Contact emailsad...@chromium.org f...@chromium.org Explainer https://github.com/WebAssembly/content-security-policy/blob/master/proposals/CSP.md
Specificationhttps://github.com/w3c/webappsec-csp/pull/293 Summary Enhancements to Content Security Policy to improve interoperability with WebAssembly. Blink componentBlink <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink> Motivation Allows web developers to be more fine grained in their policy wrt executing WebAssembly. Currently, if there is a non-empty CSP policy for a page, the unsafe-eval policy must be enabled. This allows a developer to use wasm-unsafe-eval that only allows webassembly execution and has no impact on javaScript execution. In addition, the proposal is to extend existing CSP script-src policies to include webassembly. Since WebAssembly does not have an element tag, this will be, initially, to apply script-src policies to the relevant API calls: WebAssembly.instantiateStreaming etc. Initial public proposalhttps://github.com/w3c/webappsec-csp/pull/293 Search tagswasm <https://www.chromestatus.com/features#tags:wasm>, webassembly <https://www.chromestatus.com/features#tags:webassembly>, csp <https://www.chromestatus.com/features#tags:csp> TAG reviewNot needed TAG review status Risks Interoperability and Compatibility Gecko: https://github.com/mozilla/standards-positions/issues/574# WebKit: see https://lists.webkit.org/pipermail/webkit-dev/2021-August/031974.html Web developers: See https://crbug.com/948834 Debuggability Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> ?Yes Flag name Requires code in //chrome?False Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=841404 Estimated milestones Link to entry on the Chrome Platform Status https://www.chromestatus.com/feature/5499765773041664 This intent message was generated by Chrome Platform Status <https://www.chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAE65UWB-%3DsKJUpiXcZ2jBGZaQ_yAXWOUdO2Jt1mKA3whP7ZqdA%40mail.gmail.com.
