Using a web browser with JS execution enabled is a lot more dangerous than running nginx showing .html files in directories.