NPAPI


Netscape Plugin Application Programming Interface is an application programming interface that allows browser plugins to be developed. It was first developed for Netscape browsers, starting in 1995 with Netscape Navigator 2.0, but was subsequently adopted by other browsers. With the advent of HTML5, all major web browsers have removed support for this API for security reasons.
In NPAPI architecture, a plugin declares content types that it can handle. When the browser encounters a content type it cannot handle natively, it loads the appropriate plugin, sets aside space within the browser context for the plugin to render and then streams data to it. The plugin is responsible for rendering the data. The plugin runs in-place within the page, as opposed to older browsers that had to launch an external application to handle unknown content types. NPAPI requires each plugin to implement and expose approximately 15 functions for initializing, creating, deleting and positioning plugin content. NPAPI also supports scripting, printing, full-screen plugins, windowless plugins and content streaming.
NPAPI was frequently used for plugins which required intensive, low-level performance such as video players, including Adobe Flash Player and Microsoft Silverlight, as well as platforms for web applications such as the Java Runtime Environment.

Scripting support

Scripting is a feature allowing JavaScript code in a web page to interact with the plugin. Various versions of Netscape and then Mozilla supported this feature using different technologies, including LiveConnect, XPConnect, and NPRuntime.

LiveConnect

LiveConnect is a feature of Web browsers that allows Java and JavaScript software to intercommunicate within a Web page. From the Java side it allows an applet to invoke the embedded scripts of a page, or to access the built-in JavaScript environment, much as scripts can. Conversely, from the JavaScript side, it allows a script to invoke applet methods, or to access Java runtime libraries, much as applets can.
LiveConnect was used in Netscape 4 to implement scriptability of NPAPI plugins.
The Open Java Interface-dependent implementation of LiveConnect was removed from the Mozilla source code tree in late June 2009 as part of the cleanup effort. It is no longer needed with the release of a redesigned Java Runtime Environment from Sun Microsystems. However the old implementation was restored for Gecko 1.9.2, as Apple had yet to port the newer JRE over to Mac OS X.
The Java–JavaScript functionality supported by the redesigned Java Runtime Environment is still called "LiveConnect", despite the Open Java Interface-specific approach having been abandoned. With Netscape 4, NPAPI was extended to allow plugins to be scripted. This extension is called LiveConnect. A plugin could implement a Java class and expose an instance of it. The class could be called from JavaScript and from Java applets running within the page.
The disadvantage of LiveConnect is, that it is heavily tied to the version of Java embedded within the Netscape browser. This prevented the browser from using other Java runtimes, and added bloat to the browser download size, since it required Java to script plugins. Additionally, LiveConnect is tricky to program: The developer has to define a Java class for the plugin, run it through a specialized Java header compiler, and implement native methods. Handling strings, exceptions, and other Java objects from C++ is non-obvious. In addition, LiveConnect uses an earlier and now obsolete application programming interface for invoking native C++ calls from Java, called JRI. The JRI technology has long since been supplanted by JNI.

XPConnect

XPConnect is a technology which enables simple interoperation between XPCOM and JavaScript.

Object connection

XPConnect allows JavaScript objects to transparently access and manipulate XPCOM objects. It also enables JavaScript objects to present XPCOM compliant interfaces to be called by XPCOM objects. A main goal is that objects communicating from either side of an XPCOM style interface should not generally need to know or care about the implementation language of the object on the other side of the interface.
XPConnect's primary reason for existence is to replace handwritten code used in places where native code needs to interact with JavaScript code. An example is the DOM module.

Security

Full privileges are only granted by default to chrome scripts, i.e. scripts that are part of the application or of an extension. For remote HTML/XHTML/XUL documents, most XPCOM objects are not accessible by the scripts as they have limited privileges due to security reasons. Even if they are accessible, the usual security restrictions can also be found.
Mozilla was already using XPCOM to define the interfaces to many objects implemented in C++. Each interface was defined by an IDL file, and run through an IDL compiler that produced header files and a language-neutral type library that was a binary representation of the interface. This binary described the interface, the methods, the parameters, the data structures and enumerations.
XPConnect uses the type library information to marshal calls between different thread contexts and between JavaScript and natively compiled C++. XPConnect is used extensively throughout Mozilla. Starting with Netscape 6.1 and Mozilla 0.9.2, NPAPI was extended, so that a plugin could return a scriptable interface to itself and XPConnect would marshal calls to it from JavaScript and the C++ implementation.
XPConnect has no Java dependency. However, the technology is based on XPCOM. Thus the plugin developer must be familiar with reference counting, interfaces and IDL to implement scripting. The dependency on XPCOM led to certain dynamic linking issues which had to be solved before the plugin would work correctly with different browsers. XPCOM has since been changed to supply a statically linked version to address such issues. This approach also requires an.xpt file to be installed next to the dynamic-link library ; otherwise the plugin appears to work, but the scripting does not, causing confusion.

