Bug 17651 - Sandbox plug-ins to run in a separate process
Summary: Sandbox plug-ins to run in a separate process
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Plug-ins (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P3 Enhancement
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-03 08:52 PST by Michael Rondinelli
Modified: 2010-01-06 17:31 PST (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Rondinelli 2008-03-03 08:52:36 PST
Features introduced in Leopard should make it possible to have plug-ins execute in their own process while rendering within a page. This would introduce a considerable benefit to stability, as plug-ins could no longer cause a crash in the host process.

The basic idea would be to have a separate process for the plug-in rendering into its own off-screen window. The separate process itself could use WebKit so that the environment as seen by the plug-in is unaffected. 

In the host process, a stand-in for the plug-in would facilitate the exchange with the plug-in process. 
CGWindowListCreateImage() would be an avenue for grabbing the rendering of the plug-in and drawing it into the web view properly. IPC would be used to transfer host events (UI and programmatic) to the plug-in process, similarly for outbound programmatic events sent by the plug-in.

The host plug-in would monitor the status of the plug-in process and disconnect rendering safely should the process die. The host could post a message to the user that a plug-in has crashed, giving them the option to re-initialize it or to stop it. When stopped, a default rendering will be drawn by the host (e.g. a broken plug-in icon of some sort).
Comment 1 Gavin Sherlock 2008-03-03 09:02:40 PST
If possible, this would be great.  Based on stack traces, plug-ins seem to cause ~90% of hangs in I experience in Safari (Flash appearing to be the worst culprit), so preventing them from requiring a force quit of the browser would be a significant improvement to stability.
Comment 2 Gavin Sherlock 2008-09-02 22:22:24 PDT
Given that Google worked out how to do this for Chrome, and they've open sourced the project, maybe the webkit team would take what's in Chrome and apply it to webkit if possible.  I think this would make a huge difference to the webkit user experience (I have to say I like their model of all tabs running in separate processes).
Comment 3 Gavin Sherlock 2009-08-31 08:37:44 PDT
This should be closed now, as this has been done in Snow Leopard