Writen by Ari Heitner
a way to embed Mozilla in various places on the desktop, and extend JS with access to native APIs. Combined with a friendly and powerful development environment, it allows you to build full-featured desktop applications ("weblications", sorry, we didn't invent the term) built around HTML and JS.
Rationale (courtesy Sean Martin):
there's a kind of hierarchy of programming tools/languages, in terms of difficulty. At the top are C and C++, which are difficult and have relatively few developers. Next comes Java, a little easier, and a little more accessible. Next migh be VB, which has a lot of developers and is quite a bit easier. At the bottom are HTML/DHTML/JS, which are very easy (especially given powerful tools like Dreamweaver), which are even more approachable and widely used. The guys at the top of the pyramid are systems guys. The guys at the bottom are content guys. Sash is for them.
If you think about it, a web site is a kind of application -- online banking, ebay, netradio, email. With a few key extensions -- fs access, control over whether content is local or remote, and tools to talk to backend services, these applications can be equals to native applications. Sash makes it easy to take, say, an existing banking application, and add the ability to store transactions when offline and commit them when online -- a day of hacking by one web developer, rather than hiring a team of developers for a year to build a native application. A Sash "weblication" has the additional advantage that it's all in scripting language, so it can be security-checked every step of the way. You don't have to worry about untrusted code, because the application is completely sandboxed.
All of this sounds a little buzzwordy, and web technologies are not known for being elegant. The Sash concept was invented by Sean Martin (IBM Senior Engineer) a couple of years ago, and implemented on Windows. It's free beer -- it's a tool for IBM's own consulting people, and any developer can use it free of charge. It's based on IE, so it's going to stay closed. If you use Windows at all it's definitely worth taking a look at the current release at sash.alphaworks.ibm.com, it's very slick.
Last summer John, AJ, Wu-dog, Kevin Gibbs, Jordi Albornoz, Tom Capasso and I were interns at Extreme Blue. We wrote a preliminary version of the Sash runtime and Weblication Development Environment (which were still missing a couple of pieces) and the project was checked into gnome cvs at the end of the summer. We did a little bit of work during the school year. Jordi joined IBM fulltime in January, and John and AJ joined in June. There are a whole pile of interns working on the various parts of Sash now, which accounts for SashMo and SashWDE's standings in the module commit list :)
A weblication can run anywhere Mozilla can be embedded. We call these "Locations" (more terminoly we inherited). In addition, any function not in JS (fs access, browser cache control, extra UI widgets) can be added by means of an "Extension". Extensions and locations are just native code libraries. The core Sash runtime comes with an absolute minimum, a few megs. Extensions and locations are usually a couple of hundred K, and weblications themselves are all HTML -- usually a few 10s of Ks. All of this is designed to be friendly to low-bandwidth end users.
Locations and extensions are digitally signed, and right now we're the only ones writing them. Obviously you don't want to install native-code libraries you don't trust. But weblications are carefully sandboxed. A Weblication must state up-front which security access it needs: filesystem access to specific directories, network access, etc. The end user can grant or deny any of these priviledges. As the weblication runs, its calls into extensions/locations are checked against its priviledges. A weblication that tries to exceed its rights will be stopped by the runtime with a warning to the user. So you can take a completely untrusted weblication, deny all the rights it requests, then run it and see what it does.
The parts of SashXB that are common to all platforms -- the DesktopApp and Toolbar locations, and many of the extensions, use the same APIs as the windows version. But where the platforms diverge -- embedding applications into Windows Explorer, or as applets, each platform has its own extensions/locations. This allows weblication developers to build cross-platform apps where appropriate, but still have the flexibility to take advantage of unique features of the platform.
I've been focusing on the runtime and technical side of how weblications work, since that's the stuff I work on. But the WDE is really more important, since the key to Sash is making all this stuff super-easy to use for the content/graphically minded web designer. The WDE provides lots of wizards and sample code, in the tradition of VB and Dreamweaver, so that anyone who's got a bit of familiarity with HTML and JS can pick up Sash and start doing fun stuff from the get-go.
We've still got a couple of key parts of sash to implement (some of which are closely tied to mozilla's maturation). we hope to have something extremely slick to show off by the end of the summer.