← Back to context

Comment by mrcslws

7 days ago

Quick response regarding security:

On various Mozilla forums that I saw, the discussion was basically: 1. We can't just allow the browser to connect to any socket, since many either explicitly don't want browsers connecting to them, or are oblivious to browsers. 2. ...so we need to also add some sort of allow list 3. ...this is getting too complicated for such a niche feature.

So I think the nicheness was the high-order bit here.

(FYI, Outer Loop does add an allow-list: https://outerloop.sh/unix-domain-sockets/)

JavaScript and wasm should not be able to open generalized networks sockets because no one wants an asshole to be able to buy an ad on a shitty ad network and send malicious code to people’s browsers which attacks all the internal devices on the user’s network simply because the user wanted to read a movie review.