Enhancements to Content Security Policy to improve interoperability with WebAssembly.

Motivation

Allows web developers to be more fine grained in their policy wrt executing WebAssembly. Currently, if there is a non-empty CSP policy for a page, the unsafe-eval policy must be enabled. This allows a developer to use wasm-unsafe-eval that only allows webassembly execution and has no impact on javaScript execution.

Documentation

Specification

Specification link


Specification currently under development in a Working Group

Status in Chromium

Blink


In developer trial (Behind a flag) (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • No signals

Owners

Search tags

wasm, webassembly, csp,

Last updated on 2022-01-06