LGTM2 On Thu, Oct 7, 2021 at 12:11 AM 'Francis McCabe' via blink-dev < blink-dev@chromium.org> wrote:
> Confirming: there is no current plan to modify how extensions would work. > I was alluding to semi-solid thoughts on how a possible wasm-src policy > would work. But, in any case, wasm-unsafe-eval would continue even without > any new wasm-src. > > Also, currently, extensions (and only extensions and chrome apps), can use > the 'wasm-eval' policy source keyword. There was a lot of discussion about > using wasm-eval for normal web pages but the community eventually decided > against doing that. > > wasm-eval will continue to work for extensions. But, IMO, that sets up a > problem for the future. Chrome extensions will be able to use wasm-eval; > but noone else will (they will have to use wasm-unsafe-eval, or, in the > future, a wasm-src policy). I can see there being some pressure to > normalize this down the road. > > > On Wednesday, October 6, 2021 at 11:05:26 AM UTC-7 oli...@oliverdunk.com > wrote: > >> Hey! Just to confirm, it seems like this change wouldn't impact >> extensions at all? My understanding is that the current implementation >> supports extensions by adding the chrome-extension:// URL scheme to an >> allow-list. With that in mind, I imagine the implementation here would be >> removing that allow-list but keeping the behaviour for extensions otherwise >> the same? >> >> On Thursday, September 23, 2021 at 10:36:20 PM UTC+1 Francis McCabe wrote: >> >>> Contact emailsad...@chromium.org >>> f...@chromium.org >>> >>> Explainer >>> https://github.com/WebAssembly/content-security-policy/blob/master/proposals/CSP.md >>> >>> Specificationhttps://github.com/w3c/webappsec-csp/pull/293 >>> >>> Design docs >>> >>> https://github.com/WebAssembly/content-security-policy/blob/master/proposals/CSP.md >>> >>> Summary >>> >>> Enhancements to Content Security Policy to improve interoperability with >>> WebAssembly. >>> The change involves adding a new CSP source keyword: wasm-unsafe-eval >>> that would allow a web page to compile and execute WebAssembly modules. >>> >>> Blink componentBlink >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink> >>> >>> Search tagswasm <https://www.chromestatus.com/features#tags:wasm>, >>> webassembly <https://www.chromestatus.com/features#tags:webassembly>, >>> csp <https://www.chromestatus.com/features#tags:csp> >>> >>> TAG reviewNot needed in our view, as this is a very small change to >>> existing CSP functionality. >>> >>> TAG review status >>> >>> Risks >>> >>> >>> Interoperability and Compatibility >>> >>> >>> >>> Gecko: https://github.com/mozilla/standards-positions/issues/580 >>> >>> WebKit: >>> https://lists.webkit.org/pipermail/webkit-dev/2021-August/031974.html >>> >>> Web developers: There has been a considerable amount of discussion of >>> this within the WebAppSec WG and there is some pressure from developers to >>> adopt this (see >>> https://bugs.chromium.org/p/chromium/issues/detail?id=841404 and >>> https://bugs.chromium.org/p/chromium/issues/detail?id=948834 and >>> https://bugs.chromium.org/p/chromium/issues/detail?id=915648) >>> >>> >>> Debuggability >>> >>> >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >>> ?Yes * CL >>> https://chromium-review.googlesource.com/c/chromium/src/+/3171519 under >>> review >>> >>> Flag nameBlink feature flag WebAssemblyCSP >>> >>> Requires code in //chrome?False >>> >>> Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=841404 >>> >>> Estimated milestones >>> >>> M96 >>> >>> Link to entry on the Chrome Platform Status >>> https://www.chromestatus.com/feature/5499765773041664 >>> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/339519e8-ab1c-4a84-b332-dc49bdcd6b72n%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/339519e8-ab1c-4a84-b332-dc49bdcd6b72n%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWaXo5d362EEhmtcHAMtmJPPqc9rOk2J9N_58mzELnG9A%40mail.gmail.com.
