You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 27, 2022. It is now read-only.
These are some inter-related changes that we should have on the roadmap, but which can't happen until electron lands the changes discussed in electron/electron#6712 (comment). (Thanks, Tarruda!)
1. Sandbox the BrowserWindow and webview processes
This is the process-level sandbox, that works in addition to the Javascript sandbox. It won't be feasible or provide any benefit until Tarruda lands the needed changes: IPC message filtering, and the ability to instantiate webviews from a sandboxed renderer.
2. Investigate moving all webview management into the main (browser) process
It turns out that all webContents objects are instantiated in the main process, so any time that the shell-window interacts with a webview, it has to do an IPC call to main. That's a performance drag, and it also will increase the IPC surface area after the sandboxing is enabled.
We should investigate what it would take to move all webview management into the main process, and then reducing the shell-window to UI tasks.
3. Investigate moving all Dat behaviors into a separate process
Dat's network handling involves crypto operations that can slow down the thread. If that processing occurs in the main thread, there's a chance that the UI will start to stutter. To avoid that, we should investigate moving the Dat processing into a separate process. The downside of this approach is that it would incur additional messaging latency, so we'll have to bench the difference.
The text was updated successfully, but these errors were encountered:
I've been investigating the electron sandbox, seeing who is doing what in the landscape.
I've looked through Brave (and their Muon electron fork) and I thought I'd take a look at what Beaker is doing.
@kewde We've actually decided to migrate to Muon sometime this year. I discussed the issue with some Electron members and they told me they just don't have the means to make Electron safe for untrusted code. Muon is designed for that, so we're making the move.
We should investigate what it would take to move all webview management into the main process, and then reducing the shell-window to UI tasks.
@pfrazee is this something that you're still interested in now that you're planning on moving to Muon? Does Muon even have the same background-process/shell-window split?
@webdesserts I think it might even be mandatory for Muon. So yeah, all 3 of these tasks are still on the todo list. I think the Muon re-architecting might exclude item 3 though, because moving Dat to another process can be done separately.
Related to #19
These are some inter-related changes that we should have on the roadmap, but which can't happen until electron lands the changes discussed in electron/electron#6712 (comment). (Thanks, Tarruda!)
1. Sandbox the BrowserWindow and webview processes
This is the process-level sandbox, that works in addition to the Javascript sandbox. It won't be feasible or provide any benefit until Tarruda lands the needed changes: IPC message filtering, and the ability to instantiate webviews from a sandboxed renderer.
2. Investigate moving all webview management into the main (browser) process
It turns out that all
webContents
objects are instantiated in the main process, so any time that the shell-window interacts with a webview, it has to do an IPC call to main. That's a performance drag, and it also will increase the IPC surface area after the sandboxing is enabled.We should investigate what it would take to move all webview management into the main process, and then reducing the shell-window to UI tasks.
3. Investigate moving all Dat behaviors into a separate process
Dat's network handling involves crypto operations that can slow down the thread. If that processing occurs in the main thread, there's a chance that the UI will start to stutter. To avoid that, we should investigate moving the Dat processing into a separate process. The downside of this approach is that it would incur additional messaging latency, so we'll have to bench the difference.
The text was updated successfully, but these errors were encountered: