Dear Emscripten Community,
you did such a grat job with designing and implementing emscripten.
I would like to seed to idea of a security improvement, that comes in handy when traffic is transferred through an less trusted environment such as CDN/DDoS protection services.
HTML provides with the script.integrity tag the option to specify a cryptographic checksum that may be enforced; this may be used to protect the emitted js file but not the wasm binary.
However when the emitted JS codes starts WebAssembly.instantiateStreaming(), there is no cryptographic verification of the wasm's checksum possible.
It has been mentioned that the streaming is the most efficient way, so it would be great to have an option to have an option for the integrity, possibly as a 4th argument.
Alternative, until in the standards, I would suggest to have a compiler flag, to change the compilation as follows:
- Use the fetch API to load the wasm binary.
- Perform an SHA256-checksum on the binary
- Throw an exception if the checksum in the emitted javascript doesn't matches the wasm binary; otherwise pass the fetched result into WebAssembly.instantiate()
Dear Emscripten Community,
you did such a grat job with designing and implementing emscripten.
I would like to seed to idea of a security improvement, that comes in handy when traffic is transferred through an less trusted environment such as CDN/DDoS protection services.
HTML provides with the script.integrity tag the option to specify a cryptographic checksum that may be enforced; this may be used to protect the emitted js file but not the wasm binary.
However when the emitted JS codes starts WebAssembly.instantiateStreaming(), there is no cryptographic verification of the wasm's checksum possible.
It has been mentioned that the streaming is the most efficient way, so it would be great to have an option to have an option for the integrity, possibly as a 4th argument.
Alternative, until in the standards, I would suggest to have a compiler flag, to change the compilation as follows: