The Architecture of the Grail Browser

[This document needs to be updated.]


Grail is a prototype of an extensible Internet browser implemented using Python, an interpreted object-oriented programming language, and Tk, a popular user-interface construction toolkit.

Grail leverages important reusable software components that are part of the standard Python library, such as a module that can retrieve data across a network given its URL, a module that parses HTML, the lingua franca of the World-Wide Web, and of course Tkinter, Python's interface to Tk. It also uses Python's ability to parse and execute Python statements that are generated or read while the program is already executing, and its facilities for creating a restricted execution environment for untrusted code.

Functional Diagram

This diagram shows some of the components of the Grail browser.

The diagram should be understood as follows. The top layer is the Grail application, containing a number of Browser windows, each composed of a Formatted text view and some other user interface components (e.g. a menu bar, a text entry showing the URL being displayed, and a message area). The HTML parser only exists for the duration of the parsing process. The application may also contain some extensions. The next layer shows some components of the Python library (implemented in Python). The third layer shows the Python interpreter and some of the built-in modules (all implemented in C). The final layer represents the Operating System interface to the system's resources.

Extension APIs

The extensions have access to a wide variety of APIs in order to interface with the other components of the system:
  1. Trusted extensions have access to the full library and interpreter. Untrusted extensions have access to a safe subset. Because it is a true subset, promoting an untrusted extension to trusted status does not require any changes to its source code.
  2. Extensions have controlled access to the application, browsers, text view and other user elements, and the HTML parser. This is enforced for untrusted extensions (at a cost); trusted extensions are normally expected to be well-behaved.
  3. Extensions can provide an interface through which they can be accessed by other extensions. This way, extensions can cooperate and "meta-extensions" (that control access or provide alternate interfaces to other extensions) can be implemented.

Concrete Examples

The APIs provided to particular types of extensions are determined by the needs of such extensions. For instance, an extension that implements a new protocol requires access to low-level network operations (e.g., through sockets). On the other hand, an extension that implements a new HTML element requires access to the HTML parser as well as to the formatted text view. Both may need to display occasional status messages, but neither will normally require access to the menu bar or the text entry displaying the current URL.

(Here, the author was rudely interrupted by more important tasks, such as finishing and distributing the code and writing the Grail Applet Programming Manual...)