[webkit-dev] Content Security Policy for WebAssembly
fgm at chromium.org
Mon Aug 30 16:42:36 PDT 2021
Hello Webkit devs
We would like to get an official position on this proposal.
The proposal is to extend the coverage of W3C Content Security Policy (
https://www.w3.org/TR/CSP3/) to include WebAssembly modules.
Currently, CSP has an option to manage policy for WebAssembly execution
through the 'unsafe-eval' source directive. However, the primary role of
This change adds a specific source directive 'wasm-unsafe-eval' to CSP
that permits an engine to compile and instantiate a wasm module. In
addition, the proposal is to extend the coverage of existing script-src
directives to include wasm modules downloaded using the fetch API. This
would affect instantiateStreaming and compileStreaming.
The link to the proposed changes to CSP is
The link to the proposed change in WebAssembly's web API is
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webkit-dev