Closed eholk closed 6 years ago
Here're my 2c on how CSP relates to WebAssembly.{compile,instantiate}
.
WebAssembly future goals include
In the future 🦄, WebAssembly may also be loaded and run directly from an HTML Githubissues.
Githubissues is a development platform for aggregating issues.
The proposal should specify what threats we are trying to protect against with CSP and how CSP mitigates these threats.
At the recent CG meeting, we had some confusion about what CSP is used for. The primary use seems to be to give developers control over what code runs as part of their application. However, it seemed like there were also efforts to use CSP to limit opportunities for heap spray attacks by restricting an attacker's ability to generate code. We should clarify in the proposal which threats our in scope.
See https://github.com/WebAssembly/design/issues/1510 for the related action item that came out of the meeting.
Let's use this issue to discuss what we should do.