a webkit based GUI kind of thing. When we browsed in the net, we came to know that Chrome and Mozilla are not supporting NPAPI plugins due to security reasons and chrome is switching to PPAPI plugin with NACl.
>>>>> But in firebreath url, we saw that "PPAPI can be used in conjunction with NaCL but NACl is supported only on google chrome."
>>>>>
>>>>> Our plan is to use python based plugin based calls in our product.
>>>>>
>>>>> Please suggest us a way to proceed.
>>>>
>>>> FYI, there is a wrapper that allows running PPAPI plugin in NPAPI-enabled browser:
>>>>
>>>> https://github.com/i-rinat/freshplayerplugin
>>>>
>>>> Currently it is focused on running modern versions of Flash plugin inside Firefox.
>>>>
>>>> --
>>>> Regards,
>>>> Konstantin
>>>
>>> --
>>> Thanks & regards,
>>> E. Kotteeswaran | Tech Lead – DVB Middleware
>>>
>>> M: +91 94811 34803 | e: kotteeswaran-pjSKRT2oLsQAvxtiuMwx3w@public.gmane.org
>>>
>>> This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and solely for the use of the person(s) or entity to whom it is intended. The contents is issued in confidence for the purpose only for which it is produced. If you have received this message in error and are not the intended recipient, please notify the sender immediately and delete this message and any attachment from your system. If you are not the intended recipient, be advised that any use of this message is prohibited and may be unlawful, and you must not copy this message or attachment or disclose the contents to any other person.
>>>
>>> Internet correspondence is not secure and neither Lukup Media Pvt. Ltd. nor the sender accepts responsibility for viruses or other forms of data corruption caused by such. It is your responsibility to scan this e-mail and any attachments for viruses. Neither Lukup Media Pvt. Ltd. nor the sender does accept liability for any errors or omissions in the contents of this message or attachments that arise as a result of e-mail transmission.
>>
>> --
>> Regards,
>> Konstantin
>
> --
> Thanks & regards,
> E. Kotteeswaran | Tech Lead – DVB Middleware
>
> M: +91 94811 34803 | e: kotteeswaran-pjSKRT2oLsQAvxtiuMwx3w@public.gmane.org
>
> This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and solely for the use of the person(s) or entity to whom it is intended. The contents is issued in confidence for the purpose only for which it is produced. If you have received this message in error and are not the intended recipient, please notify the sender immediately and delete this message and any attachment from your system. If you are not the intended recipient, be advised that any use of this message is prohibited and may be unlawful, and you must not copy this message or attachment or disclose the contents to any other person.
>
> Internet correspondence is not secure and neither Lukup Media Pvt. Ltd. nor the sender accepts responsibility for viruses or other forms of data corruption caused by such. It is your responsibility to scan this e-mail and any attachments for viruses. Neither Lukup Media Pvt. Ltd. nor the sender does accept liability for any errors or omissions in the contents of this message or attachments that arise as a result of e-mail transmission.


--
Regards,
Konstantin



--
Thanks & regards,
E. Kotteeswaran | Tech Lead – DVB Middleware

This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and solely for the use of the person(s) or entity to whom it is intended. The contents is issued in confidence for the purpose only for which it is produced. If you have received this message in error and are not the intended recipient, please notify the sender immediately and delete this message and any attachment from your system. If you are not the intended recipient, be advised that any use of this message is prohibited and may be unlawful, and you must not copy this message or attachment or disclose the contents to any other person.


Internet correspondence is not secure and neither Lukup Media Pvt. Ltd. nor the sender accepts responsibility for viruses or other forms of data corruption caused by such. It is your responsibility to scan this e-mail and any attachments for viruses. Neither Lukup Media Pvt. Ltd. nor the sender does accept liability for any errors or omissions in the contents of this message or attachments that arise as a result of e-mail transmission. 

