The isolated worlds feature that I wrote about earlier is described toward the end. Isolated worlds separate each JavaScript program that has access to a web page's DOM. Each program can modify the DOM and see changes made by other programs, but programs cannot exchange JavaScript references. This setup prevents privileges from accidentally leaking between programs. Isolated worlds are now implemented directly in WebKit (thanks to Adam Barth), so they could show up in other WebKit applications in the future.
My other favorite feature is that an extension's unique ID is a public key. The extension is signed with the corresponding private key, which means it is impossible to have ID collisions. Even if a developer copies an existing extension to get started, he won't be able to copy the extension's ID because he would need the private key in order to sign it.
No comments:
Post a Comment