How is one app able to break navigation to others? - sandboxing / isolation

I’m looking to start a little layperson/user & developer discussion about Nextcloud app sandboxing / isolation.

I upgraded to 29.0.1 today and ran into this bug:

For this specific bug: how was the fulltextsearch app able to break navigation to other apps?

Zooming out further: what mechanisms are in place (or documented as missing/planned) to keep Nextcloud apps from mucking with each other? I can imagine they aren’t strictly sandboxed since that would be complex and unnecessary: it probably makes sense to rely on Nextcloud 3rd party app developers doing the right thing here. But I’m just speculating.

See also:

I only skimmed those, so apologies if I missed the answers to my questions above.

Just by design, the apps are just part of the Nextcloud server. There is no sandboxing or such. The apps just run within the same context as the core. Therefore they could theoretically change anything. App devs are responsible for using only the allowed features and API methods. (One exception is the apps that use the new docker interface though. There sandboxing is sort of in place afaik.)

Some problems lie in the fact that not all features the app devs are easily available in the server. Once the app devs start to hack around, there is a significant risk that an updated Nextcloud server version might break horribly.

1 Like