<div>
<div dir="ltr">Hi,<div><br></div>
<div>Thanks for your reply which would be very helpful and useful information that I get. In our case, we planned to give the plugin stuff to our clients (the plugins will be developed by us only).&nbsp;</div>
<div><br></div>
<div>So I hope there is no need about security issues.</div>
<div><br></div>
<div>I still have one more concern that NPAPI won't work properly in mobile environment (Saw in some post while googling). Is it the case?</div>
<div><br></div>
<div>If yes, what is the reason for that.</div>
<div><br></div>
<div>thanks &amp; regards,</div>
<div>Kotteeswaran.E</div>
<div>
<br><div class="gmail_extra">
<br><div class="gmail_quote">On Mon, Dec 14, 2015 at 3:04 PM, Konstantin Tokarev <span dir="ltr">&lt;<a href="mailto:annulen@..." target="_blank">annulen <at> yandex.ru</a>&gt;</span> wrote:<br><blockquote class="gmail_quote">
<br><br>
11.12.2015, 06:13, "Kotteeswaran E" &lt;<a href="mailto:kotteeswaran@...">kotteeswaran@...</a>&gt;:<br>
&gt; Hi,<br>
&gt;<br><span class="">&gt; Thanks for your reply and support.<br>
&gt;<br>
&gt; Our idea is develop a web based customized application (substitute to android) with webkit (option A).<br>
&gt;<br>
&gt; Our product is having wifi, BT, etc. We want to control all these via plugins. When I was analysing this, I found NPAPI &amp; PPAPI plugins and security concerns. I just wanted to confirm, hacking may happen as it is web based. When I make these calls via plugins.<br><br></span>If your environment does not allow execution of 3rd party plugins, security concerns of plugin APIs should not worry you much. (Though you can still have security issues if code of your plugins is not designed with security in mind)<br><br>
OTOH, since you don't need portability between engines, you should probably use InjectedBundle APIs of WebKit instead of generic plugin APIs - this way will give you more control and performance. Grep code of WebKit for InjectedBundle, WKBundleClient, WKBundleRef to see examples of usage.<br><div class="HOEnZb"><div class="h5">
<br>
&gt;<br>
&gt; thanks &amp; regards,<br>
&gt; Kotteeswaran.E<br>
&gt;<br>
&gt; On Thu, Dec 10, 2015 at 5:44 PM, Konstantin Tokarev &lt;<a href="mailto:annulen@...">annulen@...</a>&gt; wrote:<br>
&gt;&gt; 10.12.2015, 15:01, "Kotteeswaran E" &lt;<a href="mailto:kotteeswaran@...">kotteeswaran@...</a>&gt;:<br>
&gt;&gt;&gt; Hi,<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Thanks for your prompt reply.<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; My concern is that as Google says, the NPAPI plugins are having security issues as they plugins are available to the hackers.<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; We plan to implement PPAPI &amp; NACL in webkit instead of NPAPI Plugin calls.<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; But We are not sure whether the PPAPI &amp; NACL are portable to webkit environment as a topic in firebreath says that Nacl is supported only in google browsers i.e. it won't support third party browsers. And firebreath is doing its own native messaging.<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Please share ur valuable suggestions in this.<br>
&gt;&gt;<br>
&gt;&gt; Could you specify your goals more precisely? Are you going to<br>
&gt;&gt; a) develop native application using customized WebKit engine, with your additions implemented via plugin, or<br>
&gt;&gt; b) develop plugin which would be possible to use in different WebKit-based browsers?<br>
&gt;&gt;<br>
&gt;&gt; If&nbsp; the answer is (a), portability should not be a concern for you, since you are in control of your environment, but you also don't have to use NPAPI/PPAPI-style plugins, because you can modify engine at your will.<br>
&gt;&gt;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; &nbsp;thanks &amp; regards,<br>
&gt;&gt;&gt; Kotteeswaran.E<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; On Thu, Dec 10, 2015 at 3:03 PM, Konstantin Tokarev &lt;<a href="mailto:annulen@...">annulen@...</a>&gt; wrote:<br>
&gt;&gt;&gt;&gt; 10.12.2015, 07:06, "Kotteeswaran E" &lt;<a href="mailto:kotteeswaran@...">kotteeswaran@...</a>&gt;:<br>
&gt;&gt;&gt;&gt;&gt; Hi,<br>
&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt; We are planning to develop our a webkit based GUI kind of thing. When we browsed in the net, we came to know that Chrome and Mozilla are not supporting NPAPI plugins due to security reasons and chrome is switching to PPAPI plugin with NACl.<br>
&gt;&gt;&gt;&gt;&gt; But in firebreath url, we saw that "PPAPI can be used in conjunction with NaCL but NACl is supported only on google chrome."<br>
&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt; Our plan is to use python based plugin based calls in our product.<br>
&gt;&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt;&gt; Please suggest us a way to proceed.<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; FYI, there is a wrapper that allows running PPAPI plugin in NPAPI-enabled browser:<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; <a href="https://github.com/i-rinat/freshplayerplugin" rel="noreferrer" target="_blank">https://github.com/i-rinat/freshplayerplugin</a><br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; Currently it is focused on running modern versions of Flash plugin inside Firefox.<br>
&gt;&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; --<br>
&gt;&gt;&gt;&gt; Regards,<br>
&gt;&gt;&gt;&gt; Konstantin<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; --<br>
&gt;&gt;&gt; Thanks &amp; regards,<br>
&gt;&gt;&gt; E. Kotteeswaran | Tech Lead &ndash; DVB Middleware<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; M: +91 94811 34803 | e:&nbsp;<a href="mailto:kotteeswaran <at> lukup.com">kotteeswaran@...</a><br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and solely for the use of the person(s) or entity to whom it is intended. The contents&nbsp;is issued in confidence for the purpose only for which it is produced.&nbsp;If you have received this message in error and are not the intended recipient, please notify the sender immediately and delete this message and any attachment from your system. If you are not the intended recipient, be advised that any use of this message is prohibited and may be unlawful, and you must not copy this message or attachment or disclose the contents to any other person.<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Internet correspondence is not secure and neither Lukup Media Pvt. Ltd. nor the sender accepts responsibility for viruses or other forms of data corruption caused by such. It is your responsibility to scan this e-mail and any attachments for viruses. Neither Lukup Media Pvt. Ltd. nor the sender does accept liability for any errors or omissions in the contents of this message or attachments that arise as a result of e-mail transmission.<br>
&gt;&gt;<br>
&gt;&gt; --<br>
&gt;&gt; Regards,<br>
&gt;&gt; Konstantin<br>
&gt;<br>
&gt; --<br>
&gt; Thanks &amp; regards,<br>
&gt; E. Kotteeswaran | Tech Lead &ndash; DVB Middleware<br>
&gt;<br>
&gt; M: +91 94811 34803 | e:&nbsp;<a href="mailto:kotteeswaran@...">kotteeswaran@...</a><br>
&gt;<br>
&gt; This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and solely for the use of the person(s) or entity to whom it is intended. The contents&nbsp;is issued in confidence for the purpose only for which it is produced.&nbsp;If you have received this message in error and are not the intended recipient, please notify the sender immediately and delete this message and any attachment from your system. If you are not the intended recipient, be advised that any use of this message is prohibited and may be unlawful, and you must not copy this message or attachment or disclose the contents to any other person.<br>
&gt;<br>
&gt; Internet correspondence is not secure and neither Lukup Media Pvt. Ltd. nor the sender accepts responsibility for viruses or other forms of data corruption caused by such. It is your responsibility to scan this e-mail and any attachments for viruses. Neither Lukup Media Pvt. Ltd. nor the sender does accept liability for any errors or omissions in the contents of this message or attachments that arise as a result of e-mail transmission.<br><br><br>
--<br>
Regards,<br>
Konstantin<br>
</div></div>
</blockquote>
</div>
<br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">
<span>Thanks &amp; regards,</span><br><span>E. Kotteeswaran | Tech Lead &ndash; DVB Middleware</span><br><div><div><p><span lang="EN-US">M: +91 94811 34803 | e:&nbsp;<a href="mailto:xyz <at> lukup.com" target="_blank"><span>kotteeswaran@...</span></a></span>&nbsp;</p></div></div>
</div></div>
</div>
</div>
</div>

<br><div>
<p><span>This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and solely for the use of the person(s) or entity to whom it is intended. The contents&nbsp;is issued in confidence for the purpose only for which it is produced.&nbsp;</span><span>If you have received this message in error and are not the intended recipient, please notify the sender immediately and delete this message and any attachment from your system. If you are not the intended recipient, be advised that any use of this message is prohibited and may be unlawful, and you must not copy this message or attachment or disclose the contents to any other person.</span><span></span></p>
<p><span><br>Internet correspondence is not secure and neither Lukup Media Pvt. Ltd. nor the sender accepts responsibility for viruses or other forms of data corruption caused by such. It is your responsibility to scan this e-mail and any attachments for viruses. Neither Lukup Media Pvt. Ltd. nor the sender does accept liability for any errors or omissions in the contents of this message or attachments that arise as a result of e-mail transmission.&nbsp;</span></p>
</div>
</div>
Kotteeswaran E | 14 Dec 03:41 2015

Re: NPAPI plugins (Kotteeswaran E)

Hi,

Thanks for your reply and support.


Our idea is develop a web based customized application (substitute to android) with webkit (option A). 

Our product is having wifi, BT, etc. We want to control all these via plugins. When I was analysing this, I found NPAPI & PPAPI plugins and security concerns. I just wanted to confirm, hacking may happen as it is web based. When I make these calls via plugins.


thanks & regards,
Kotteeswaran.E 







On Thu, Dec 10, 2015 at 5:44 PM, Konstantin Tokarev <annulen <at> yandex.ru> wrote:


10.12.2015, 15:01, "Kotteeswaran E" <kotteeswaran-pjSKRT2oLsQAvxtiuMwx3w@public.gmane.org>:
> Hi,
>
> Thanks for your prompt reply.
>
> My concern is that as Google says, the NPAPI plugins are having security issues as they plugins are available to the hackers.
>
> We plan to implement PPAPI & NACL in webkit instead of NPAPI Plugin calls.
>
> But We are not sure whether the PPAPI & NACL are portable to webkit environment as a topic in firebreath says that Nacl is supported only in google browsers i.e. it won't support third party browsers. And firebreath is doing its own native messaging.
>
> Please share ur valuable suggestions in this.


Could you specify your goals more precisely? Are you going to
a) develop native application using customized WebKit engine, with your additions implemented via plugin, or
b) develop plugin which would be possible to use in different WebKit-based browsers?

If  the answer is (a), portability should not be a concern for you, since you are in control of your environment, but you also don't have to use NPAPI/PPAPI-style plugins, because you can modify engine at your will.

>
>  thanks & regards,
> Kotteeswaran.E
>
> On Thu, Dec 10, 2015 at 3:03 PM, Konstantin Tokarev <annulen-o+MxOtu4lMCHXe+LvDLADg@public.gmane.org> wrote:
>> 10.12.2015, 07:06, "Kotteeswaran E" <kotteeswaran-pjSKRT2oLsQAvxtiuMwx3w@public.gmane.org>:
>>> Hi,
>>>
>>> We are planning to develop our a webkit based GUI kind of thing. When we browsed in the net, we came to know that Chrome and Mozilla are not supporting NPAPI plugins due to security reasons and chrome is switching to PPAPI plugin with NACl.
>>> But in firebreath url, we saw that "PPAPI can be used in conjunction with NaCL but NACl is supported only on google chrome."
>>>
>>> Our plan is to use python based plugin based calls in our product.
>>>
>>> Please suggest us a way to proceed.
>>
>> FYI, there is a wrapper that allows running PPAPI plugin in NPAPI-enabled browser:
>>
>> https://github.com/i-rinat/freshplayerplugin
>>
>> Currently it is focused on running modern versions of Flash plugin inside Firefox.
>>
>> --
>> Regards,
>> Konstantin
>
> --
> Thanks & regards,
> E. Kotteeswaran | Tech Lead – DVB Middleware
>
> M: +91 94811 34803 | e: kotteeswaran-pjSKRT2oLsQAvxtiuMwx3w@public.gmane.org
>
> This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and solely for the use of the person(s) or entity to whom it is intended. The contents is issued in confidence for the purpose only for which it is produced. If you have received this message in error and are not the intended recipient, please notify the sender immediately and delete this message and any attachment from your system. If you are not the intended recipient, be advised that any use of this message is prohibited and may be unlawful, and you must not copy this message or attachment or disclose the contents to any other person.
>
> Internet correspondence is not secure and neither Lukup Media Pvt. Ltd. nor the sender accepts responsibility for viruses or other forms of data corruption caused by such. It is your responsibility to scan this e-mail and any attachments for viruses. Neither Lukup Media Pvt. Ltd. nor the sender does accept liability for any errors or omissions in the contents of this message or attachments that arise as a result of e-mail transmission.


--
Regards,
Konstantin



--
Thanks & regards,
E. Kotteeswaran | Tech Lead – DVB Middleware

M: +91 94811 34803 | e: kotteeswaran <at> lukup.com 




--
Thanks & regards,
E. Kotteeswaran | Tech Lead – DVB Middleware

This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and solely for the use of the person(s) or entity to whom it is intended. The contents is issued in confidence for the purpose only for which it is produced. If you have received this message in error and are not the intended recipient, please notify the sender immediately and delete this message and any attachment from your system. If you are not the intended recipient, be advised that any use of this message is prohibited and may be unlawful, and you must not copy this message or attachment or disclose the contents to any other person.


Internet correspondence is not secure and neither Lukup Media Pvt. Ltd. nor the sender accepts responsibility for viruses or other forms of data corruption caused by such. It is your responsibility to scan this e-mail and any attachments for viruses. Neither Lukup Media Pvt. Ltd. nor the sender does accept liability for any errors or omissions in the contents of this message or attachments that arise as a result of e-mail transmission. 

