On Wed, Sep 1, 2021 at 9:00 PM Francis McCabe <[email protected]> wrote:
> Contact [email protected] > [email protected] > > Explainer > https://github.com/WebAssembly/content-security-policy/blob/master/proposals/CSP.md > > Specificationhttps://github.com/w3c/webappsec-csp/pull/293 > > Summary > > Enhancements to Content Security Policy to improve interoperability with > WebAssembly. > > > Blink componentBlink > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink> > > Motivation > > Allows web developers to be more fine grained in their policy wrt > executing WebAssembly. Currently, if there is a non-empty CSP policy for a > page, the unsafe-eval policy must be enabled. This allows a developer to > use wasm-unsafe-eval that only allows webassembly execution and has no > impact on javaScript execution. In addition, the proposal is to extend > existing CSP script-src policies to include webassembly. Since WebAssembly > does not have an element tag, this will be, initially, to apply script-src > policies to the relevant API calls: WebAssembly.instantiateStreaming etc. > > > Initial public proposalhttps://github.com/w3c/webappsec-csp/pull/293 > > Search tagswasm <https://www.chromestatus.com/features#tags:wasm>, > webassembly <https://www.chromestatus.com/features#tags:webassembly>, csp > <https://www.chromestatus.com/features#tags:csp> > > TAG reviewNot needed > Can you expand on why you think a TAG review is not needed? > > TAG review status > > Risks > > > Interoperability and Compatibility > > > > Gecko: > https://github.com/mozilla/standards-positions/issues/574# > > WebKit: see > https://lists.webkit.org/pipermail/webkit-dev/2021-August/031974.html > > Web developers: > See https://crbug.com/948834 > > > Debuggability > > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> > ?Yes > > Flag name > > Requires code in //chrome?False > > Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=841404 > > Estimated milestones > > Link to entry on the Chrome Platform Status > https://www.chromestatus.com/feature/5499765773041664 > > This intent message was generated by Chrome Platform Status > <https://www.chromestatus.com/>. > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAE65UWB-%3DsKJUpiXcZ2jBGZaQ_yAXWOUdO2Jt1mKA3whP7ZqdA%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAE65UWB-%3DsKJUpiXcZ2jBGZaQ_yAXWOUdO2Jt1mKA3whP7ZqdA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfVB8a4%2BRo0afEFZUicmasBzFE%3DiSK%2B%2ByouhqLcfcqASow%40mail.gmail.com.
