04/03/2018, 12:10 PM
3 Shouldn’t
cause application shutdown instead of browser? How is it planned to be in the (ideal) future? Will apps need to use some specific browser APIs (e.g. for notifications, etc)


04/03/2018, 1:12 PM
Yes. That's one of the fun technical issues we'll face. We can make System.exit do nothing easily enough but what if the app is expecting that call to tear down daemon threads, and the like.
There are a few ways to do this. One way is to give each app its own JVM, with a wrapper program to set up the sandbox and other features. But it's hard to do cross-process window embedding with that approach. It can be done but I bet JavaFX/Swing don't make it easy. This is the Chrome approach.
The other advantage of that is you can kill hung apps.
The other way is to run fully in-VM. I like the elegance and efficiency of that, but to kill sandboxed code can't be done in the regular JVM. Now, there is a thing called "TruffleJava" in existence that can do that. But it's not finished or even open source.
I'd like to focus on enterprise rather than consumer use cases to start with, partly to let us kick the more advanced sandboxing topics into the long grass
For comparison when Google decided their nascent browser project should run webkit in a sandbox, their chosen solution was to buy a company that specialised in Windows sandboxing
So it's doable but .... not trivial.
😆 1