The Architecture of the Grail Browser
[This document needs to be updated.]
Grail is a prototype of an extensible Internet browser implemented
using Python, an interpreted object-oriented programming language, and
Tk, a popular user-interface construction toolkit.
Grail leverages important reusable software components that are part of
the standard Python library, such as a module that can retrieve data
across a network given its URL, a module that parses HTML, the lingua
franca of the World-Wide Web, and of course Tkinter, Python's interface
to Tk. It also uses Python's ability to parse and execute Python
statements that are generated or read while the program is already
executing, and its facilities for creating a restricted execution
environment for untrusted code.
This diagram shows some of the components of the Grail
The diagram should be understood as follows. The top layer is the Grail
application, containing a number of Browser windows, each composed of a
Formatted text view and some other user interface components (e.g. a
menu bar, a text entry showing the URL being displayed, and a message
area). The HTML parser only exists for the duration of the parsing
process. The application may also contain some extensions. The next
layer shows some components of the Python library (implemented in
Python). The third layer shows the Python interpreter and some of the
built-in modules (all implemented in C). The final layer represents the
Operating System interface to the system's resources.
The extensions have access to a wide variety of APIs in order to
interface with the other components of the system:
- Trusted extensions have access to the full library and interpreter.
Untrusted extensions have access to a safe subset. Because it is a true
subset, promoting an untrusted extension to trusted status does not
require any changes to its source code.
- Extensions have controlled access to the application, browsers,
text view and other user elements, and the HTML parser. This is
enforced for untrusted extensions (at a cost); trusted extensions are
normally expected to be well-behaved.
- Extensions can provide an interface through which they can be
accessed by other extensions. This way, extensions can cooperate and
"meta-extensions" (that control access or provide alternate interfaces
to other extensions) can be implemented.
The APIs provided to particular types of extensions are determined by
the needs of such extensions. For instance, an extension that
implements a new protocol requires access to low-level network
operations (e.g., through sockets). On the other hand, an extension
that implements a new HTML element requires access to the HTML parser
as well as to the formatted text view. Both may need to display
occasional status messages, but neither will normally require access to
the menu bar or the text entry displaying the current URL.
(Here, the author was rudely interrupted by more important tasks,
such as finishing and distributing the code and writing the Grail Applet