New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

馃洡 Web Content Security Policy #1122

Open
jfbastien opened this Issue Aug 11, 2017 · 0 comments

Comments

Projects
None yet
2 participants
@jfbastien
Member

jfbastien commented Aug 11, 2017

This is a tracking issue for a post-MVP feature
It will be updated as the issue progresses.

Topic Content Security Policy
Champion none
Status in progress
Phase Feature proposal
Linked issues #1092 #205 #972
Linked repositories github.com/WebAssembly/content-security-policy

Details

Details

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware.

In the context of WebAssembly, CSP can:

  • Forbid usage of WebAssembly for developers who opted in to CSP before WebAssembly existed.
  • Allow finer-grained control of JavaScript restrictions (including unsafe-eval) versus WebAssembly using new CSP mechanisms.

References:

@WebAssembly WebAssembly locked and limited conversation to collaborators Aug 11, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.