top | item 15314499

(no title)

jfbastien | 8 years ago

A few ways that come to mind:

1. WebAssembly has almost no APIs to the platforms whereas Flash had a bunch (i.e. it's "as safe as JavaScript, because it can only call JavaScript"). 2. The code is all new, as opposed to what I hear is a hard-to-maintain older codebase which wasn't designed with security in mind. 3. It's very static in that memory accesses are pretty easy to bounds check for the compiler.

Implementation-wise there's plenty of interesting things that can be done to tighten security of WebAssembly.

discuss

AnIdiotOnTheNet|8 years ago

And how long do you think that'll last? As developers stubbornly persist in trying to make desktop applications on the web, they'll demand more and more access to the host, and browser developers will give it to them in an effort to one-up each other.

If anyone had actually cared about security on the web we wouldn't be where we are now.

jfbastien|8 years ago

Your phrasing leads me to believe that you distrust how web standards organizations approve new features? If that's not the case then I invite you to join the W3C Community Group and help avoid insecure additions w3.org/community/webassembly/