July 07, 2004

new plugin model for 3rd generation browsers

There has been a new plugin model proposed for the third generation browsers (Mozilla, Opera, Safari) to give properties more like activeX. This should mean that there are less sites that refuse to work with them even if there are still the same number that follow Internet Explorers crap CSS support. However since activeX is a security nightmare this must be careful that it is implemented correctly or there could be problems, from the article "In addition to this, a further extension to this API is being discussed that would give a plugin greater flexibility by letting the plugin control the origin of the calling code, so that the plugin can specify the origin of calls that come from internally loaded code from other origins. This way such code can be executed with only the privileges of the origin of the code, and not the privileges of the plugin page's origin." a poor implementation could lead to downloaded code using this to upgrade it's own security settings and do Bad Things. The companies involved do have a better reputation than microsoft for security, and two of the engines are open source and therefore will probably have any mistakes spotted and corrected before it goes into a general release. But still step carefully when you follow this path.



In a related note Safari has decided to add a new HTML element called CANVAS to allow people to directly draw onto the screen using javascript, and also added a new atribute to the IMG tag to allow different types of compositing. These are not W3C standards, and while I understand that they are really only ment for making widgets with the Dashboard thing that Apple will release in MacOS X 10.4 (Tiger) I don't like it. Hopefully David Hyatt will make a name space for them so that using them will actually validate as proper XHTML. Hyatt previously added the ContentEditable attribute and drag and drop as they are implemented in Internet Explorer to WebCore (Safari's engine), niether of these are W3C but have been in IE for a long time and where also needed for Dashboard, this has been implemented in Mozilla as well, so could become a de facto standard. However the point of the 3rd generation of browsers was to follow the standards as closly as possible so that any web page would be viewable as it was intended without modification. There has been something for this in the XHTML 2.0 spec from the W3C but considering the current browser stagnation (as IE which has 95% of the market hasn't been updated in years) getting to the point where XHTML 2.0 is a reallistic thing for developers could be a long way off.