blog-indexeddb-safari-leaks-demo VS WebKit

One benefit that immediately comes to mind is the ability to protect yourself against a major security flaw in Safari:

https://safarileaks.com/

Apple did issue a fix after a few weeks but with no alternative browser engines the only alternative was “don’t use the web on your iPhone”, which is absurd.

Other user benefits might include better performance, more capabilities (it took Apple years to implement WebRTC, for example) and in general more competition that might spur Safari into becoming a better browser.

Assuming it's not straight up broken once again, like when localStorage was bugged and browser data would get lost last year or when indexedDb was broken und would leak data.

see: https://safarileaks.com/

I researched the Safari vulnerability, and yes, this appears to only affect iOS 15 devices. The message on https://safarileaks.com/ states "Your browser is not affected. Please open this demo in..... any any browser on iOS and iPadOS 15." Good to know!

Are you talking about this? Apple fixed it about a week ago with the release of macOS 12.2.

In the past, there were a few (though rare) cases where Apple has even patched unsupported versions. It probably depends on how easy it is for them. But for the most recent problems, like this and that, there are no fixes beyond Catalina.

Safari is a dumpster fire right now.

safarileaks.com security vulnerability fixed in Safari 15.3

The IndexedDB issues. Fixing things takes times, but it's crazy that's its taken 2 months even for a response

Multiple engineers are working on adding it back: https://github.com/WebKit/WebKit/pulls?q=is%3Apr+is%3Aclosed...

Since 2023 Chrome announced the View Transition API, and it looks like Safari is also going to support it soon.

One heap per type.

Here’s an allocator optimized for that use case.

https://github.com/WebKit/WebKit/blob/main/Source/bmalloc/li...

To use this in Bun, you’d have to start Bun with the environment variable “BUN_JSC_useDollarVM=1” and then $vm.createBuiltin(mySourceCodeString)

When using this intrinsic, if any of the arguments are incorrect or it cannot otherwise enable it, the entire process will probably crash. In debug builds of JSC it will have a nicer assertion failure but that is not enabled in release builds

Example code: https://github.com/WebKit/WebKit/blob/17351231b4dedb62d81721...

also happy to answer any questions about Bun

Ah, good, let me introduce you to the wonderful world of the Chrome Devtools Protocol! (fka Chrome Remote Debugging Protocol)

I love this API for almost everything browser related. I built my RBI product atop this (BrowserBox: https://dosyago.com), and I think it's a drastically underrated API.

Also, it works out of the box in Edge, Brave, Chromium, and many parts of CRDP are supported by Firefox and Safari^1

1: See for example: https://github.com/WebKit/webkit/tree/main/Source/JavaScript...

No, it's unrelated.

https://github.com/WebKit/WebKit/commit/064df1a9f395f8c6e32c...

It's being worked on now: https://github.com/WebKit/WebKit/pull/17320

It is different. The cross-site navigation flag is a couple of years old. It was enabled by default for iOS in November 2018 for example https://github.com/WebKit/WebKit/commit/e191fc8c412850cb9fd0...