<div>
<div dir="ltr"><div class="gmail_extra">
<div class="gmail_quote"><blockquote class="gmail_quote">
<div dir="ltr">Hi,<div><br></div>
<div>Thanks for your reply and support.</div>
<div><br></div>
<div><br></div>
<div>Our idea is develop a web based customized application (substitute to android) with webkit (option A).&nbsp;</div>
<div><br></div>
<div>Our product is having wifi, BT, etc. We want to control all these via plugins. When I was analysing this, I found NPAPI &amp; PPAPI plugins and security concerns. I just wanted to confirm, hacking may happen as it is web based. When I make these calls via plugins.</div>
<div><br></div>
<div><br></div>
<div>thanks &amp; regards,</div>
<div>Kotteeswaran.E&nbsp;</div>
<div><br></div>
<div><br></div>
<div><br></div>
<div><br></div>
<div><br></div>
<div><br></div>
</div>
<div class="HOEnZb"><div class="h5">
<div class="gmail_extra">
<br><div class="gmail_quote">On Thu, Dec 10, 2015 at 5:44 PM, Konstantin Tokarev <span dir="ltr">&lt;<a href="mailto:annulen@..." target="_blank">annulen <at> yandex.ru</a>&gt;</span> wrote:<br><blockquote class="gmail_quote">
<br><br>
10.12.2015, 15:01, "Kotteeswaran E" &lt;<a href="mailto:kotteeswaran@..." target="_blank">kotteeswaran@...</a>&gt;:<br><span>&gt; Hi,<br>
&gt;<br>
&gt; Thanks for your prompt reply.<br>
&gt;<br>
&gt; My concern is that as Google says, the NPAPI plugins are having security issues as they plugins are available to the hackers.<br>
&gt;<br>
&gt; We plan to implement PPAPI &amp; NACL in webkit instead of NPAPI Plugin calls.<br>
&gt;<br>
&gt; But We are not sure whether the PPAPI &amp; NACL are portable to webkit environment as a topic in firebreath says that Nacl is supported only in google browsers i.e. it won't support third party browsers. And firebreath is doing its own native messaging.<br>
&gt;<br>
&gt; Please share ur valuable suggestions in this.<br><br><br></span>Could you specify your goals more precisely? Are you going to<br>
a) develop native application using customized WebKit engine, with your additions implemented via plugin, or<br>
b) develop plugin which would be possible to use in different WebKit-based browsers?<br><br>
If&nbsp; the answer is (a), portability should not be a concern for you, since you are in control of your environment, but you also don't have to use NPAPI/PPAPI-style plugins, because you can modify engine at your will.<br><span><br>
&gt;<br>
&gt; &nbsp;thanks &amp; regards,<br>
&gt; Kotteeswaran.E<br>
&gt;<br>
&gt; On Thu, Dec 10, 2015 at 3:03 PM, Konstantin Tokarev &lt;<a href="mailto:annulen@..." target="_blank">annulen@...</a>&gt; wrote:<br>
&gt;&gt; 10.12.2015, 07:06, "Kotteeswaran E" &lt;<a href="mailto:kotteeswaran@..." target="_blank">kotteeswaran@...</a>&gt;:<br>
&gt;&gt;&gt; Hi,<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; We are planning to develop our a webkit based GUI kind of thing. When we browsed in the net, we came to know that Chrome and Mozilla are not supporting NPAPI plugins due to security reasons and chrome is switching to PPAPI plugin with NACl.<br>
&gt;&gt;&gt; But in firebreath url, we saw that "PPAPI can be used in conjunction with NaCL but NACl is supported only on google chrome."<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Our plan is to use python based plugin based calls in our product.<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Please suggest us a way to proceed.<br>
&gt;&gt;<br>
&gt;&gt; FYI, there is a wrapper that allows running PPAPI plugin in NPAPI-enabled browser:<br>
&gt;&gt;<br>
&gt;&gt; <a href="https://github.com/i-rinat/freshplayerplugin" rel="noreferrer" target="_blank">https://github.com/i-rinat/freshplayerplugin</a><br>
&gt;&gt;<br>
&gt;&gt; Currently it is focused on running modern versions of Flash plugin inside Firefox.<br>
&gt;&gt;<br>
&gt;&gt; --<br>
&gt;&gt; Regards,<br>
&gt;&gt; Konstantin<br>
&gt;<br>
&gt; --<br>
&gt; Thanks &amp; regards,<br>
&gt; E. Kotteeswaran | Tech Lead &ndash; DVB Middleware<br>
&gt;<br>
&gt; M: +91 94811 34803 | e:&nbsp;<a href="mailto:kotteeswaran@..." target="_blank">kotteeswaran@...</a><br>
&gt;<br></span>&gt; This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and solely for the use of the person(s) or entity to whom it is intended. The contents&nbsp;is issued in confidence for the purpose only for which it is produced.&nbsp;If you have received this message in error and are not the intended recipient, please notify the sender immediately and delete this message and any attachment from your system. If you are not the intended recipient, be advised that any use of this message is prohibited and may be unlawful, and you must not copy this message or attachment or disclose the contents to any other person.<br>
&gt;<br>
&gt; Internet correspondence is not secure and neither Lukup Media Pvt. Ltd. nor the sender accepts responsibility for viruses or other forms of data corruption caused by such. It is your responsibility to scan this e-mail and any attachments for viruses. Neither Lukup Media Pvt. Ltd. nor the sender does accept liability for any errors or omissions in the contents of this message or attachments that arise as a result of e-mail transmission.<br><span><br><br>
--<br>
Regards,<br>
Konstantin<br></span>
</blockquote>
</div>
<br><br clear="all"><div><br></div>-- <br><div><div dir="ltr">
<span>Thanks &amp; regards,</span><br><span>E. Kotteeswaran | Tech Lead &ndash; DVB Middleware</span><br><div><div><p><span lang="EN-US">M: +91 94811 34803 | e:&nbsp;<a href="mailto:xyz@..." target="_blank"><span>kotteeswaran <at> lukup.com</span></a></span>&nbsp;</p></div></div>
</div></div>
</div>
</div></div>
</blockquote></div>
<br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">
<span>Thanks &amp; regards,</span><br><span>E. Kotteeswaran | Tech Lead &ndash; DVB Middleware</span><br><div><div><p><span lang="EN-US">M: +91 94811 34803 | e:&nbsp;<a href="mailto:xyz <at> lukup.com" target="_blank"><span>kotteeswaran@...</span></a></span>&nbsp;</p></div></div>
</div></div>
</div></div>

