Comment by aix1
Functionality aside, I'd find it very interesting to see a security audit of a code base like this.
I searched for "security" and "vuln" in both the article and this discussion thread, and found no matches.
I guess the code being in Rust helps, but to what exent can one just rely on guarantees provided by the language?
(I know practically nothing about Rust.)
Hah, yeah, zero regards to security, don't run this without sandbox and load arbitrary websites :)
I don't think Rust helps much except preventing some very basic issues, for example, I don't think it even checks that URLs aren't referencing local files on disk, who knows how the path handling works, might be able to put absolute paths on remote pages and load local content? Unsure, but wouldn't surprise me.
Might be a bit safer due to no JS engine, so even if someone did what I outlined before, they couldn't really exfiltrate anything, there is no POST/PUT requests or forms or anything :)
I'm sure if someone did a proper audit they'd find double-digit high severity issues, at least.