Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

On one hand, yes, new attack surface is new attack surface. But WASM has been in browsers for almost a decade now.


Without the bindings this talks about, so it really couldn't do nearly as much.


WASM has access to everything JS has via JS in the same sandbox that JS runs in.

JS didn't magically become more "secure". Multiple things happened:

- ActiveX and Flash got booted from browsers

- Browsers got much better sandboxes

Essentially limited what untrusted code can run and sandboxed that untrusted code. Before NaCl and PNaCl it was wild west in browsers.

The same sandbox runs WASM. It even goes through the same runtime in every browser. It's no different from compiling language of your choice to subset of JavaScript (see asm.js).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: