LGTM3
/Daniel
On 2021-10-07 09:25, Yoav Weiss wrote:
LGTM2
On Thu, Oct 7, 2021 at 12:11 AM 'Francis McCabe' via blink-dev
<blink-dev@chromium.org> wrote:
Confirming: there is no current plan to modify how extensions
would work.
I was alluding to semi-solid thoughts on how a possible wasm-src
policy would work. But, in any case, wasm-unsafe-eval would
continue even without any new wasm-src.
Also, currently, extensions (and only extensions and chrome apps),
can use the 'wasm-eval' policy source keyword. There was a lot of
discussion about using wasm-eval for normal web pages but the
community eventually decided against doing that.
wasm-eval will continue to work for extensions. But, IMO, that
sets up a problem for the future. Chrome extensions will be able
to use wasm-eval; but noone else will (they will have to use
wasm-unsafe-eval, or, in the future, a wasm-src policy). I can see
there being some pressure to normalize this down the road.
On Wednesday, October 6, 2021 at 11:05:26 AM UTC-7
oli...@oliverdunk.com wrote:
Hey! Just to confirm, it seems like this change wouldn't
impact extensions at all? My understanding is that the current
implementation supports extensions by adding the
chrome-extension:// URL scheme to an allow-list. With that in
mind, I imagine the implementation here would be removing that
allow-list but keeping the behaviour for extensions otherwise
the same?
On Thursday, September 23, 2021 at 10:36:20 PM UTC+1 Francis
McCabe wrote:
Contact emails
ad...@chromium.org
f...@chromium.org
Explainer
https://github.com/WebAssembly/content-security-policy/blob/master/proposals/CSP.md
Specification
https://github.com/w3c/webappsec-csp/pull/293
Design docs
https://github.com/WebAssembly/content-security-policy/blob/master/proposals/CSP.md
Summary
Enhancements to Content Security Policy to improve
interoperability with WebAssembly.
The change involves adding a new CSP source keyword:
wasm-unsafe-eval that would allow a web page to compile
and execute WebAssembly modules.
Blink component
Blink
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink>
Search tags
wasm <https://www.chromestatus.com/features#tags:wasm>,
webassembly
<https://www.chromestatus.com/features#tags:webassembly>,
csp <https://www.chromestatus.com/features#tags:csp>
TAG review
Not needed in our view, as this is a very small change to
existing CSP functionality.
TAG review status
Risks
Interoperability and Compatibility
Gecko:
https://github.com/mozilla/standards-positions/issues/580
WebKit:
https://lists.webkit.org/pipermail/webkit-dev/2021-August/031974.html
Web developers: There has been a considerable amount of
discussion of this within the WebAppSec WG and there is
some pressure from developers to adopt this (see
https://bugs.chromium.org/p/chromium/issues/detail?id=841404 and
https://bugs.chromium.org/p/chromium/issues/detail?id=948834
and
https://bugs.chromium.org/p/chromium/issues/detail?id=915648)
Debuggability
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md>?
Yes * CL
https://chromium-review.googlesource.com/c/chromium/src/+/3171519
under
review
Flag name
Blink feature flag WebAssemblyCSP
Requires code in //chrome?
False
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=841404
Estimated milestones
M96
Link to entry on the Chrome Platform Status
https://www.chromestatus.com/feature/5499765773041664
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/339519e8-ab1c-4a84-b332-dc49bdcd6b72n%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/339519e8-ab1c-4a84-b332-dc49bdcd6b72n%40chromium.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWaXo5d362EEhmtcHAMtmJPPqc9rOk2J9N_58mzELnG9A%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWaXo5d362EEhmtcHAMtmJPPqc9rOk2J9N_58mzELnG9A%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/195e5275-cb08-aa52-6d88-da4b1b3a7898%40gmail.com.