Theres C++ in military airplanes, they just cut out 90% of the features: https://www.stroustrup.com/JSF-AV-rules.pdf

And heres a nice video about it: https://youtu.be/Gv4sDL9Ljww?si=Z4riPMKAKcIKaU0s

Yes, in WebKit, SaferCPP guidelines are enforced by a static analysis tool.

My work bans raw new and delete, so we only use unique_ptr. It's not as memory safe as Rust's borrow checker but I've never seen a segfault.

Yes, they do this, and it's really not an unreasonable requirement.

Of course. It's just a coincidence that they're placing onerous restrictions on competi- I mean alternative browser engines. Restrictions which, of course, they're not obliged to follow themselves.

I am sure that Apple will make no other efforts to impede others from unwalling the garden. That would be completely ridiculous, and frankly, un-Apple-esque.

Both Chrome and Firefox are already compliant, so I don't see it as onerous, but the full context of the list is indeed an extremely loud and clear "FUCK YOU, WE OWN YOU" to regulators and other browser vendors.

Which of the restrictions do you feel they don’t abide by? It looks like they meet all their own restrictions

> Use memory-safe programming languages, or features that improve memory safety within other languages, within the alternative web browser engine at a minimum for all code that processes web content;

There is absolutely zero way to satisfy the latter part here. It's at best non-enforceable. If I'm using C++ and use std::span instead of a c-style array, is that good enough?

Why not? The wording is “features that improve memory safety”

It doesn’t say that it needs to provide absolute memory safety. Based on the linked WebKit guidelines, it seems like they meet the criteria.

That's the commenter, not from the Apple page as far as I can tell.

My point is the requirement is too broad. It cannot be meaningfully enforced.

It’s literally from their requirements page

https://developer.apple.com/support/alternative-browser-engi...

You have to request explicit permission to be able to be a browser on iOS. You can’t just ship an app. I assume part of that process is that you specifically demonstrate that you try your best to use best safety practices.

Again, it’s also not absolute safety. It’s just due diligence review.

Sorry if I wasn't clear. I meant the WebKit guidelines were from the commenter, not from the apple page.

> or features that improve memory safety within other languages, within the alternative web browser engine at a minimum for all code that processes web content;

This can't be analyzed in any real way, so its just another way that Apple will restrict web engines and claim it was due to "not enough use of memory safety language features"

Why does it matter if Apple themselves don’t link the WebKit docs? It’s literally their project and seems to meet their requirements.

There’s a lot of things in the requirements like funding that Apple cannot verify. I think you’re being too binary in this.

Some of it is very clearly intended to be a “show us you are at least considering these security measures and have practices in place to minimize known issues”. Again, for the third time, it’s clearly NOT a list for ongoing perfect security, given that there are other items on the list that deal with further mitigation strategies.

> It’s literally their project and seems to meet their requirements.

This is meaningless. Apple can carve out special exceptions for themselves all day long.

What is the exception? I’m saying they meet the same requirements they are asking for other browsers.

This is literally the question I started this thread with and you have gone in to a loop of saying “they can’t enforce this” without any response of substance.