Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How is allowing WebAssembly to use the network any less secure than allowing JavaScript to use the network?


The issue here is the same-origin principle, which rules out most low-level networking (since you could just bring your own SOP-ignoring HTTP client).

Personally I think that enforcing the SOP at all cost (and even when no cookies or other authentication headers are injected by the browser) is misguided at this point and holding back modern webapps.


Don't ask me :).

At least WASM will get DOM access (and hopefully access to similar web APIs) as soon as the GC is stable and usable.

   Once GC is supported, WebAssembly code would be able to reference and access JavaScript, DOM, and general WebIDL-defined objects.
https://webassembly.org/docs/web/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: