NPAPI
Encyclopedia
Netscape Plugin Application Programming Interface (NPAPI) is a cross-platform
Cross-platform
In computing, cross-platform, or multi-platform, is an attribute conferred to computer software or computing methods and concepts that are implemented and inter-operate on multiple computer platforms...

 plugin architecture used by many web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...

s.

It was first developed for the Netscape family of browsers starting with Netscape Navigator
Netscape Navigator
Netscape Navigator was a proprietary web browser that was popular in the 1990s. It was the flagship product of the Netscape Communications Corporation and the dominant web browser in terms of usage share, although by 2002 its usage had almost disappeared...

 2.0 but was subsequently implemented by many other browsers, including all of the browsers most commonly used today (although Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...

 supported it until version 5.5SP2
Internet Explorer 5
Microsoft Internet Explorer 5 was a graphical web browser released in March 1999 by Microsoft, primarily for Microsoft Windows, but initially with versions available for Apple Macintosh, Sun Solaris, and HP-UX. It was one of the main participants of the first browser war...

).

A plugin declares that it handles certain content types
MIME
Multipurpose Internet Mail Extensions is an Internet standard that extends the format of email to support:* Text in character sets other than ASCII* Non-text attachments* Message bodies with multiple parts...

 (e.g. "audio/mp3") through exposed file information. When the browser encounters such content type it loads the associated plugin, sets aside the space within the browser content for the plugin to render itself and then streams data to it. The plugin is then responsible for rendering the data as it sees fit, be it visual, audio or otherwise. So a plugin runs in-place within the page, as opposed to older browsers that had to launch an external application to handle unknown content types.

The API
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...

 requires each plugin to implement and expose a comparatively small number of functions. There are approximately 15 functions in total for initializing, creating, destroying, and positioning plugins. The NPAPI also supports scripting, printing, full screen plugins, windowless plugins and content streaming.

History

The origin of the Netscape plugin functionality started not within Netscape, but at Adobe Systems
Adobe Systems
Adobe Systems Incorporated is an American computer software company founded in 1982 and headquartered in San Jose, California, United States...

. John Warnock
John Warnock
John Edward Warnock is an American computer scientist best known as the co-founder with Charles Geschke of Adobe Systems Inc., the graphics and publishing software company. Dr. Warnock was President of Adobe for his first two years and Chairman and CEO for his remaining sixteen years at the company...

, CEO
Chief executive officer
A chief executive officer , managing director , Executive Director for non-profit organizations, or chief executive is the highest-ranking corporate officer or administrator in charge of total management of an organization...

 of Adobe, and Allan Padgett, one of the primary authors of Acrobat Reader, were hopeful that Adobe's fledgling PDF
Portable Document Format
Portable Document Format is an open standard for document exchange. This file format, created by Adobe Systems in 1993, is used for representing documents in a manner independent of application software, hardware, and operating systems....

 file format could play a role beyond the desktop. Therefore, soon after Netscape released the first version of Navigator, Padgett and fellow developer Eshwar Priyadarshan tried to find a way to make PDF an integral part of the Web experience. The result was a live demo shown to Warnock and Jim Clark
James H. Clark
James H. Clark is an American entrepreneur and computer scientist. He founded several notable Silicon Valley technology companies, including Silicon Graphics, Inc., Netscape Communications Corporation, myCFO and Healtheon...

, the CEO of Netscape. Prior to that demo, the only native file formats on the Web were HTML
HTML
HyperText Markup Language is the predominant markup language for web pages. HTML elements are the basic building-blocks of webpages....

 pages and the images embedded within them. Links to any other file type caused the user to be prompted to download the file, after which the user could open the file in the appropriate application. In that demo, however, when a user clicked on a link to a PDF file, the file instantly opened within the browser window, seamlessly blending HTML and PDF consumption. Clark excitedly asked who at Netscape had provided support for the integration, only to discover that the integration was done without Netscape involvement, but with a bit of reverse engineering
Reverse engineering
Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation...

 of the Netscape browser.

