Hello Webkit devs
  We would like to get an official position on this proposal.
  The proposal is to extend the coverage of W3C Content Security Policy (
https://www.w3.org/TR/CSP3/) to include WebAssembly modules.
  Currently, CSP has an option to manage policy for WebAssembly execution
through the 'unsafe-eval' source directive. However, the primary role of
that directive is to allow eval in JavaScript.
 This change adds a specific source directive 'wasm-unsafe-eval' to CSP
that permits an engine to compile and instantiate a wasm module. In
addition, the proposal is to extend the coverage of existing script-src
directives to include wasm modules downloaded using the fetch API. This
would affect instantiateStreaming and compileStreaming.

The link to the proposed changes to CSP is
The link to the proposed change in WebAssembly's web API is

Thank you
Francis McCabe
webkit-dev mailing list

Reply via email to