I don't think my position is extreme. I'm not advocating for a removal of all browser features, merely removal of those which are unrelated to the browser's core purpose of document navigation and rendering.
If browser vendors spent less money on implementing audio synthesis or OpenGL, they could spend more on font rendering, SPDY, and standards compliance.
>I don't think my position is extreme. I'm not advocating for a removal of all browser features, merely removal of those which are unrelated to the browser's core purpose of document navigation and rendering.
The view that a browser's core purpose is document rendering and navigation was laughably out of date in 2000. It is simply an invalid opinion today. Users and developers can and do expect browsers to be fully-functional sandboxed runtimes that can host everything from mail clients, to mapping applications to games.
But if you want your browser to be nothing more than a document rendering engine, no one is forcing you to use Firefox. w3m and xxxterm, for example, both fulfill this role quite admirably.
> But if you want your browser to be nothing more than a
> document rendering engine, no one is forcing you to use
> Firefox. w3m and xxxterm, for example, both fulfill this
> role quite admirably.
No they don't, not even close. Firefox and Chrome are years ahead of them in important features like CSS, fonts, and graphics.
> I'm not advocating for a removal of all browser features, merely removal of those which are unrelated to the browser's core purpose of document navigation and rendering.
Fair enough, but what people consider to be documents has changed. Some documents have 3D elements in them, for example architectural content. And some documents benefit from embedding sounds, like Wikipedia pages that contain small relevant snippets of audio. So I think it's hard to know where to draw the line.
But again, I do agree a line needs to be drawn. The browser industry as a whole should work together to define that, in a standards-based way.
You may be minimizing the attack surface, but just because a web browser only supports HTML and CSS doesn't mean it couldn't contain exploits.
It's possible that the HTML parser or image rendering library has a bug and that malformed HTML could cause a vulnerability in the browser. Granted, I believe it would be significantly easier to harden parsers and graphic rendering, but it's already been shown that certain image rendering libraries have been exploited[1].
If browser vendors spent less money on implementing audio synthesis or OpenGL, they could spend more on font rendering, SPDY, and standards compliance.