DEV Community

Prahlad Yeri
Prahlad Yeri

Posted on

Webassembly is good but doesn't the thought scare you that sites will now be able to run full binary programs on your devices?

Until now, they were able to run interpreted JavaScript. However obfuscated it may be, you can always read it or at least scan its source to ensure its not doing anything wrong.

But webassemblies are just binary blobs or black boxes, so to speak. That code is able to do literally anything to your devices. Aren't you concerned by this fact?

Top comments (4)

Collapse
 
stojakovic99 profile image
Nikola Stojaković

But webassemblies are just binary blobs or black boxes, so to speak. That code is able to do literally anything to your devices.

That's not how it works. WebAssembly is a binary instruction format, but it doesn't mean you have actual binaries which are executed by the underlying system. It will be used in browser's sandboxed environment, just like JavaScript.

WebAssembly describes a memory-safe, sandboxed execution environment that may even be implemented inside existing JavaScript virtual machines. When embedded in the web, WebAssembly will enforce the same-origin and permissions security policies of the browser.

👉 webassembly.org

Collapse
 
ahferroin7 profile image
Austin S. Hemmelgarn

Compiled web assembly isn't native machine code. In fact, it couldn't be native machine code, otherwise it wouldn't be portable. It's just like JVM or CLR byte-code in that respect, though it's easier to disassemble than both.

On top of that though, it's run in an environment pretty much equivalent to JavaScript in terms of security (so, reasonably good security short of hyper-targeted attacks).

Collapse
 
jdforsythe profile image
Jeremy Forsythe

Not at all. They are designed to be safe.

Collapse
 
tarialfaro profile image
Tari R. Alfaro

Read what Nikola and Austin said. You need special Web Assembly compilers for your language of choice. It's NOT low-level machine code that could be run on any particular OS or bare metal.