Hey! Just to confirm, it seems like this change wouldn't impact extensions at all? My understanding is that the current implementation supports extensions by adding the chrome-extension:// URL scheme to an allow-list. With that in mind, I imagine the implementation here would be removing that allow-list but keeping the behaviour for extensions otherwise the same?
On Thursday, September 23, 2021 at 10:36:20 PM UTC+1 Francis McCabe wrote: > Contact emailsad...@chromium.org > f...@chromium.org > > Explainer > https://github.com/WebAssembly/content-security-policy/blob/master/proposals/CSP.md > > Specificationhttps://github.com/w3c/webappsec-csp/pull/293 > > Design docs > > https://github.com/WebAssembly/content-security-policy/blob/master/proposals/CSP.md > > Summary > > Enhancements to Content Security Policy to improve interoperability with > WebAssembly. > The change involves adding a new CSP source keyword: wasm-unsafe-eval that > would allow a web page to compile and execute WebAssembly modules. > > Blink componentBlink > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink> > > Search tagswasm <https://www.chromestatus.com/features#tags:wasm>, > webassembly <https://www.chromestatus.com/features#tags:webassembly>, csp > <https://www.chromestatus.com/features#tags:csp> > > TAG reviewNot needed in our view, as this is a very small change to > existing CSP functionality. > > TAG review status > > Risks > > > Interoperability and Compatibility > > > > Gecko: https://github.com/mozilla/standards-positions/issues/580 > > WebKit: > https://lists.webkit.org/pipermail/webkit-dev/2021-August/031974.html > > Web developers: There has been a considerable amount of discussion of > this within the WebAppSec WG and there is some pressure from developers to > adopt this (see > https://bugs.chromium.org/p/chromium/issues/detail?id=841404 and > https://bugs.chromium.org/p/chromium/issues/detail?id=948834 and > https://bugs.chromium.org/p/chromium/issues/detail?id=915648) > > > Debuggability > > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> > ?Yes * CL > https://chromium-review.googlesource.com/c/chromium/src/+/3171519 under > review > > Flag nameBlink feature flag WebAssemblyCSP > > Requires code in //chrome?False > > Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=841404 > > Estimated milestones > > M96 > > Link to entry on the Chrome Platform Status > https://www.chromestatus.com/feature/5499765773041664 > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/92f73733-f729-44d9-98d9-4c3967c9bb31n%40chromium.org.
