Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [orion-dev] how to disable sandboxing?

I can't help thinking this disconnect is due to coming from an OSGi/eclipse architecture where everything is a plugin. In Eclipse/OSGi everything is a bundle, and each bundle has the full expressive power to do absolutely anything in the system. The only way to provide or consume services in OSGi is via a bundle.  In Orion, everything is most certainly *not* a bundle. An Orion plugin is simply a mechanism for inter-frame (host) communication. They are not a unit of modularity or reuse. If you look at the implementation of the "built in" Orion pages, there are lots of services but not many plugins. Most services are created directly by the page and have all the power of in page scripts. In this model, disabling the sandbox for plugins from the same host is a non sequitur - if the services are provided by the same host then they don't need to be in a plugin. Maybe there is a reason for this that I'm missing...


From:        Mike Wilson/Ottawa/IBM@IBMCA
To:        Orion developer discussions <orion-dev@xxxxxxxxxxx>,
Date:        12/17/2012 02:16 PM
Subject:        Re: [orion-dev] how to disable sandboxing?
Sent by:        orion-dev-bounces@xxxxxxxxxxx


I thought you were going to help us figure out how to solve this problem? Instead of re-iterating your original position, try to describe exactly what you'd like to be able to do, maybe even with example API, etc.  Bug 393711 is a starting point, but you (and Simon) need to flesh out details, before we can think about implementing it.


Inactive hide details for Rafael Chaves ---2012/12/17 12:36:04---This bug report suggests sandboxing of plugins can be disabledRafael Chaves ---2012/12/17 12:36:04---This bug report suggests sandboxing of plugins can be disabled:

Rafael Chaves <rafael@xxxxxxxxxxxx>
Orion developer discussions <orion-dev@xxxxxxxxxxx>
2012/12/17 12:36
[orion-dev] how to disable sandboxing?
Sent by:

This bug report suggests sandboxing of plugins can be disabled:

Could someone please shed a light on how sandboxing of plugins is
implemented in Orion and how it can be turned off (even if it requires
gutting some code in Orion)? I will then try to look into a way of
selectively disabling it (say, for plug-ins coming from the same
host/port), basically to address  If my knowledge
of _javascript_/browser security model wasn't so spotty I am sure I
could find it on my own.

I am hitting orion-dev because I think this is of architectural
interest. The differences between "built-in" and plugin code are an
overwhelming limitation in Orion as is today. It is either the case a
use case was foreseen in some extension point or it just can't be done
(usually because of sandboxing), and that seriously cripples
innovation on top of Orion.

You pointers/directions are appreciated. Keep up the good work.

orion-dev mailing list

orion-dev mailing list

Back to the top