Also, re:Experiment Settings in Safari, isn’t that like insanely iresponsible for them to be implementing. I don’t want an experimental broswer, I want a secure one that sticks to what it knows :/

  • Still@programming.dev
    91·
    1 year ago

    webkit is that browser engine that every browser on iOS is forced to use so any vulnerability in it will have an effect on any app that uses a web browser.

    experimental settings are not dangerous as they don’t have any effect on security, they just give you access to the potential future of what safari will be

  • bluefirex@lemmy.world
    4·
    1 year ago

    Webkit is an incredibly complex and rich engine for rendering web content. That kind of content comes in so many uncountable varieties that still need to work correctly. Easy example, this is equivalent:

    <b><i>test</i></b>

    <b><i>test</i></b> (imagine the last I and b being switched, Lemmy won’t let me do it)

    Even though it shouldn’t but there’s enough idiots doing this so the browser supports it.

    Now imagine, on top of that there’s also a huge engine interpreting runnable code (Javascript). Any runnable code is inherently unsafe so it has to be sandboxed. That’s where the vulnerabilities come into play. There are so many ways to break a sandbox and it’s impossible to 100% find every single one.

    Regarding experimental Features: These are for developers to verify their stuff works with upcoming features. If you don’t want that, just don’t use that. That simple.

    • cheese_greater@lemmy.worldOP
      11·
      1 year ago

      https://www.wired.com/story/ios-security-imessage-safari/

      This article sort of summarizes my views on the matter. I don’t say it or point it out to be contrarian or polemical, there’s a material recognition that the way these things are implemented is fundamentally unsound or that by privileging one standard so dogmatically, they destabalize the greater system.

      Its as if sandboxes are for everyone else’s code but Apple’s, who’s saying “you can trust us, bro”. I reject that, if on both practical and competitive grounds. It leads to sloppiness and cut corners and a lack of incentive for them to ensure they are held to the same standard they wrote for everyone else, which probably had good reasoning behind it. Its dangerous and absurd all around and that it is imposed without regard to how problematic it is duly injurious.