From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) by hurricane.the-brannons.com (Postfix) with ESMTPS id BB5F878C4D for ; Thu, 13 Aug 2015 13:03:55 -0700 (PDT) Received: by wibhh20 with SMTP id hh20so88159487wib.0 for ; Thu, 13 Aug 2015 13:07:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=MEb/oV659bPcC60LOz2g69bT5BpOan4fEl+3kTiHrAA=; b=UW75LlF1JqocruEAI/378CGB+xMmOYT+5hEMF4ab90kgi6SSTH1uHAc0ausrqCcPcM c6LRkdSstHuWebcp2fMSFjyFpk/eNDMhBnIHW7F3mIANcyFF0Ufi7bn+HBFl/B7hymPU dUGjWuu8IgiJoNY+Rzg/qxbtENX/3uZNyDiRCcM9QEZU8bpssJKjb/gbvsmrKyJFrndf cwKc86AgAj06XnOvFpHJjKBkqWQ8igYNTTetD5rRlamxZPkyAo373vSIH1uxz81s5cuF b2bf4i0r5sd+RjOUG/+NEnJgTKVCKZa7cfPLvwRjy4ao8qywWRYjqWW93OYxRbCrqPn6 5E5w== X-Received: by 10.180.75.9 with SMTP id y9mr10351256wiv.67.1439496448556; Thu, 13 Aug 2015 13:07:28 -0700 (PDT) Received: from toaster.adamthompson.me.uk (toaster.adamthompson.me.uk. [2001:8b0:1142:9042::2]) by smtp.gmail.com with ESMTPSA id k4sm4876927wix.19.2015.08.13.13.07.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Aug 2015 13:07:27 -0700 (PDT) Date: Thu, 13 Aug 2015 21:07:25 +0100 From: Adam Thompson To: Kevin Carhart Message-ID: <20150813200725.GE993@toaster.adamthompson.me.uk> References: <20150712165646.eklhad@comcast.net> <87614k6lmq.fsf@mushroom.localdomain> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gm5TwAJMO0F2iVRz" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Cc: Edbrowse-dev@lists.the-brannons.com Subject: Re: [Edbrowse-dev] tidy5 X-BeenThere: edbrowse-dev@lists.the-brannons.com X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Edbrowse Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 20:03:56 -0000 --gm5TwAJMO0F2iVRz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 12, 2015 at 09:36:51PM -0700, Kevin Carhart wrote: >=20 >=20 > Hi all >=20 > This sounds great- thanks for the suggestion. I hope the software works > for our purposes. >=20 > >forward the mail I have. Or we can collaborate on this together, if >=20 > Yes, whatever works, thanks Chris! Please let me know your findings so f= ar. I'm also happy to help if there's something I can do. I know I said I'd look into a new js engine, but I really think we need to get the html and DOM stuff sorted before that. In terms of an architecture I'm thinking of aiming to have the DOM as an abstraction which can be used by both the rendering code and the js. Thus: html is parsed into a node tree which is converted to our DOM objects These objects are exposed to js via wrapper objects in the js world such th= at any changes js makes are automatically passed through to the DOM The renderer renders the DOM automatically on page load, with support for re-rendering on a user command (with some sort of notifications for js induced changes) Form fields are altered in the DOM, which may or may not trigger a re-rende= ring Any re-rendering would be partial, i.e. only the changed segments of the DOM are re-rendered This is going to be a *lot* of work and I don't expect it to all be done at once, but that's certainly where I think we should be headed. Any thoughts? As for Edbrowse being used in cyber security, this isn't a good idea since most systems which analyse web pages for threa= ts use highly advanced techniques to scan for malware which don't involve executing the javascript directly, and any such execution would probably require analysis on the js engine level to detect suspicious behaviours. None of these tasks would be possible with Edbrowse, and altering it to make such things possible would mean we weren't writing a web browser any more. That's before we get into the security of the browser itself, which probably could do with some careful analysis at some stage anyway, particularly as we plan on making this a larger project. However, I can see a definite place for Edbrowse for page automation etc on= ce we are more standards compliant. Cheers, Adam. --gm5TwAJMO0F2iVRz Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVzPj9AAoJELZ22lNQBzHOQBEH/0J4xo59YWmHdqky2MjmxFVM TlC9asEF0JiBsPlG5uCHZ5Sy1HjMr6atDGvhOkIszMrPSs/HHqVcghg0GzB9JXgR Jx/AlXnuKcJ/7N5mSoHtxnJwzJd09tdG6yhwq36r+xBdEHVmARmkClGT4QB8X0v+ 0BsPcfxTje9HZ7kDrgjRkIGWCIIP4ylxJU3lziz36GJBo4U/fQovea3ydpeaZ9Mv +RBlCKGg8TJwo2HLMkFjO0oRdD2/uY1IyF7IjVpqify4gMNwBEIISO0z5Hm/R1Q9 YzxeDyUKQ4jzdLDG6CkC+Aw1Uf27f4dTxErNpisHJt9j4ulC/3JZnQejaDSWy4M= =ClOj -----END PGP SIGNATURE----- --gm5TwAJMO0F2iVRz--