The paradox of the sandbox:
A “successful” sandbox is popular.
Popularity brings more and varied toys.
Full of all sorts of kids and full of all sorts of toys— some dangerous.
Finally, the intent of a safe partitioned off space is subverted.
Can’t wait for sandbox 2. That will solve everything. Well, until it gets bloated and we move to sandbox 3.
What could go wrong?
I think it’s safe to say browser security history has shown the same-origin policy isn’t fail-safe.
Reilly Grant was talking about the possibility of doing this before he left VMware to help get around some of the issues with (“clientless”) remoting via the web browser - it was one of the pieces WSX was missing. It’s interesting but not surprising he’s continuing the work over at Google.
I’m still not convinced that the web browser needs to be the one and only platform, but apparently everyone else is, so why not?