undefined | Better HN

0 pointsaustincheney8y ago0 comments

> For your second point, JavaScript is also sandboxed.

There are all kinds of abstractions interact with the language outside the sandbox though: DOM, XMLHttpRequest, WebSocket, Cookies, location object, localStorage, IndexedDB, and on and on....

To my knowledge WASM does not have such a variety of APIs to expose access. The reason for this difference is that the security emphasis for WASM is instruction integrity while with JavaScript the emphasis is integrity of IO.

WASM runs closer to the metal and so if any of the security CIA (confidentiality, integrity, availability) are broken everything that relies upon it, executes from it, or works with it could be exposed through memory. In this case it is the execution state that is important. JavaScript is not a bytecode format and so it can execute in a VM without the VM ever being exposed. All that matters for JavaScript is that it receives standard input and returns standard output.

0 comments

ChrisSD8y ago

Actually the eventual goal is to give WASM access to import "environment" apis, which in the browser means DOM, Cookies, etc.

See the design documents: https://github.com/WebAssembly/design/blob/master/Portabilit...

j / k navigate · click thread line to collapse