<br><div>
<p><span>This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and solely for the use of the person(s) or entity to whom it is intended. The contents&nbsp;is issued in confidence for the purpose only for which it is produced.&nbsp;</span><span>If you have received this message in error and are not the intended recipient, please notify the sender immediately and delete this message and any attachment from your system. If you are not the intended recipient, be advised that any use of this message is prohibited and may be unlawful, and you must not copy this message or attachment or disclose the contents to any other person.</span><span></span></p>
<p><span><br>Internet correspondence is not secure and neither Lukup Media Pvt. Ltd. nor the sender accepts responsibility for viruses or other forms of data corruption caused by such. It is your responsibility to scan this e-mail and any attachments for viruses. Neither Lukup Media Pvt. Ltd. nor the sender does accept liability for any errors or omissions in the contents of this message or attachments that arise as a result of e-mail transmission.&nbsp;</span></p>
</div>
</div>
sign up | 13 Dec 20:42 2015
Picon

blacklist limit and callback question

Hi,

First of all is there a limit on how many URLs we can load for blocking (i.e.: blacklist) ? I read somewhere there was a near 50k whitelist rule limit in the mailing thread. So I am assuming similar limitation is available. The problem I have is that rules needs to be pre-loaded on the device. For hostname blocking I believe it should allow callback into the extension so we can do lookup locally (cached data) or remotely (cloud lookup). This allows more flexibility and memory efficient (less than 1Gb to work with). This would make blocking of URL by category (ex: adult content; violent/illegal content) filtering very simple. I wish Apple allowed this from their native parental control but this is the closest (and easiest) thing we have right now.

I wish URL blocking can be made smarter by only calling the extension when the address bar's URL is loading so there is no argument for performance. Right now the only argument is that loading every resource on a page triggers a callback to the extension can cause delay so pre-loading rules (and optimizing it is good). So doing the filtering of main URL before anything can clean cut the whole processing flow by terminating the analysis right away if it matches a blacklist (basically alot of companies would like to bring URL filtering to iOS).

Ideal flow:

1) main page loading - callback on main URL request - if blocked no further resources are loaded - callback to block logic; this is URL filtering logic
2) callback to extension for each resource loading - this is content filtering logic (i.e.: ad blocking; tracking blocking, etc)

If we don't differentiate main page's URL loading with every other URLs on the page then we will end up treating everything as being equal which is feature limiting (i.e.: serials.ws is illegal so further filtering of every single resources of that page is irrelevant since you could block the page from the first URL request - same issue with proxy filtering, lack of context introduces inefficiency and higher network traffic cost). I hope webkit has enough context to make URL filtering a reality for iOS (without the cost of proxy).

