Open annevk opened 2 years ago
what do you mean by 'integrated'?
Well, where is EnsureCSPDoesNotBlockWasmByteCompilation invoked? It seems https://webassembly.github.io/spec/js-api/ has to do that, no?
I will take a look at this. I thought it was done but something 'went wrong' with git when I merged upstream.
I am now crafting an appropriate algorithm.
@fgmccabe Hi! I am starting to look into implementing this in Firefox, has there been any update here?
wasm-unsafe-eval shipped in chrome 97. What additional information are you looking for?
As far as I can tell https://webassembly.github.io/spec/js-api/ doesn't include any references to EnsureCSPDoesNotBlockWasmByteCompilation
yet.
It has not been standardized yet. You need to look at https://github.com/WebAssembly/content-security-policy for the CSP stuff, and https://github.com/WebAssembly/content-security-policy/tree/main/document/web-api and https://github.com/WebAssembly/content-security-policy/pull/40 in particular. (The latter represents unfinished business at the moment)
What's the holdup with getting it standardized on the Wasm side? It's certainly standardized on the CSP side, though that was on the presumption it would be here as well.
A combination of factors:
For 2 it would help to have some clarity with respect to what to implement though.
wasm-unsafe-eval?
Yes and in particular how it interacts with the Wasm APIs.
You can see a draft of the wasm proposal at https://webassembly.github.io/content-security-policy/
It seems that https://github.com/WebAssembly/content-security-policy/blob/main/proposals/CSP.md hasn't been integrated here yet, but https://w3c.github.io/webappsec-csp/#can-compile-wasm-bytes does exist.
@antosart @fgmccabe