[Docs/query] How are tabs isolated?

[lofidevops]

The README and Flathub page state that tabs are "persistent and independent". Can you elaborate on HOW the tabs are isolated and what kind of security measures a user can expect? For example, are tabs able to access cookies generated by other tabs?

I'm guessing that each tab runs as an isolated browser, so that all resources (cookies, cache, local storage...) are truly independent. But it would be nice to know for sure :)

Examples of very detailed security breakdowns:

• https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
• https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/

With a few pointers, I would be happy to contribute such an update to the README (or somewhere else).

[sonnyp]

I'm guessing that each tab runs as an isolated browser, so that all resources (cookies, cache, local storage...) are truly independent. .

Correct, each tab is its own "browser". To be more precise, each tab is a WebKitWebView with its own WebKitWebContext . That effectively protects against certain web "features"/quirks such as 3rd party cookies and so on while allowing to use different accounts on different tabs similarly to https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/ It also means we can set per-tab settings that would normally be impossible to do but Tangram doesn't make use of this yet.

In addition, WebKitGTK sandboxing is enabled. https://www.youtube.com/watch?v=5TDg83LHZ6o https://www.slideshare.net/igalia/sandboxing-webkitgtk-guadec-2019

I haven't look into much but it may even work on Flatpak now. https://webkitgtk.org/2020/03/10/webkitgtk2.28.0-released.html

https://github.com/sonnyp/Tangram/blob/main/src/WebView.js should be self explanatory

With a few pointers, I would be happy to contribute such an update to the README (or somewhere else).

That'd be appreciated.