Feedback welcome.
<div><div>
<div>Hi,</div>
<div><br></div>
<div>First of all is there a limit on how many URLs we can load for blocking (i.e.: blacklist) ? I read somewhere there was a near 50k whitelist rule limit in the mailing thread. So I am assuming similar limitation is available. The problem I have is that rules needs to be pre-loaded on the device. For hostname blocking I believe it should allow callback into the extension so we can do lookup locally (cached data) or remotely (cloud lookup). This allows more flexibility and memory efficient (less than 1Gb to work with). This would make blocking of URL by category (ex: adult content; violent/illegal content) filtering very simple. I wish Apple allowed this from their native parental control but this is the closest (and easiest) thing we have right now.</div>
<div><br></div>
<div>I wish URL blocking can be made smarter by only calling the extension when the address bar's URL is loading so there is no argument for performance. Right now the only argument is that loading every resource on a page triggers a callback to the extension can cause delay so pre-loading rules (and optimizing it is good). So doing the filtering of main URL before anything can clean cut the whole processing flow by terminating the analysis right away if it matches a blacklist (basically alot of companies would like to bring URL filtering to iOS).</div>
<div><br></div>
<div>Ideal flow:</div>
<div><br></div>
<div dir="ltr">1) main page loading - callback on main URL request - if blocked no further resources are loaded - callback to block logic; this is URL filtering logic</div>
<div dir="ltr">2) callback to extension for each resource loading - this is content filtering logic (i.e.: ad blocking; tracking blocking, etc)</div>
<div dir="ltr"><br></div>
<div dir="ltr">If we don't differentiate main page's URL loading with every other URLs on the page then we will end up treating everything as being equal which is feature limiting (i.e.: serials.ws is illegal so further filtering of every single resources of that page is irrelevant since you could block the page from the first URL request - same issue with proxy filtering, lack of context introduces inefficiency and higher network traffic cost). I hope webkit has enough context to make URL filtering a reality for iOS (without the cost of proxy).</div>
<div dir="ltr"><br></div>
<div dir="ltr">Feedback welcome.</div>
</div></div>
Kotteeswaran E | 10 Dec 05:06 2015

NPAPI plugins

Hi,

We are planning to develop our a webkit based GUI kind of thing. When we browsed in the net, we came to know that Chrome and Mozilla are not supporting NPAPI plugins due to security reasons and chrome is switching to PPAPI plugin with NACl. 
But in firebreath url, we saw that "PPAPI can be used in conjunction with NaCL but NACl is supported only on google chrome."

Our plan is to use python based plugin based calls in our product.

Please suggest us a way to proceed.
--
Thanks & regards,
E. Kotteeswaran | Tech Lead – DVB Middleware

This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and solely for the use of the person(s) or entity to whom it is intended. The contents is issued in confidence for the purpose only for which it is produced. If you have received this message in error and are not the intended recipient, please notify the sender immediately and delete this message and any attachment from your system. If you are not the intended recipient, be advised that any use of this message is prohibited and may be unlawful, and you must not copy this message or attachment or disclose the contents to any other person.


Internet correspondence is not secure and neither Lukup Media Pvt. Ltd. nor the sender accepts responsibility for viruses or other forms of data corruption caused by such. It is your responsibility to scan this e-mail and any attachments for viruses. Neither Lukup Media Pvt. Ltd. nor the sender does accept liability for any errors or omissions in the contents of this message or attachments that arise as a result of e-mail transmission. 

<div>
<div dir="ltr">Hi,<div><br></div>
<div>We are planning to develop our a webkit based GUI kind of thing. When we browsed in the net, we came to know that Chrome and Mozilla are not supporting NPAPI plugins due to security reasons and chrome is switching to PPAPI plugin with NACl.&nbsp;</div>
<div>But in firebreath url, we saw that "<span>PPAPI can be used in conjunction with NaCL but NACl is supported only on google chrome."</span><br clear="all"><div><br></div>
<div>Our plan is to use python based plugin based calls in our product.</div>
<div><br></div>
<div>Please suggest us a way to proceed.</div>-- <br><div class="gmail_signature"><div dir="ltr">
<span>Thanks &amp; regards,</span><br><span>E. Kotteeswaran | Tech Lead &ndash; DVB Middleware</span><br><div><div><p><span lang="EN-US">M: +91 94811 34803 | e:&nbsp;<a href="mailto:xyz@..." target="_blank"><span>kotteeswaran@...</span></a></span>&nbsp;</p></div></div>
</div></div>
</div>
</div>

