Assuming that decompilation will always possible for any runnable wasm bytecode...Thrawn wrote:Bytecode may add an extra step, to convert it to asm.js, but it sounds like there will already be standard polyfills to do the job, so it may not be a big deal. Maybe such a decompilation could even be integrated into the Web Developer tools. So there won't necessarily be more obscurity.
Yeah, that would be awesome, but I'm pretty sure that tool won't be NoScriptThrawn wrote:Actually, bytecode should be somewhat easier (and certainly faster) to parse, so it might be more feasible for tools like NoScript (or other security software) to make a good guess at the intent of a piece of WASM. And it should be a smaller download.
What if it were possible for NoScript to automatically detect and allow snippets of WASM that are found to perform only "safe" operations like folding/unfolding menus? That would be a big usability win.
Actually, I think you'll find that if it can break out of the sandbox into chrome context, then JavaScript is just as dangerous.barbaz wrote:There's also a security downside to this - don't attackers have significantly more room to play in binary code vs. text code compiled by the victims' browsers? I mean look at the security history of .NET and Java, which that article compares WebAssembly to!...
Plus any bug in the browser's wasm parser/executor could allow for far more potential for damage, e.g. if arbitrary code execution is accidentally permitted, this is arbitrary *byte*code, which can theoretically run anywhere on the OS, not just in the browser like malicious JS (right? am I making any sense there?)
I would have thought that anything that cannot be decompiled probably cannot be executed. You can always turn machine instructions back into mnemonics at the very least. The result may be ugly, but so is minified JavaScript...Assuming that decompilation will always possible for any runnable wasm bytecode...
Yes but that still requires the browser as a medium, to run the code. Are you saying that code which won't need the browser as a medium (which the right kind of binary code won't) can't do more damage than JavaScript that "accidentally" gains chrome privileges?Thrawn wrote:Actually, I think you'll find that if it can break out of the sandbox into chrome context, then JavaScript is just as dangerous.
Well, I can think of a few cases:Thrawn wrote:I would have thought that anything that cannot be decompiled probably cannot be executed. You can always turn machine instructions back into mnemonics at the very least. The result may be ugly, but so is minified JavaScript...
They're not talking about native code; they're talking about intermediate code, like Java bytecode. Compiled up to a point, then interpreted.barbaz wrote:Are you saying that code which won't need the browser as a medium (which the right kind of binary code won't) can't do more damage than JavaScript that "accidentally" gains chrome privileges?
Maybe. Theoretically you could also encrypt JavaScript text, though.Well, I can think of a few cases:Thrawn wrote:I would have thought that anything that cannot be decompiled probably cannot be executed. You can always turn machine instructions back into mnemonics at the very least. The result may be ugly, but so is minified JavaScript...
1) DRM encryption of sorts applied to the compiled code, or a DRM lock (if the spec ends up allowing for this and all browser vendors comply.. I really hope that doesn't happen though)
Yes, that is more of a concern...although it's basically just obfuscation on steroids.2) Something like this? viewtopic.php?f=19&t=18581
If it can be translated directly into asm.js (which is supposed to be the case for the polyfills), then I'd say so.But in any case, can a "prettifyer" do enough to make it even as human readable as prettifyed minified JS?
Well, if you can provide an example, we could look more into that.(And I'm pretty sure I remember trying to decompile Java code that executed fine, and it wouldn't fully decompile into something human-readable enough... I can't remember what it was or what I was trying to get out of it though.)
Ah good, didn't realize there was that much of a difference.Thrawn wrote:They're not talking about native code; they're talking about intermediate code, like Java bytecode. Compiled up to a point, then interpreted.barbaz wrote:Are you saying that code which won't need the browser as a medium (which the right kind of binary code won't) can't do more damage than JavaScript that "accidentally" gains chrome privileges?
Yes, native code is more dangerous, but binary != native. You can't have a browser running arbitrary untrusted native code; that's complete system takeover as soon as you visit a web page. It *has* to be interpreted in order to apply any kind of sandboxing to it.
I would think that what it could mean (at most) is that NoScript itself becomes written in wasm, either out of necessity or out of Giorgio's choice. Also there will need to be the possibility of surrogates written in wasm, which I think cannot be done in the current architecture of the surrogate system.Tar_Ni wrote:So what does that mean for the future of an addon like NoScript? Will it still exist in say, 5 years from now?
Interesting idea! In theory that would make NoScript a smaller download, but it would also break the current open-source situation, where the XPI is all you need.barbaz wrote:I would think that what it could mean (at most) is that NoScript itself becomes written in wasm, either out of necessity or out of Giorgio's choice.
I could be wrong, but I suspect that a JavaScript surrogate would be able to replace a real WASM script.Also there will need to be the possibility of surrogates written in wasm, which I think cannot be done in the current architecture of the surrogate system.
Would it? Giorgio currently packages the ABE.g file which (I think) is not needed by the XPI yet is part of the source codeThrawn wrote:it would also break the current open-source situation, where the XPI is all you need.
Well that article I linked in the OP makes it sound like JavaScript is actually going to be replaced with wasm, at least on the Web...Thrawn wrote:I could be wrong, but I suspect that a JavaScript surrogate would be able to replace a real WASM script.
Well, yes, but then it's not a smaller download, is it? It might be slightly faster, but as mentioned previously, I think that that's not a big issue, except maybe in ABE with big rulesets. So the rework necessary to make NoScript conform with asm.js (and thus be WASM-compatible) wouldn't really be justified, AFAICT.barbaz wrote:Giorgio currently packages the ABE.g file which (I think) is not needed by the XPI yet is part of the source code
Nah, not possible. How many hundreds of millions of websites use JavaScript? Do we really expect them all to change, with no security imperative? Including sites where maximising performance is not an issue? JavaScript support isn't going away.Well that article I linked in the OP makes it sound like JavaScript is actually going to be replaced with wasm, at least on the Web...
Yeah, I agree that if JS will continue to be supported then NoScript won't need to be ported to wasm.Thrawn wrote:Well, yes, but then it's not a smaller download, is it? It might be slightly faster, but as mentioned previously, I think that that's not a big issue, except maybe in ABE with big rulesets. So the rework necessary to make NoScript conform with asm.js (and thus be WASM-compatible) wouldn't really be justified, AFAICT.
Cool!Thrawn wrote:Nah, not possible. How many hundreds of millions of websites use JavaScript? Do we really expect them all to change, with no security imperative? Including sites where maximising performance is not an issue? JavaScript support isn't going away.
