Hello Webkit devs We would like to get an official position on this proposal. The proposal is to extend the coverage of W3C Content Security Policy ( https://www.w3.org/TR/CSP3/) to include WebAssembly modules. Currently, CSP has an option to manage policy for WebAssembly execution through the 'unsafe-eval' source directive. However, the primary role of that directive is to allow eval in JavaScript. This change adds a specific source directive 'wasm-unsafe-eval' to CSP that permits an engine to compile and instantiate a wasm module. In addition, the proposal is to extend the coverage of existing script-src directives to include wasm modules downloaded using the fetch API. This would affect instantiateStreaming and compileStreaming.
The link to the proposed changes to CSP is https://github.com/w3c/webappsec-csp/pull/293. The link to the proposed change in WebAssembly's web API is https://github.com/WebAssembly/content-security-policy/tree/fgm-patch-4 Thank you Francis McCabe
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
