That's what I did with WebKit [1] because it turns out servo is not as modular as it was before. And Gecko is the definition of monolith, so removing the attack surfaces is impossible, even TOR has a crappy replace-with-stubs approach that breaks with every internal API or bridge change.
Need contributors and other maintainers though, because keeping up with upstream is impossible as a single dev.
I tried to document the attack surfaces [2] from my cyber security perspective as good as possible, with tasks left to do and which need to be eventually removed. It's probably pretty opinionated because I want to use RetroKit as the webview for my own Browser Stealth which acts as a filtering proxy, scraper and decentralized cache [3]
Need contributors and other maintainers though, because keeping up with upstream is impossible as a single dev.
I tried to document the attack surfaces [2] from my cyber security perspective as good as possible, with tasks left to do and which need to be eventually removed. It's probably pretty opinionated because I want to use RetroKit as the webview for my own Browser Stealth which acts as a filtering proxy, scraper and decentralized cache [3]
[1] https://github.com/tholian-network/retrokit
[2] https://github.com/tholian-network/retrokit/blob/main/SECURI...
[3] https://github.com/tholian-network/stealth (ongoing rewrite in golang)