Demi Marie Obenour

> The TLS and QUIC parts are used in production too, but not at Mozilla. I'll let the MSFT folks comment on that point if they want to... : )...

@Shnatsel The runtime library seems to be the biggest risk; `layout.rs` is ~3000 lines of incredibly unsafe code. Given that it is a direct port of a C++ implementation, this...

Like protobufs, Cap’n Proto is exposed to untrusted data from the network.

I think we should use CEF, mostly for security reasons. WebKit is perhaps the least secure of all major browser engines, with Blink and Gecko as the two most secure....

@cody271 So one problem is that that library uses synchronous communication, which will stall the UI thread. We need to use asynchronous communication. Additionally, WebKit is the least-secure of all...

Webkit is multiprocess on all platforms, but it doesn't include sandboxing support on Linux last I checked. Given that uiWebView is not secure, would it be possible to restrict it...

I strongly disagree. Running untrusted web content with no sandbox is an unacceptable security risk nowdays. The only exception is if scripting is disabled, though even then I would be...

@dwrensha I have tried to work on this, but I am not even at the point of it compiling yet. Hard part is simply the massive amount of refactoring required....

@dwrensha what is the code coverage on the fuzz tests?

@celyo I wonder if anyone has tried writing C bindings to Lazarus.