Closed Bug 1341111 Opened 8 years ago Closed 7 years ago

restrict storage of WebAssembly.Module to Secure Contexts

Categories

(Core :: Storage: IndexedDB, defect, P3)

Product:
Core
Component:
Storage: IndexedDB
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: luke, Unassigned)

References

Details

The concern is that storing code in IDB in an insecure context could allow a successful attack on one compromised page load to affect future page loads. In general, this is already possible with strings of JS code, so this isn't a new problem (or unique to wasm or IDB), but since it's a new capability, Chrome people have proposed conservatively limiting storage of a Module in IDB to secure contexts.
Priority: -- → P2
Luke, you should also report this at https://github.com/w3c/IndexedDB/issues/new to make sure it's specified and we know what to do when the conditions are not met (and ideally get someone to write web-platform-tests).
Priority: P2 → P3
WebAssembly.Module IndexedDB serialization support is being removed in bug 1469395.
Right, don't have to worry about this bug now.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.