Abstract: A computing device, including one or more output devices and a processor. The processor may be configured to download a web application. The web application may include an authorization certificate and a metadata file that includes an identifier of at least one local application program interface (API) of the computing device that is not included in an API whitelist of a web host application program. The processor may determine, based on the authorization certificate and the metadata file, that the web application is authorized to access the at least one local API. The processor may execute the web application at the web host application program. Executing the web application may include utilizing the at least one local API. The processor may convey at least one output of the web application for output at the one or more output devices.

Abstract: Techniques for content handling for applications are described. In one or more implementations, a first set of content handling policies is enforced for a first portion of an application that is permitted to invoke code elements of the computing device and a second set of content handling policies is enforced for a second portion of the application that is not permitted to invoke the code elements. Further, a determination is made whether to apply the first set of content handling policies or the second set of content handling policies to content based on which portion of the application is requesting the content.

Abstract: A computing device, including one or more output devices and a processor. The processor may be configured to download a web application. The web application may include an authorization certificate and a metadata file that includes an identifier of at least one local application program interface (API) of the computing device that is not included in an API whitelist of a web host application program. The processor may determine, based on the authorization certificate and the metadata file, that the web application is authorized to access the at least one local API. The processor may execute the web application at the web host application program. Executing the web application may include utilizing the at least one local API. The processor may convey at least one output of the web application for output at the one or more output devices.

Abstract: A computing device includes a view control that manages presentation of electronic content on the computing device. The presentation can include displaying content, audibly playing back content, and so forth. The view control is made available to multiple different applications on the computing device. To use the view control, an application provides to the view control an indication of a resolver for the view control to use. The electronic document includes references to electronic content, and the view control requests the referenced electronic content from the resolver. The resolver obtains the referenced electronic content, decodes (e.g., decompresses, decrypts, etc.) the obtained electronic content, and returns the decoded electronic content to the view control for display or other presentation.

Abstract: Various embodiments provide a service platform that integrates services, such as web services and/or local services, across a variety of applications. In at least some embodiments, services can be integrated with legacy applications that are “unaware” of such services, as well as applications that are aware of such services.

Abstract: Content inspection techniques are described. In one or more implementations, it is detected that an application executing on a computing device is calling a particular code element of a group of code elements to be used to process content. For example, the group of code elements can include a pre-specified group of code elements (e.g., functions and/or properties) that may enable access to particular functionalities of a computing device and thus are associated with a known security risk. It is then ascertained that the content is untrusted and, in response to ascertaining that the content is untrusted, the content is inspected to determine if the content is safe to be passed to the code element.

Abstract: A computing device includes a view control that manages presentation of electronic content on the computing device. The presentation can include displaying content, audibly playing back content, and so forth. The view control is made available to multiple different applications on the computing device. To use the view control, an application provides to the view control an indication of a resolver for the view control to use. The electronic document includes references to electronic content, and the view control requests the referenced electronic content from the resolver. The resolver obtains the referenced electronic content, decodes (e.g., decompresses, decrypts, etc.) the obtained electronic content, and returns the decoded electronic content to the view control for display or other presentation.

Abstract: Various embodiments provide an ability to isolate execution of trusted content and/or script from execution of untrusted content and/or script. Separate contexts and/or execution environments can be used for the trusted content and untrusted content, respectively. A trusted context and/or execution environment associated with execution of trusted content can be configured to enable access to sensitive resources associated with a computing device. An untrusted context and/or execution environment associated with execution of untrusted content can be configured with limited and/or no access to the sensitive resources. Alternately or additionally, data generated within the untrusted context can be transferred to the trusted context in a benign manner.

Abstract: Content inspection techniques are described. In one or more implementations, it is detected that an application executing on a computing device is calling a particular code element of a group of code elements to be used to process content. For example, the group of code elements can include a pre-specified group of code elements (e.g., functions and/or properties) that may enable access to particular functionalities of a computing device and thus are associated with a known security risk. It is then ascertained that the content is untrusted and, in response to ascertaining that the content is untrusted, the content is inspected to determine if the content is safe to be passed to the code element.

Abstract: Various embodiments provide an ability to isolate execution of trusted content and/or script from execution of untrusted content and/or script. Separate contexts and/or execution environments can be used for the trusted content and untrusted content, respectively. A trusted context and/or execution environment associated with execution of trusted content can be configured to enable access to sensitive resources associated with a computing device. An untrusted context and/or execution environment associated with execution of untrusted content can be configured with limited and/or no access to the sensitive resources. Alternately or additionally, data generated within the untrusted context can be transferred to the trusted context in a benign manner.

Abstract: In embodiments of an application site of origin reference scheme, an application package can be installed on a computing device, and the application package includes an application authored in a mark-up language and executed from script files. The script files of the application can be executed at the computing device, and an application user interface can be displayed in a Web browser. Resources can then be referenced for use with the application, where the resources are referenced with site of origin references that are unique to the application package and agnostic to the file system of the computing device.

Abstract: Techniques for content handling for applications are described. In one or more implementations, a first set of content handling policies is enforced for a first portion of an application that is permitted to invoke code elements of the computing device and a second set of content handling policies is enforced for a second portion of the application that is not permitted to invoke the code elements. Further, a determination is made whether to apply the first set of content handling policies or the second set of content handling policies to content based on which portion of the application is requesting the content.

Abstract: Various embodiments provide a service platform that integrates services, such as web services and/or local services, across a variety of applications. In at least some embodiments, services can be integrated with legacy applications that are “unaware” of such services, as well as applications that are aware of such services.

Abstract: Various embodiments provide a service platform that integrates services, such as web services and/or local services, across a variety of applications. In at least some embodiments, services can be integrated with legacy applications that are “unaware” of such services, as well as applications that are aware of such services.

Abstract: Various embodiments provide a service platform that integrates services, such as web services and/or local services, across a variety of applications. In at least some embodiments, services can be integrated with legacy applications that are “unaware” of such services, as well as applications that are aware of such services.