<br><div>
<p><span>This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and solely for the use of the person(s) or entity to whom it is intended. The contents&nbsp;is issued in confidence for the purpose only for which it is produced.&nbsp;</span><span>If you have received this message in error and are not the intended recipient, please notify the sender immediately and delete this message and any attachment from your system. If you are not the intended recipient, be advised that any use of this message is prohibited and may be unlawful, and you must not copy this message or attachment or disclose the contents to any other person.</span><span></span></p>
<p><span><br>Internet correspondence is not secure and neither Lukup Media Pvt. Ltd. nor the sender accepts responsibility for viruses or other forms of data corruption caused by such. It is your responsibility to scan this e-mail and any attachments for viruses. Neither Lukup Media Pvt. Ltd. nor the sender does accept liability for any errors or omissions in the contents of this message or attachments that arise as a result of e-mail transmission.&nbsp;</span></p>
</div>
</div>
Sharma, Rupali | 9 Dec 19:18 2015

A Webkit exploit - Apple Safari Heap Buffer Overflow

Hello,

 

A Webkit exploit was reported where WebKit implementation was vulnerable to ROP(return oriented programming) attacks. Here are the details: https://www.exploit-db.com/exploits/28081/.

However, we are interested in knowing which revision of WebKit has the fix for resolving this vulnerability.

 

Digging more info, we found that the exploit was due to an heap buffer overflow issue in JavaScriptCore JSArray::Sort() method.

Details:

 

The heap memory buffer overflow vulnerability exists within the WebKit's

JavaScriptCore JSArray::sort(...) method.  This method accepts the user-defined

JavaScript function and calls it from the native code to compare array items.

If this compare function reduces array length, then the trailing array items

will be written outside the "m_storage->m_vector[]" buffer, which leads to the

heap memory corruption.

 

The exploit for this vulnerability is a JavaScript code which shows how to

use it for memory corruption of internal JS objects (Unit32Array and etc.)

and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted

into the JS code).

 

So our question is, can point us to the fix (i.e. changelist/revision) which patched this exploit?

 

Thanks,

Rupali

<div>
<div class="WordSection1">
<p class="MsoNormal"><span>Hello,<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>A Webkit exploit was reported where WebKit implementation was vulnerable to ROP(return oriented programming) attacks. Here are the details:
<a href="https://www.exploit-db.com/exploits/28081/"><span>https://www.exploit-db.com/exploits/28081/</span></a>.<p></p></span></p>
<p class="MsoNormal"><span>However, we are interested in knowing which revision of WebKit has the fix for resolving this vulnerability.
<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>Digging more info, we found that the exploit was due to an heap buffer overflow issue in JavaScriptCore JSArray::Sort() method.
<p></p></span></p>
<p class="MsoNormal"><span>Details:<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>The heap memory buffer overflow vulnerability exists within the WebKit's
</span><span><p></p></span></p>
<p class="MsoNormal"><span>JavaScriptCore JSArray::sort(...) method.&nbsp; This method accepts the user-defined
</span><span><p></p></span></p>
<p class="MsoNormal"><span>JavaScript function and calls it from the native code to compare array items.
</span><span><p></p></span></p>
<p class="MsoNormal"><span>If this compare function reduces array length, then the trailing array items
</span><span><p></p></span></p>
<p class="MsoNormal"><span>will be written outside the "m_storage-&gt;m_vector[]" buffer, which leads to the
</span><span><p></p></span></p>
<p class="MsoNormal"><span>heap memory corruption.</span><span><p></p></span></p>
<p class="MsoNormal"><span>&nbsp;<p></p></span></p>
<p class="MsoNormal"><span>The exploit for this vulnerability is a JavaScript code which shows how to
</span><span><p></p></span></p>
<p class="MsoNormal"><span>use it for memory corruption of internal JS objects (Unit32Array and etc.)
</span><span><p></p></span></p>
<p class="MsoNormal"><span>and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted
</span><span><p></p></span></p>
<p class="MsoNormal"><span>into the JS code).</span><span><p></p></span></p>
<p class="MsoNormal"><span>&nbsp;<p></p></span></p>
<p class="MsoNormal"><span>So our question is, can point us to the fix (i.e. changelist/revision) which patched this exploit?<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>Thanks,<p></p></span></p>
<p class="MsoNormal"><span>Rupali<p></p></span></p>
</div>
</div>
Jean-Philippe Déry | 7 Dec 21:05 2015
Picon
Gravatar

JSValueRef / JSObjectRef used as map key, safe or not ?

Hi,

I’m trying to find a way to store private data on a JSObjectRef other than JSObjectSetPrivate since it's
not possible to store data on an object that was not created with JSObjectMake. I’m left to using an
unordered_map with the JSObjectRef as key. It’s seems to be working fine so far but I was wondering if the
JSObjectRef's address could change and be invalid. This concern comes from the fact that, on V8, doing
such thing is discouraged because the address of a value may change when garbage collection occurs.

Is it safe ?

Thanks

_______________________________________________
webkit-help mailing list
webkit-help <at> lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-help

Gmane