Webassembly is good but doesn't the thought scare you that sites will now be able to run full binary programs on your devices?

twitter logo github logo ・1 min read

Until now, they were able to run interpreted JavaScript. However obfuscated it may be, you can always read it or at least scan its source to ensure its not doing anything wrong.

But webassemblies are just binary blobs or black boxes, so to speak. That code is able to do literally anything to your devices. Aren't you concerned by this fact?

twitter logo DISCUSS (5)
markdown guide
 

But webassemblies are just binary blobs or black boxes, so to speak. That code is able to do literally anything to your devices.

That's not how it works. WebAssembly is a binary instruction format, but it doesn't mean you have actual binaries which are executed by the underlying system. It will be used in browser's sandboxed environment, just like JavaScript.

WebAssembly describes a memory-safe, sandboxed execution environment that may even be implemented inside existing JavaScript virtual machines. When embedded in the web, WebAssembly will enforce the same-origin and permissions security policies of the browser.

👉 webassembly.org

 

I'm rather concerned by new WebAPIs and DRM-related content than by WebASM.

As it's sandboxed and runs alongside javascript, there's no particular threat, and it finally allows us to use other languages than javascript for some heavier/more precise tasks.

 

Compiled web assembly isn't native machine code. In fact, it couldn't be native machine code, otherwise it wouldn't be portable. It's just like JVM or CLR byte-code in that respect, though it's easier to disassemble than both.

On top of that though, it's run in an environment pretty much equivalent to JavaScript in terms of security (so, reasonably good security short of hyper-targeted attacks).

 

Read what Nikola and Austin said. You need special Web Assembly compilers for your language of choice. It's NOT low-level machine code that could be run on any particular OS or bare metal.

 
Classic DEV Post from May 4

The secret that the fonts industry doesn't want you to know

Finally the story of CSS's most unsung hero

Prahlad Yeri profile image
Most programmers like coffee but I'm fond of tea.