Just a moment...
hacks.mozilla.org
  • Thinker@lemmy.world
    10·
    1 day ago

    This is such an exciting proposal for the web. From what I understand, this would be one of the final hurdles to having WASM “just work” in browsers the way people always expected it to (i.e. having standardized support for directly interacting with Web APIs/the DOM, without any janky glue code and skipping the huge inefficiencies of intermediary JS).

    The end result would be developers having a much easier path to implementing huge parts of their applications with native-like speeds in any language they want. Some people will want to do their whole application this way, and others will have specific modules that can benefit hugely from this while still making considered use of the rest of the web platform.

    As they say in the article, the current status quo is that this is possible but that ad-hoc/custom WASM modules are out of reach for all but the largest developers because of the cliff of complexity involved in moving beyond the most well-trod paths.

      • furry toaster@lemmy.blahaj.zoneEnglish
        51·
        1 day ago

        wasm and js are by definition remote code execution

        “oh but is sandboxed” how many sandbox bypass and sanbox escape CVEs have we had? incountably many

        beyond that, that is code using your cpu cycles often inefficiently and for useless purposes or outright malicious purposes such as tracking

        • ISO@lemmy.zip
          3·
          16 hours ago

          Let’s take Lemmy UIs as an example. In a world where this “RCE” is removed, all API calls and returned data would have to go through a “server client” first. I hope this won’t take you long to ponder if that’s an improvement or not 😉

          The web is indeed shit. But dumber web means more “clouding”, or if it’s not “clouding”, and to borrow from your reductionist fatalism: Dumber web replaces a potential RCE with a definite MITM.