Comment by dhaavi
4 years ago
We mainly use http/websockets, but have also started using a feature that will give us the application icon of an executable on Windows.
We've previously used the webview lib [0] and we will look into it again, as they now support Microsoft's new Edge webview. It's a C and Golang library.
retrokit definitely looks interesting, can you elaborate on the additional value provided in regards to a simple webview? I just saw that your use case is using it for a full browser. We use a strict CSP for the UI, which works pretty well.
A collaboration sounds interesting, but as we are still bootstrapping, it will take some time until we'd have the resources to do that.
> can you elaborate on the additional value provided in regards to a simple webview?
The proposed value of retrokit (when it's more progressed) is a much smaller library/file size and the reduction of a potential attack surface in regards to fingerprinting, privacy and security.
Legacy encryption APIs that are outdated, Plugin APIs that are from the Netscape-era, "navigator.plugins" and old stuff that's not actually providing any value anymore is being removed as well - due to the history of e.g. PDF files or Java applets being such an oftentimes exploited plugin.
The idea is to have a webview that's focussing on the rendering part + websockets for local interprocess or webapp-to-webserver communication. At a later point in time my goal is to bundle it with nodejs, with the idea being that the "local backend" in nodejs allows all the flexibility you need to port networking and OS interactions; and the webapp representing the UI process that's separated (from a security perspective).
That sounds like a very nice idea!
This would be a great base for a secure browser, which is something we are interested in long-term. Maybe we can have a chat about a possible future partnership?
We won't be able to support such an initiative at the moment, but we are definitely interesting in investing in that area at some point in the future.