The companies set out the next week to bring what was known as "Allan's Hack" to market. While Netscape was ready to incorporate PDF directly into the browser, and certainly Adobe would have gained from that, Padgett proposed a different approach, a plugin architecture. Adobe developers Gordon Dow and Nabeel Al-Shamma had recently added a plugin architecture to the Acrobat Reader to leverage the development efforts of developers outside of the Reader team. Padgett had been a part of that effort, and he expected that if given a chance, other companies (and hopefully teams within Adobe) would choose to extend the Web as well. Clark and team in the end were convinced and set off designing the API that would support the new model.

Scripting support

Plugin scriptability is a feature allowing JavaScript code in a web page to interact with the plugin. Various versions of Netscape and then Mozilla supported this feature using different technologies: LiveConnect, XPConnect, and npruntime.

LiveConnect

With Netscape 4, the NPAPI was extended to allow plugins to be scripted. This ability was known as LiveConnect
LiveConnect
LiveConnect is a feature of Web browsers that allows Java and JavaScript software to intercommunicate within a Web page. From the Java side it allows an applet to invoke the embedded scripts of a page or to access the built-in JavaScript environment, much as scripts can...

. A plugin could implement and return an instance to a Java
Java (programming language)
Java is a programming language originally developed by James Gosling at Sun Microsystems and released in 1995 as a core component of Sun Microsystems' Java platform. The language derives much of its syntax from C and C++ but has a simpler object model and fewer low-level facilities...

 class. The public methods exposed by this class was the scriptable interface for the plugin. The class could be called from JavaScript
JavaScript
JavaScript is a prototype-based scripting language that is dynamic, weakly typed and has first-class functions. It is a multi-paradigm language, supporting object-oriented, imperative, and functional programming styles....

 and even from other Java applets running within the page with the browser marshalling the calls between the various contexts.

The disadvantage of LiveConnect was that it was tied heavily to the built-in version of Java within the Netscape browser. This prevented the browser from using other Java runtimes, and added a massive amount of bloat to the browser download size since it required Java to script plugins.

Additionally, LiveConnect was tricky to program. The developer had to define a Java class for the plugin, run it through a specialised Java header compiler and implement the native methods. Handling strings, exceptions and other Java objects from C++
C++
C++ is a statically typed, free-form, multi-paradigm, compiled, general-purpose programming language. It is regarded as an intermediate-level language, as it comprises a combination of both high-level and low-level language features. It was developed by Bjarne Stroustrup starting in 1979 at Bell...

 was fraught and non-obvious. To compound matters LiveConnect used an earlier and now obsolete API for invoking native C++ calls from Java called JRI. The JRI technology has long been supplanted by JNI
Java Native Interface
The Java Native Interface is a programming framework that enables Java code running in a Java Virtual Machine to call and to be called by native applications and libraries written in other languages such as C, C++ and assembly.-Purpose and features:JNI enables one to write native methods to...

.

XPConnect

LiveConnect proved extremely problematic for Mozilla. The dependency on an obsolete and proprietary Java runtime and the JRI API meant that LiveConnect never really worked.

Mozilla was already using XPCOM
XPCOM
XPCOM is a cross-platform component model from Mozilla. It is similar to Microsoft COM and CORBA. It has multiple language bindings and IDL descriptions so programmers can plug their custom functionality into the framework and connect it with other components.-The model:XPCOM is one of the main...

 to define the interfaces to many objects implemented in C++. Each interface was defined by an IDL
Interface description language
An interface description language , or IDL for short, is a specification language used to describe a software component's interface...

 file, and run through an IDL compiler that produced header files and a language neutral type library that was a binary representation of the interface. This binary described the interface, the methods, the parameters, the data structures and enumerations.

XPConnect
XPConnect
XPConnect is a technology which enables simple interoperation between XPCOM and JavaScript.-Object connection:XPConnect allows JavaScript objects to transparently access and manipulate XPCOM objects. It also enables JavaScript objects to present XPCOM compliant interfaces to be called by XPCOM...

 uses the type library information to marshal calls between different thread contexts and between JavaScript and natively compiled C++. As XPConnect is used extensively throughout Mozilla, it is extremely robust, supported and well understood. Starting with Netscape 6.1 and Mozilla 0.9.2, the NPAPI was extended so that a plugin could return a scriptable interface to itself and XPConnect would marshal calls to it from JavaScript and the C++ implementation.

