What I've always wanted is an offline:// scheme which works like file:// with relaxed same-origin rules but also forbids all network access.
Just serving http on localhost isn't really secure either. First, because it might listen on 0.0.0.0 instead of localhost and expose content to everyone who can reach that computer, second because even if it listens on localhost, other users on the computer will be able to access it.
There are multiple single-file formats that can resolve the security concerns of
file:// without requiring users to start servers. rustdoc could build such packages but native support by browsers to open them is poor. An incomplete list:
MHTML reading is supported in internet explorer and webarchive reading (not to be confused by warc) is supported in Safari. The entire rustdoc for crates could be packaged that way. If supported browsers are detected,
cargo doc --open could start them. Otherwise it could start a server that serves from that webarchive/maff/mht file.
file:// is being killed for normal html sites, browsers should at least add native support for these archive files so that wasm etc. can be used in a secure way on
file://. They are basically the open web standards alternative to pdf files.
I'd certainly like to see one of those formats supported in Firefox. However, if we're talking about a single-file format anyway, why not just use data URIs within a single html file? (Yes, it's a little less space-efficient due to base64.)
I just tried
$ firefox "data:text/html;base64,$(base64 $(rustc --print sysroot)/share/doc/rust/html/std/index.html)"
but the resulting html was truncated. This is likely because of a process argument size limit in the kernel.
Hmm actually there is an open work group to create web bundles TIL:
There is discussion about whether to adopt it in Firefox here.
There is partial support for it in Chrome 80+ but you need to enable it first.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.