NPRuntime

At the end of 2004, all major browser companies using NPAPI agreed on NPRuntime as an extension to the original NPAPI to supply scripting, via an API that is similar in style to the old C-style NPAPI and is independent of other browser technologies like Java or XPCOM. It is only supported by Firefox ESR and Safari.

XPConnect

XPConnect is a technology which enables simple interoperation between XPCOM and JavaScript.

Object connection

XPConnect allows JavaScript objects to transparently access and manipulate XPCOM objects. It also enables JavaScript objects to present XPCOM compliant interfaces to be called by XPCOM objects. A main goal is that objects communicating from either side of an XPCOM style interface should not generally need to know or care about the implementation language of the object on the other side of the interface.
XPConnect's primary reason for existence is to replace handwritten code used in places where native code needs to interact with JavaScript code. An example is the DOM module.

Security

Full privileges are only granted by default to chrome scripts, i.e. scripts that are part of the application or of an extension. For remote HTML/XHTML/XUL documents, most XPCOM objects are not accessible by the scripts as they have limited privileges due to security reasons. Even if they are accessible, the usual security restrictions can also be found.
Mozilla was already using XPCOM to define the interfaces to many objects implemented in C++. Each interface was defined by an IDL file, and run through an IDL compiler that produced header files and a language-neutral type library that was a binary representation of the interface. This binary described the interface, the methods, the parameters, the data structures and enumerations.
XPConnect uses the type library information to marshal calls between different thread contexts and between JavaScript and natively compiled C++. XPConnect is used extensively throughout Mozilla. Starting with Netscape 6.1 and Mozilla 0.9.2, NPAPI was extended, so that a plugin could return a scriptable interface to itself and XPConnect would marshal calls to it from JavaScript and the C++ implementation.
XPConnect has no Java dependency. However, the technology is based on XPCOM. Thus the plugin developer must be familiar with reference counting, interfaces and IDL to implement scripting. The dependency on XPCOM led to certain dynamic linking issues which had to be solved before the plugin would work correctly with different browsers. XPCOM has since been changed to supply a statically linked version to address such issues. This approach also requires an.xpt file to be installed next to the dynamic-link library ; otherwise the plugin appears to work, but the scripting does not, causing confusion.

NPRuntime

At the end of 2004, all major browser companies using NPAPI agreed on NPRuntime as an extension to the original NPAPI to supply scripting, via an API that is similar in style to the old C-style NPAPI and is independent of other browser technologies like Java or XPCOM. It is only supported by Firefox ESR and Safari.

Support/deprecation

Because of the age of the API, security issues, and adoption of alternative technologies such as HTML5, software vendors began to phase out NPAPI support in 2013.
The following list of web browsers support all NPAPI plugins:

ActiveX

Internet Explorer and browsers based on Internet Explorer use ActiveX controls, ActiveX documents and ActiveX scripting to offer in-page extensibility on par with NPAPI. Although commonly associated with Internet Explorer, ActiveX is integration technology that allows any computer program to integrate parts of other computer programs that support such integration. Internet Explorer, however, is discontinued and its replacement, Microsoft Edge, does not support ActiveX.

PPAPI

On 12 August 2009 a page on Google Code introduced a new project called Pepper, with the associated Pepper Plugin API ; PPAPI is a derivative of NPAPI aimed to make plugins more portable and more secure. This extension is designed specifically to ease the implementation of out-of-process plugin execution.
PPAPI was initially only supported by Google Chrome and Chromium. Later, other Chromium-based browsers such as Opera and Vivaldi added PPAPI plugin support.
In February 2012 Adobe Systems announced that future Linux versions of Adobe Flash Player would be provided only via PPAPI. The previous release, Flash Player 11.2, with NPAPI support, would receive security updates for five years. In August 2016 Adobe announced that, contrary to their previous statement, it would again support the NPAPI Flash Player on Linux and keep releasing new versions of it.
In January 2020, Google announced that support for PPAPI would be removed from Google Chrome and Chromium in June 2021.