Show HN: Vaev – A browser engine built from scratch (It renders google.com)
16 hours ago (github.com)
We’ve been working on Vaev, a minimal web browser engine built from scratch. It supports HTML/XHTML, the CSS cascade, @page rules for pagination, and print-to-PDF rendering. It even handles calc(), var(), and percentage units—and yes, it renders Google.com (mostly).
This is an experimental project focused on learning and exploration. Networking is basic (http:// and file:// only), and grid layouts aren’t supported yet, but we’re making progress fast.
We’d love your thoughts and feedback.
i find myself requesting this whenever i see a new minimalist browser pop up:
it would be great to standardize alternative browsers on a consistent subset of web standards and document them so that "smolweb" enthusiasts can target that when building their websites and alternative browsers makers can target something useful without boiling the ocean
i personally prefer this approach to brand new protocols like Gemini, because it retains backward compatibility with popular browsers while offering an off ramp.
> standardize alternative browsers on a consistent subset of web standards and document them so that "smolweb" enthusiasts can target that
Could such a standard be based on the subset of HTML/CSS acceptable in emails? Maybe with a few extra things for interactivity.
AFAIK, "email HTML" isn't standardized either; most organizations that make nice-looking HTML emails have to do a ton of testing across different clients and come up with workarounds to make everything look consistent.
3 replies →
A few extra things like.. JavaScript?
3 replies →
I think that would be really neat for small scale web publishing, but making it a subset of browser standards could be a really difficult sell to the people making browsers. While it's easier to build a browser to a subset of such a massive set of specs, the subset will drift towards a "similar but slightly incompatible standard" pretty soon after it's decided on. Following the development of Ladybird has given me an appreciation for just how often the "spec" for the web changes. (in small ways, daily.) That locks new browser implementations into a diverging standards track that would be very difficult to get off of.
I think something like a reference implementation (Ladybird, Servo or even Vaev maybe?) getting picked up as the small-web living standard feels like the best bet for me since that still lets browser projects get the big-time funding for making the big-web work in their browser too. "It's got to look good in Ladybird/Vaev/etc".
An idea: a web authoring tool built around libweb from Ladybird! (Or any other new web implementation that's easily embeddable) The implied standard-ness of whatever goes in that slot would just come for free. (Given enough people are using it!)
small-web living standard
The phrase "living standard" is an oxymoron, invented by the incumbents who want to pretend they're supporting standards while weaponising constant change to keep themselves incumbent.
> I think something like a reference implementation (Ladybird, Servo or even Vaev maybe?) getting picked up as the small-web living standard feels like the best bet for me since that still lets browser projects get the big-time funding for making the big-web work in their browser too.
A "standard" should mean there is a clear goal to work towards to for authors and browser vendors. For example, if a browser implements CSS 2.1 (the last sanely defined CSS version), its vendor can say "we support CSS 2.1", authors who care enough can check their CSS using a validator, and users can report if a CSS 2.1 feature is implemented incorrectly.
With a living standard (e.g. HTML5), all you get is a closed circle of implementations which must add a feature before it is specified. Restricting the number of implementations to one and omitting the descriptive prose sounds even worse than the status quo.
The subset could just be an older version of the spec, e.g. HTML 4.01 and CSS 2.1.
(My opinion as another one who has been slowly working on my own browser engine.)
Pick a subset aimed directly at accessibility.
The least-needed features are often accessibility nightmares (e.g. animation - although usually not semantic).
The accessible subset could then be government standardized and used as a legal hammer against over-complex HTML sites.
For a while search engines helped because they encouraged sites to focus on being more informative (html DOCUMENTS).
I think web applications are a huge improvement over Windows applications, however dynamic HTML is a nightmare. Old school forms were usable.
(edited to improve) Disclosure: wrote a js framework and SPA mid 00's (so I've been more on the problem side than the solution side).
That's easy to specify but contains a lot of bloat and unused features. A slimmer but more modern set would be useful.
I feel like some of the newer standards like CSS Grid instead of tables might be the best way to go. Many HTML/CSS improvements were not just bloat but actually better standards to build on.
5 replies →
Cat is out of the bag. nobody wants their CSS without flexbox anymore. It has to include that.
Why not start with what is required for markdown formatting? Then build out from there.
But older versions contain lots of crap we don't need (eg <blink> tags) and miss out on useful stuff (grid layout).
> slowly working on my own browser engine
care to tell us more?
In this case it is better to make a new standard because HTML/CSS have so many legacy things and quirks that better be got rid of (like <hr> tag for example, table cell not inheriting font size etc).
