PSA: making a browser out of a forked, slowly patching Chromium that disables the sandbox is a TERRIBLE IDEA. DO NOT DO THIS.
-
Show this thread
-
Related: if your app loads arbitrary content into a webview, you have abandoned all security invariants in your codebase.
2 replies 2 retweets 15 likesShow this thread -
Replying to @slightlylate
Please make webview with a sandbox like iOS did.
1 reply 0 retweets 1 like -
Replying to @cramforce
Our webview is multi-process and sandboxes. That isn't the issue. The problem is that your app doesn't control which version of the webview you get.
1 reply 0 retweets 1 like -
Replying to @slightlylate @cramforce
So users on old devices are hurt badly by the assumptions of people who think "well webview auto-updates now, right?"
1 reply 0 retweets 0 likes
Thankfully, *most* users are on devices that get our webview updates (5.0 and above), but not all: https://developer.android.com/about/dashboards/index.html … https://developer.chrome.com/multidevice/webview/overview …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.