I'm wondering; both android and ios restrict apps from using the javascript vms (v8 and nitro respectively) because of security concerns (being able to generate code and mark their pages executable). The embedded webkit implementations use JSKit interpreter as far as I know. (Correct me if I'm wong)
How does FF OS handle this? I believe if there is absolutely no native code execution involved, it should not be a security concern. Is that so? Is it currently possible to have fast js execution in UIWebView iOS apps?
I'd argue it's to keep developers locked in to Objective-C and iOS. Facebook tried going the HTML5 route in the native iOS app, but everything was too slow (it was comical how much faster facebook.com was in Safari vs running the app) until they ultimately switched back to Objective-C.
It's ironic that Objective-C was an albatross on the neck of Mac OS X, a platform with small marketshare and an uncommon application framework. Now, Objective-C is a key advantage for Apple's vendor lock-in keeping iOS developers from (easily) porting to Android.
I am probably the only person here but I do not think it has much to do with keeping alternative browsers off the platform or preventing people from using UIWebViews.
They already have a clause for third party browsers in the submission/review guidelines so there is no need for the existence of a technical reason to enforce that.
I truly think the real reason is security. The problem with allowing rwx pages in an iOS process via WebKit is that they can be used by the native app to load rogue code in.
This is a really difficult problem to solve and I honestly think Apple chose the easy way out: disallow it all.
I do think a solution is coming though. Already in iOS6 a bunch of ViewControllers are running out of process. See the link below. I think this will lead to out of process, and fully JITted WebKit in a future release.
Many times people think Apple is making some weird technical decision on purpose to annoy developers it is really just a pragmatic decision to get a product out of the door on time. This happens all the time and everywhere. At Google, Mozilla, Apple, Blackberry and Canonical.
Firefox OS does use Spidermonkey's JIT compiler to run apps, but it runs each web app in a separate low-privilege process, to mitigate damage that a compromised app might do:
Security is not only dereferencing an invalid pointer or executing data that is not meant to be. IOS way of doing things is just a choice out of many and have nothing to do with other OSes. It is all about offering and enforcing a highly controlled and predictable development environment.
Nothing prevents exploits that utilize existing web platform which is the basis of FFOS exclusively.
Having said that, main goal appears to be not bringing web to the mobile, but freeing mobile into the web so eventually browsers can have a de facto standards for hardware capabilites. Yet another mobile sandbox is not a goal, as I see it.
FFOS cannot be compared to any other OS for mobile until now, in terms of goals and politics.
How does FF OS handle this? I believe if there is absolutely no native code execution involved, it should not be a security concern. Is that so? Is it currently possible to have fast js execution in UIWebView iOS apps?