This removed the Java dependency, however there are issues with XPConnect. In particular, the technology is heavily based on XPCOM, which is similar to Microsoft COM
Component Object Model
Component Object Model is a binary-interface standard for software componentry introduced by Microsoft in 1993. It is used to enable interprocess communication and dynamic object creation in a large range of programming languages...

. Thus the plugin developer must be familiar with reference counting, interfaces, IDL and so forth to implement scripting. Additionally, the dependency on XPCOM led to certain dynamic linking issues (e.g. the fragile base class problem
Fragile base class
The fragile base class problem is a fundamental architectural problem of object-oriented programming systems where base classes are considered "fragile" because seemingly safe modifications to a base class, when inherited by the derived classes, may cause the derived classes to malfunction...

) which had to be solved before the plugin would work correctly with different browsers. XPCOM has since been changed so that it supplies a statically linked version to address such issues. This approach also requires an .xpt file to be installed next to the DLL; otherwise the plugin will appear to work, but scripting won't, causing confusion.

NPRuntime

At the end of 2004, all major browser companies using NPAPI agreed on NPRuntime as an extension to the original NPAPI to supply scripting, via an API that is similar in style to the old C-style NPAPI and is independent of other browser technologies like Java or XPCOM. It is supported by the latest generation of Mozilla (1.7.5+) / Firefox, Safari, and Opera.

Browser support

The following web browsers support NPAPI plugins:
  • Epiphany
    Epiphany (web browser)
    Epiphany is an open source web browser for the GNOME desktop environment. The browser is a descendant of Galeon, and was created after developer disagreements about Galeon's growing complexity...

  • Google Chrome
    Google Chrome
    Google Chrome is a web browser developed by Google that uses the WebKit layout engine. It was first released as a beta version for Microsoft Windows on September 2, 2008, and the public stable release was on December 11, 2008. The name is derived from the graphical user interface frame, or...

  • Safari
    Safari (web browser)
    Safari is a web browser developed by Apple Inc. and included with the Mac OS X and iOS operating systems. First released as a public beta on January 7, 2003 on the company's Mac OS X operating system, it became Apple's default browser beginning with Mac OS X v10.3 "Panther". Safari is also the...

  • Espial TV Browser
  • Konqueror
    Konqueror
    Not to be confused with the Conqueror web browser.Konqueror is a web browser and file manager that provides file-viewer functionality for file systems such as local files, files on a remote ftp server and files in a disk image. It is a core part of the KDE desktop environment...

  • Mozilla
    Mozilla
    Mozilla is a term used in a number of ways in relation to the Mozilla.org project and the Mozilla Foundation, their defunct commercial predecessor Netscape Communications Corporation, and their related application software....

     project applications, including
    • Camino
      Camino
      Camino is a free, open source, GUI-based Web browser based on Mozilla's Gecko layout engine and specifically designed for the Mac OS X operating system...

    • Firefox
      Mozilla Firefox
      Mozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite and managed by Mozilla Corporation. , Firefox is the second most widely used browser, with approximately 25% of worldwide usage share of web browsers...

    • Mozilla Application Suite
      Mozilla Application Suite
      The Mozilla Application Suite is a cross-platform integrated Internet suite. Its development was initiated by Netscape Communications Corporation, before their acquisition by AOL. It is based on the source code of Netscape Communicator...

    • SeaMonkey
      SeaMonkey
      SeaMonkey is a free and open source cross-platform Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code...

  • Netscape Navigator
    Netscape Navigator
    Netscape Navigator was a proprietary web browser that was popular in the 1990s. It was the flagship product of the Netscape Communications Corporation and the dominant web browser in terms of usage share, although by 2002 its usage had almost disappeared...

     and Communicator
    Netscape Communicator
    Netscape Communicator was an Internet suite produced by Netscape Communications Corporation. Initially released in June 1997, Netscape Communicator 4.0 was the successor to Netscape Navigator 3.x and included more groupware features intended to appeal to enterprises.- Editions :Netscape...

  • Opera
    Opera (web browser)
    Opera is a web browser and Internet suite developed by Opera Software with over 200 million users worldwide. The browser handles common Internet-related tasks such as displaying web sites, sending and receiving e-mail messages, managing contacts, chatting on IRC, downloading files via BitTorrent,...

