webkit2 and you (guadec 2013)
Post on 10-Nov-2014
713 Views
Preview:
DESCRIPTION
TRANSCRIPT
WebKit2 and YouWebKit2 for Application Developers
Martin RobinsonIgalia
Quick Review
WebKit
Web content engineProcesses and renders web contentStarted as a fork of KTHML and KJSOpen source since 2005Goals: open source, compatibility, compliance, stability, performance,security, portability, usability, hackabilityNon-goals: being a full web browser, being a science project, havingreusable components, unlimited scopeSplit into ports: GTK+, Qt, EFL, Mac, Windows
·
·
·
·
·
·
·
4/29
WebKitGTK+
Each WebKit port is composed of
WebKitGTK+ platform layer:
API layer is a GtkWidget and a set of GObject APIsWebKitGTK+ is used by Epiphany, Midori, yelp, devhelp
·
Platform interfacesAPI layer
-
-
·
libsoup for networkingcairo for rasterizationOpenGL for making the scene graph and WebGLGStreamer for mediaVarious GTK+ APIs for talking with the system
-
-
-
-
-
·
·
5/29
Architecture
6/29
Minor Philosophical Point
Code has bugs that crash the program.Code has bugs that allow arbitrary code execution.Code relies on dependencies with bugs.Code handles fonts and images that are essentially small programs.WebKit2 is a pragmatic response
·
·
·
·
·
7/29
Why WebKit2?
The web platform is hugeMake crashes less inconvenient for usersPrevent bugs and crashes from exposing user dataPrevent bugs and crashes from damaging the system or executingarbitrary codeStop web applications from blocking each other
·
·
·
·
·
8/29
WebKit2
Give the web rendering parts of WebKit their own process
Sandbox web rendering
·
Page crashes don't crash the browserCan put vulnerable data into a separate address space
·
·
·
Prevent pages from accessing the disk and operating systeminterface
·
9/29
WebKit2 Architecture
10/29
Details
IPC
IPC glues the different processes togetherThree types of IPC in use in Webkit
·
·
Messaging: Unix domain socket for sending messagessynchronously or asynchronouslyShared memory: shmem for passing large messages and bitmapsShared surfaces: XComposite/XDamage for passing hardwareaccelerated surfaces cheaply
-
-
-
12/29
Accelerated Compositing
WebKit has its own hardware-accelerated scene graph of page content
Scene graph is in the WebProcess, but drawing happens in theUIProcessXComposite/XDamage allows compositing and final paint in differentprocesses
·
Prevent unnecessary redraw3D CSS transformsWebGL
-
-
-
·
·
13/29
Practical Bits
Should I port my application to WebKit2?
Yes
Why Port?
WebKit1 development has moved to maintenance modeWebKit1 will be deprecated in the futureThe WebKit2GTK+ API is richer and better testedPorting to WebKit2 brings immediate performance, security, andstability benefits
·
·
·
·
16/29
Porting Challenges
There is not yet a porting guide
Many synchronous APIs with return values are now asynchronous
Two-way communication from the page is more complicated
·
Extensive API documentation-
·
void webkit_web_view_save (WebKitWebView *web_view, WebKitSaveMode save_mode, GCancellable *cancellable, GAsyncReadyCallback callback, gpointer user_data);
C
·
Injected script sourceCustom protocolsGObject DOM bindingsPage access via the JSC API
-
-
-
-
17/29
Injected Script Source
Strings of JavaScript source code executed asynchronously in theWebProcesCan return a value which is serialized and sent across the IPCmessaging channel
·
·
18/29
Injected Script Source
webkit_web_view_run_javascript (web_view, "window.document.body.textContent;", 0, run_javascript_finished_callback, NULL);
C
static voidrun_javascript_finished_callback (GObject *source_object, GAsyncResult *result, gpointer user_data){ GError *error; WebKitJavaScriptResult *javascript_result = webkit_web_view_run_javascript_finish (WEBKIT_WEB_VIEW(source_object), result, &error);
JSStringRef string_value = JSValueToStringCopy ( webkit_javascript_result_get_global_context (javascript_result), webkit_javascript_result_get_value (javascript_result), NULL);
char *string = g_malloc (JSStringGetMaximumUTF8CStringSize (string_value)); JSStringGetUTF8CString (string_value, string, JSStringGetMaximumUTF8CStringSize (string_value));
printf ("result: %s\n", string);
...}
C
19/29
Custom Protocols
Page to WebKit communication by accessing a resourcess across acustom protocolExample of this approach are about: pagesCommunicate without reloading the page via AJAXSubject to same-origin security restrictions
·
·
·
·
20/29
Custom Protocols
WebKitContext *context = webkit_web_context_get_default ();webkit_web_context_register_uri_scheme (context, "about", about_uri_scheme_request_cb, NULL, NULL);
C
static voidabout_uri_scheme_request_cb (WebKitURISchemeRequest *request, gpointer user_data){ GInputStream *stream; const gchar *path; gchar *contents;
path = webkit_uri_scheme_request_get_path (request); contents = g_strdup_printf ("Loaded about:%s page", path); stream = g_memory_input_stream_new_from_data (contents, strlen (contents), g_free);
webkit_uri_scheme_request_finish (request, stream, stream_length, "text/html"); g_object_unref (stream);}
C
21/29
Web Extensions
Web extensions are shared objects that execute in the WebProcessNo IPC penalties
Written on top of the port-independent WebKit InjectedBundleNo IPC API, but you can use DBus for communication with theUIProcess
·
·
Synchronous behavior does not block the UIDirect access to page state including the DOMTiming is less of an issue
-
-
-
·
·
22/29
Web Extensions
voidwebkit_web_extension_initialize (WebKitWebExtension *extension){ printf ("Hello from a WebProcess\n");}
C
$ gcc -c -Wall -Werror -fpic web-extension.c$ gcc -shared -o web-extension.so web-extension.o
SHELL
webkit_web_context_set_web_extensions_directory (webkit_web_context_get_default (), "/path/to/shared-object");
C
23/29
GObject DOM Bindings via Web Extensions
GObject DOM bindings allow accessing page DOM using GObject APIs
Cannot run in the UIProcess, the DOM is in a different address space
In WebKit2, these are only accessible via Web Extensions
·
·
·
static voiddocument_loaded_callback (WebKitWebPage *page, gpointer user_data){ printf ("title: %s\n", webkit_dom_document_get_title (webkit_web_page_get_dom_document (page)));}
static voidpage_created_callback (WebKitWebExtension *extension, WebKitWebPage *page, gpointer user_data){ g_signal_connect (page, "document-loaded", G_CALLBACK(document_loaded_callback), 0);}
voidwebkit_web_extension_initialize (WebKitWebExtension *extension){ g_signal_connect (extension, "page-created", G_CALLBACK(page_created_callback), NULL);}
C
24/29
Injected JavaScript via Web Extensions
Similar to the GObject DOM bindings approachInstead of using the GObject API, use the JSC C APICan interact with the page as well as insert JavaScript objects backedby native codeThe most flexible approachNecessary Web Extension API should appear soon in a future release
·
·
·
·
·
25/29
The Near Future
More Processes
27/29
WebKit2
Multiple WebProcesses
Networking Process
Offline Storage Process
·
Isolate applications from each other as well as from the UIPrevents crash from crashing every tab
-
-
·
Necessary for multiple web processesAvoids complexity of caches/databases with multiple writers
-
-
·
Disk access blocking and insecureMore easily sandbox WebProcesses
·
·
28/29
Thank You!(q&a)
twitter @abandonedwigwww abandonedwig.info
29/29
top related