Comment by embedding-shape

Hah, yeah, zero regards to security, don't run this without sandbox and load arbitrary websites :)

I don't think Rust helps much except preventing some very basic issues, for example, I don't think it even checks that URLs aren't referencing local files on disk, who knows how the path handling works, might be able to put absolute paths on remote pages and load local content? Unsure, but wouldn't surprise me.

Might be a bit safer due to no JS engine, so even if someone did what I outlined before, they couldn't really exfiltrate anything, there is no POST/PUT requests or forms or anything :)

I'm sure if someone did a proper audit they'd find double-digit high severity issues, at least.