←back to thread

Show HN: Vaev – A browser engine built from scratch (It renders google.com)

(github.com)
233 points monax | 3 comments | 18 May 25 17:54 UTC | HN request time: 0.616s | source

We’ve been working on Vaev, a minimal web browser engine built from scratch. It supports HTML/XHTML, the CSS cascade, @page rules for pagination, and print-to-PDF rendering. It even handles calc(), var(), and percentage units—and yes, it renders Google.com (mostly).

This is an experimental project focused on learning and exploration. Networking is basic (http:// and file:// only), and grid layouts aren’t supported yet, but we’re making progress fast.

We’d love your thoughts and feedback.

Show context
danpalmer ◴[19 May 25 01:15 UTC] No.44025713[source]
I'm interested in why C++ was chosen for this? Browsers are notoriously hard to secure, they're effectively mean to be RCE vulnerabilities! Securing C++ binaries is hard and has in recent years been called out by numerous organisations and companies as being the root cause of many classes of security vulnerability. With languages like (but not limited to) Rust, we now have better options.
replies(6): >>44025737 #>>44025944 #>>44026074 #>>44026430 #>>44027061 #>>44027326 #
userbinator[dead post] ◴[19 May 25 02:04 UTC] No.44025944[source]
[flagged]
1. danpalmer ◴[19 May 25 05:50 UTC] No.44026795[source]
FWIW, I don't write Rust, and this is why I said "not limited to". Honestly, Swift might be an interesting one. I gather Zig can provide a more safety than C++. There are a bunch of other options too.

Performance is often a concern, but a slow secure browser is better than a fast insecure one. Perhaps I'm a security troll, but writing this stuff in C++ has been shown over the last 30+ years to be functionally impossible, and yet security is one of the most important things for a browser.

If the answer is that there are more possible contributors, or even that this is a hobby project and it's what the author knows, those are reasonable answers, but I'm interested anyway because perhaps the author has a different way of thinking about these tradeoffs to me, and maybe that's something I can learn from.

replies(1): >>44028168 #
2. userbinator ◴[19 May 25 10:14 UTC] No.44028168[source]
I'm convinced that the "security" paranoia is just concern-trolling at this point, trying to push people towards more authoritarian and corporate-controlled languages and environments.
replies(1): >>44028598 #
3. johnisgood ◴[19 May 25 11:23 UTC] No.44028598[source]
Yeah, suddenly everyone seems to care about security they know nothing about. If they truly cared, they would have cared before Rust, you know, by writing Ada / SPARK.