Closed Bug 1341111 Opened 3 years ago Closed Last year

restrict storage of WebAssembly.Module to Secure Contexts

Categories

(Core :: DOM: IndexedDB, defect, P3)

defect

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: luke, Unassigned)

References

Details

The concern is that storing code in IDB in an insecure context could allow a successful attack on one compromised page load to affect future page loads.  In general, this is already possible with strings of JS code, so this isn't a new problem (or unique to wasm or IDB), but since it's a new capability, Chrome people have proposed conservatively limiting storage of a Module in IDB to secure contexts.
Priority: -- → P2
Luke, you should also report this at https://github.com/w3c/IndexedDB/issues/new to make sure it's specified and we know what to do when the conditions are not met (and ideally get someone to write web-platform-tests).
Priority: P2 → P3
WebAssembly.Module IndexedDB serialization support is being removed in bug 1469395.
Right, don't have to worry about this bug now.
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.