DEV Community

Webassembly is good but doesn't the thought scare you that sites will now be able to run full binary programs on your devices?

Prahlad Yeri on June 11, 2019

Until now, they were able to run interpreted JavaScript. However obfuscated it may be, you can always read it or at least scan its source to ensure...

Read full post

Nikola Stojaković • Jun 11 '19

But webassemblies are just binary blobs or black boxes, so to speak. That code is able to do literally anything to your devices.

That's not how it works. WebAssembly is a binary instruction format, but it doesn't mean you have actual binaries which are executed by the underlying system. It will be used in browser's sandboxed environment, just like JavaScript.

WebAssembly describes a memory-safe, sandboxed execution environment that may even be implemented inside existing JavaScript virtual machines. When embedded in the web, WebAssembly will enforce the same-origin and permissions security policies of the browser.

👉 webassembly.org

Austin S. Hemmelgarn • Jun 12 '19

Compiled web assembly isn't native machine code. In fact, it couldn't be native machine code, otherwise it wouldn't be portable. It's just like JVM or CLR byte-code in that respect, though it's easier to disassemble than both.

On top of that though, it's run in an environment pretty much equivalent to JavaScript in terms of security (so, reasonably good security short of hyper-targeted attacks).

Jeremy Forsythe • Jun 11 '19

Not at all. They are designed to be safe.

Tari R. Alfaro • Jun 13 '19

Read what Nikola and Austin said. You need special Web Assembly compilers for your language of choice. It's NOT low-level machine code that could be run on any particular OS or bare metal.