What you have against <hr>?
You mean AMP without the BS
Well done, this is really cool. It is nice to see more modern C++ in use. The codebase is really easy to read and understand.
People here need to get over the fact that it's not Rust. I use C++ for my own projects because I enjoy writing in C++. I just wouldn't write them if I forced myself to use Rust or whatever else.
I'm interested in why C++ was chosen for this? Browsers are notoriously hard to secure, they're effectively mean to be RCE vulnerabilities! Securing C++ binaries is hard and has in recent years been called out by numerous organisations and companies as being the root cause of many classes of security vulnerability. With languages like (but not limited to) Rust, we now have better options.
> I'm interested in why C++ was chosen for this?
For the same reason C++ is chosen for a lot of projects. Probably the authors have a lot of experience in C++.
For an exceedingly complex and large project, you really want to choose a language you're very proficient in. Like, years and years of experience proficient in. If you don't have the experience in Rust then you don't have it. And, Rust is really the only other language that can be considered here. Swift, C#, whatever, are just a tad too high-level to write an engine in. At least, ergonomically.
I looked at the source code briefly and it's very high-quality code. Writing good C++ is hard, harder than pretty much any other language. It's modern, it's consistent, it's readable, and it's typed well.
AFAIK Rust isn't a great language for writing browsers, because the pattern that HTML/DOM needs isn't something that Rust supports out of the box, you need a lot of pointers here and there, IIRC Andreas Kling (Ladybird dev) said something like that, where Swift was better suited than Rust for the job, or at least more pleasant to work with after the team evaluated a few languages, including Rust.
I had the same thought. The project's description:
>secure HTML/CSS engine
No offense to these folks, but I see no evidence of any fuzzing which makes it hard to believe there aren't some exploitable bugs in the codebase. Google has world-class browser devs and tooling, yet they still write exploitable bugs :p (and sorry Apple / Mozilla, you guys have world-class browser devs but I don't know enough about your tooling. Microsoft was purposefully omitted)
Yeah, very few of those bugs are in the renderer, but they still happen!
There already is a Rust web engine, it's called Servo, and it's currently being overtaken by the C++ Ladybird project.
Rust is a bad language to write an open source browser in because the hardest problem of building a browser is not security but the number of people you can convince to work on it.
C++ programmers are a dime a dozen, there's a huge number of people who write C++ for 8 hours a day. The Rust community is mostly dabblers like myself.
> it's currently being overtaken by the C++ Ladybird project.
Saying a mature engine that you can use today for ~all of the web is being "overtaken" by unreleased pre-alpha software is a strange definition of overtaking.
1 reply →
But ladybird is ditching c++ for swift?
2 replies →
I guess it's just me but after more than 10 years of C++ 8 hours a day I'm happy to never touch it for free
[flagged]
FWIW, I don't write Rust, and this is why I said "not limited to". Honestly, Swift might be an interesting one. I gather Zig can provide a more safety than C++. There are a bunch of other options too.
Performance is often a concern, but a slow secure browser is better than a fast insecure one. Perhaps I'm a security troll, but writing this stuff in C++ has been shown over the last 30+ years to be functionally impossible, and yet security is one of the most important things for a browser.
If the answer is that there are more possible contributors, or even that this is a hobby project and it's what the author knows, those are reasonable answers, but I'm interested anyway because perhaps the author has a different way of thinking about these tradeoffs to me, and maybe that's something I can learn from.
1 reply →
Rude
You're right. The reason why we don't have many browsers is because nobody is doing it in rust.
The reason why we don't have many secure browsers, is because everybody is doing it in C++. I'm just looking for a little variety and approach to security.
Do you think it is attainable ? Could someone like you break the task up into small enough pieces to let each piece be coded by a group of rust newbies ?
People are going to say I have no business yucking someone else's yum, but you come with a Show HN, you get the feedback
It is starkraving insanity to continue to write browsers in C++ in 2025 https://github.com/skift-org/vaev/blob/042950fe3797d06bfb678...
Google, who have a bazillion years of experience with C++, probably an insane amount of fuzzing compute and pipelines, one of the most advanced security research arms in the world, still delivers practically weekly critical CVEs. Lots of people cut Chromium slack because rewriting Blink nèe WebKit is a non-starter but to look at that outcome and say, yeah, mor like that! is :-(
The fact that other browsers are huge engineering efforts only makes it more interesting to many. It's arguably one of the hardest things a programmer could build, how could you not wanna build one!
Yes but why do it in C++? There is no compiler enforced safe mode and you're by definition implementing an engine to run hostile code in it.
6 replies →
This C++ code is wildly modern. Very impressive. Using only the GitHub web interface, I could not find the definition for Gc::Ref. Where can I find it?
Probably this - https://github.com/skift-org/karm/blob/main/src/libs/karm-gc...
And this is not a garbage collector in the traditional sense, more like arena with smart pointers.
It's just a placeholder implementation, we will have a proper GC when we get to it
I had the same reading the source code - it's an interesting mix of traditional c++, while some of the projects use the latest c++20 features with modules. The GC::Ref seems to come form the karm-gc library. (according to copilot)
There is also https://sciter.com/ that the author tried to find finance to make it opensource but couldn't find enough supporters.
It's not a browser.
Ha! Only a few days ago, I was making the argument that the browser is the new mouse. As in no one person can build a computer mouse. You need experts in metal, plastic, transistors, lasers, etc. (Seth Godin?) The same way a web browser, which is the gateway to any connected device, requires experts in countless fields to build.
So kudos for building it this far. Now let me see if it runs webgl before I eat my hat.
There are four people working on this project, not one.
I know its a tangent, but the idea that maybe ripping out android webview into a standalone cross platform project in its own right pops into my head everytime this problem arises. Keep meaning to check if anyones actually done it already.
Google themselves actually have gone vaguely in the direction you're thinking, kind of, in the form of Cobalt: a stripped-down copy of Chromium that has specific, deliberate "quirks" that minimize memory allocation/ballooning in long-running applications.
Google uses it to power YouTube TV.
Unfortunately, while I'm sure I downloaded a Linux X11 binary a while back to play with, I can't find anything of the like available anymore. The release packages just contain a shared library, and the containers in the registry are just full of compiler toolchains (I installed ncdu in them and checked).
The whole system is mired/buried in layers of hardware integration fluff (because Cobalt is meant to be embedded in set-top boxes) and there is very little in the way of batteries-included demos, potentially to keep the product from gaining cottage-industry traction on older systems. Which does make sense, given that there are specific CSS rules that Cobalt doesn't follow the spec on, and I'm not sure where where its JS support is at.
https://developers.google.com/youtube/cobalt
The compilation docs are about as dense as Chromium's are -.-
https://developers.google.com/youtube/cobalt/docs/developmen...
What do you mean by that? WebView is just Chrome embedded inside of an Android app. Same thing already exists on Windows (Edge WebView2), macOS (WKWebView) and Linux (WebKitGTK). There's also a library that wraps all of them into a single interface:
https://github.com/webview/webview
The entire point of WebView is that it's a browser embedded inside of a different application, how do you expect it to be a "standalone project"?
Add one more: QtWebEngine -> https://wiki.qt.io/QtWebEngine
> A lightning-fast, lightweight, and secure
Let me guess, it's lightning-fast because it lacks many features and secure because it's a thousand times less code than the alternatives?
I don't want to discourage, but such description is misleading.
What’s the long term goal of this project beyond learning? Building a browser to support the modern web is a humongous work IMHO.
The main goal is great support for static documents rendering as it's being used at the core of the paper-muncher [1] PDF rendering engine, meant to replace wkhtmltopdf at odoo. But we don't exclude general web browsing and JavaScript support at some point.
[1] https://github.com/odoo/paper-muncher
Ooh blast from the past!
At a previous company we moved off of wkhtmltopdf to a nodejs service which received static html and rendered it to pdf using phantomjs. These days you probably use puppeteer.
The trick was keeping the page context open to avoid chrome startup costs and recreating `page`. The node service would initialize a page object once with a script inside which would communicate with the server via a named Linux pipe. Then, for each request:
1. node service sends the static html to the page over the pipe
2. the page script receives the html from the pipe, inserts it into the DOM, and sends an “ack” back over the pipe
3. the node service receives the “ack” and calls the pdf rendering method on the page.
I don’t remember why we chose the pipe method: I’m sure there’s a better way to pass data to headless contexts these days.
The whole thing was super fast(~20ms) compared to WK, which took at least 30 seconds for us, and would more often than not just time out.
3 replies →
At work we recently switched from Wkhtmltopdf to Typst, which is a breath of fresh air. It is very fast and generates PDFs from scratch without needing to involve HTML or a browser engine. It is implemented in Rust and distributed as a self-contained binary.
This blog post convinced us that the switch was worth it: https://zerodha.tech/blog/1-5-million-pdfs-in-25-minutes/
2 replies →
Does it support page margin boxes?
1 reply →
So cool to see Odoo mentioned on HN. I've worked with it before and like it a lot.
I've made posts about it on HN before but they've never gained traction. I hope that this takes off.
You guys make neat software.
Looks like skift is a hobby os like Serenity OS which Ladybird is spun out from. Maybe they intend to follow the same path?
I intend to keep Skift and Vaev together for as long as possible since everything is meant to be cross-platform. I don’t see any architectural conflict that would motivate such a change.
Does anyone know what the japanese in the logo means? As I read it ジブト (jibuto) means nothing to me.
I don't mean this as a slight against you but it's incredible how much code it takes to write a browser that barely works. I've always thought it would be fun to write a browser in erlang/elixir due to its fault tolerance (a memory from the early days when browsers would constantly crash), but browsers are so outrageously complex with such intense performance requirements the thought of even creating a repo sickens me. I mean it looks like you guys have 100+ files, with half of the files being ~500+ lines of code.
Incredible work and dedication
Browsers might be the second most complex project you could build, the first one is an OS, also browsers can be categorized as an OS actually.
Are you open to contributions? I would love if there was a non-chromium alternative to wkhtmltopdf!
wkhtmltopdf is not chromium though? "Wk" literally stands for WebKit.
There's also https://weasyprint.org/ which doesn't use any browser engine, but rather a custom renderer.
And both of those (and Prince) can be used as a backend by Pandoc (https://pandoc.org/)
like https://www.princexml.com/ ?
Yea, Prince is awesome. Not FOSS tho. I make some GPL or MIT licensed software and wish there was something as good a Prince with more open license.
oh the irony. I remember decades ago when google.com was branded as example of minimal html design, to save bandwidth as much as possible, they don't even enclose html tags.
Now google.com is loads of js crap. The SERP refuse to render without full blown js, css and cookie.
I wish one of these projects would make a browser which only renders text (so texts and links) and no additional support for media (images, videos, audio etc).
I know there is Lynx but having a non-terminal based browser which could do it would be cool.
You might be interested in Richard Stallman's method of browsing the web:
> I generally do not connect to web sites from my own machine, aside from a few sites I have some special relationship with. I usually fetch web pages from other sites by sending mail to a program (see https://git.savannah.gnu.org/git/womb/hacks.git) that fetches them, much like wget, and then mails them back to me. Then I look at them using a web browser, unless it is easy to see the text in the HTML page directly. I usually try lynx first, then a graphical browser if the page needs it. [0]
I know you wanted something other than lynx, but you could do this with EWW (Emacs web browser or any graphical browser, provided that your proxy wget dropped the images.
[0] https://www.stallman.org/stallman-computing.html
Wow. At a certain level, I'm glad that people so peculiar exist.
Something like Dillo? (You can disable image rendering in Dillo).
For distraction-free reading?
Something like Reader View in safari / firefox?
Those show media.
Cool idea!
Then google will use text to show ads.
Isn't Ubuntu doing that for at least 3 years or so in terminal during system update?
Text based ads would be less distracting.
3 replies →
Remembering when Google only served text based ads.
On the one hand, this is an impressive technical achievement. But let's face it: the chances that this will be used by many other people are miniscule. Imagine what you could do if you applied your talent in areas with more demand. There are many hard problems and you would learn just as much. But you'd have a much better chance at making the world better, and at the same time of enjoying success. Obviously, what you spend your time on is your decision. But here is my personal plea that you work on things that can realistically have a bigger impact.
I understand what you are saying and don't fully disagree. You can allocate time & energy into immediate real world solutions while reaping the personal growth. There is certainly a balance.
The counter-point is that in the case of a web browser you are studying deeply one of the most impactful technologies to exist, and you will learn 80% of the most important lessons with a minimal working build, maybe 0.1% of the real thing. You may learn and execute much faster too because there is a clear blueprint, and you are likely riding a wave of passion that will carry your mind to places you won't have expected.
The perspective gained puts you in a much better place to identify & execute successfully more impactful work. The work may be the seed of something more important, but unseen or unknown yet.
This comment might be one of the meanest comment I have ever seen.
Hm, I'm sorry you feel that way. It's not meant to be mean. On the contrary; Instead of encouraging someone who I feel is going down a wrong path, to me it's kinder to express my view that they aren't. I have personally wasted years of my life on technical projects, and would have been better off if someone had told me that it was a bad idea.
2 replies →