undefined | Better HN

0 pointsaustincheney8y ago0 comments

It isn't due to the language but to context of known APIs provided to the language that can only be executed a certain way by the language.

How would a browser know to restrict a web server compiled into bytecode specifically to violate same origin? The browser only knowns to restrict this from JavaScript because such capabilities are allowed only from APIs the browser provides to JavaScript.

0 comments

tptacek8y ago

I really don't understand your example. Are you proposing a web server running inside the browser as a WebAssembly program, and the browser attempting to enforce same origin policy against that server? That doesn't make much sense.

austincheneyOP8y ago

Yep, it doesn't make sense and that is the problem. There is no reason why you couldn't write a web server in WASM that runs in an island inside the browser to bypass the browser's security model.

tptacek8y ago

This does not make any sense, sorry.

j / k navigate · click thread line to collapse

0 pointsaustincheney8y ago0 comments

It isn't due to the language but to context of known APIs provided to the language that can only be executed a certain way by the language.

0 comments

tptacek8y ago

austincheneyOP8y ago

Yep, it doesn't make sense and that is the problem. There is no reason why you couldn't write a web server in WASM that runs in an island inside the browser to bypass the browser's security model.

tptacek8y ago

This does not make any sense, sorry.

j / k navigate · click thread line to collapse