  • Internet Explorer
    Internet Explorer
    Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...

     up to 5.5SP2

Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...

 did for a time support NPAPI plugins, allowing plugins that functioned in Netscape navigator to also function in Internet Explorer. This was due to a small ActiveX control implemented within a "plugin.ocx" file that acted as a shim between ActiveX and the NPAPI plugin. IE would load the control and use it to host plugins specified within the page. However, Microsoft made the claim that the NPAPI plugins (or the IE implementation of the API) were a security issue and dropped support for them in version 5.5 SP2.

Security

A popular misconception concerning the NPAPI technology is that a plugin is somehow inherently safer than an ActiveX control. Both run native machine instructions with the same privileges as the host process. If the host processes have the same privileges, a malicious plugin can do as much damage as a malicious ActiveX control. It is important to note that NPAPI plugins can be made much safer by simply changing user accounts. It is generally possible to install and run plugins with a limited user while installing ActiveX controls requires administrative privileges. With limited privileges, the plugin cannot do as much damage.

One important difference between NPAPI and ActiveX is that NPAPI is solely for Internet plugins, while ActiveX is used for a wide variety of purposes, including application composition in windows applications. A typical Windows user has a vast array of ActiveX controls installed, a number of which are probably marked "safe for scripting", but are not actually secure. Any of these can be used as means to subvert the user's computer.

Another difference for the NPAPI is that implementations (prior to Mozilla Firefox
Mozilla Firefox
Mozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite and managed by Mozilla Corporation. , Firefox is the second most widely used browser, with approximately 25% of worldwide usage share of web browsers...

, see below) did not automatically download or install missing plugins. A missing plugin caused the browser to display a jigsaw piece representing the plugin. If the user clicked on that they were directed to Netscape's plugin finder service where they could manually download and install the plugin for themselves. While this is inconvenient to the user, it is also an important security measure since it prevented the content using the browser as a vector for malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...

.

In Internet Explorer, the HTML content specifies the location where the ActiveX control resides. If the control is not already installed, IE will automatically download and install the control from the specified source, pausing only to show the digital signature to the user and obtain their consent for installation to start. For legitimate controls, this offers a more streamlined installation mechanism with minimal user interaction. However malicious content could convince the user with clever social engineering to ignore warnings (or their better judgement) and install something that might harm their privacy or the machine. A number of spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...

, adware
Adware
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...

 and malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...

 sites use this mechanism to deploy executable content to machines. Microsoft has had to increase the default security settings for ActiveX and maintain blacklists of malicious controls in an attempt to mitigate this risk.

Mozilla Firefox
Mozilla Firefox
Mozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite and managed by Mozilla Corporation. , Firefox is the second most widely used browser, with approximately 25% of worldwide usage share of web browsers...

 attempts to present a middle ground. If a plugin is missing, it will notify the user that the plugin is missing and initiate a secure connection to a plugin finder service hosted on mozilla.org. The user can permit Firefox to download and install the plugin. This model prevents content specifying where a plugin should be downloaded from – the plugin finder service does. This enables Firefox to present a fairly seamless installation mechanism but limit the service to trusted and compatible plugins from reliable sources. This model implicitly trusts the plugin finder service to return "good" plugins, increasing the security required on the host site.

PPAPI

On August 12, 2009 a page on Google Code introduced a new project, Pepper with associated Pepper Plugin API (PPAPI), "a set of modifications to NPAPI to make plugins more portable and more secure". This extension is designed specifically to ease the implementation of out-of-process
Process (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...

 plugin execution. Further, the goals of the project are to provide a framework for making plugins fully cross-platform. Topics considered include:
  • Uniform semantics for NPAPI across browsers.
  • Execution in a separate process from the renderer/browser itself.
  • Standardize rendering using the browser's compositing process.
  • Defining standardized events, and 2D rasterization functions.
  • Initial attempt at providing 3D graphics access.
  • Plugin registry.


As of May 13, 2010, Google's open source browser, Chromium
Chromium (web browser)
Chromium is the open source web browser project from which Google Chrome draws its source code. The project's hourly Chromium snapshots appear essentially similar to the latest builds of Google Chrome aside from the omission of certain Google additions, most noticeable among them: Google's...

, is the only web browser that utilizes the new browser plug-in model . Mozilla has announced that they are "not interested in or working on Pepper at this time."

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK