Assume I have a web page loaded from example.com
, with some Javascript and two WebAssemblies from the same origin. I'm attempting to understand the security boundaries, but can't find a reference that puts it all together. So:
example.com
? (I think: yes) What I'm really trying to get to:
If WebAssembly 1 contains a "secret token 1", and WebAssembly 2 contains a "secret token 2", is there a way for either of them to gain access to the other's token?
As they are running in the same origin, possibly yes. But you should be able to prevent this by using distinct origins via sandboxed iframes or similar.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.