Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make the libzim WASM and ASM builds compatible with the webextension manifest v3 spec #47

Closed
Jaifroid opened this issue Apr 16, 2023 · 0 comments · Fixed by #48
Closed

Make the libzim WASM and ASM builds compatible with the webextension manifest v3 spec #47

Jaifroid opened this issue Apr 16, 2023 · 0 comments · Fixed by #48
Assignees
@Jaifroid
Labels
build Code relating to building or publishing assets security Issues that impact on security

Comments

@Jaifroid
Copy link
Collaborator

Currently we are compiling with an (implied) DYNAMIC_EXECUTION=1 flag, which allows the use of the eval-equivalen new Fuction statement. This violates the ban on unsafe-eval in the more secure v3 spec of webextension manifests. For discussion, see kiwix/kiwix-js#755.

I have tested compiling with an explicit -s DYNAMIC_EXECUTION=0 flag, and this solves the issue.
@Jaifroid Jaifroid added the build Code relating to building or publishing assets label Apr 16, 2023
@Jaifroid Jaifroid self-assigned this Apr 16, 2023
@Jaifroid Jaifroid added the security Issues that impact on security label Apr 16, 2023
@Jaifroid Jaifroid mentioned this issue Apr 16, 2023
Merged
Jaifroid added a commit that referenced this issue Apr 16, 2023
@Jaifroid
Compile all versions without dynamic execution #47 (#48)
554c128
@Jaifroid Jaifroid mentioned this issue Apr 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Jaifroid Jaifroid

Labels
build Code relating to building or publishing assets security Issues that impact on security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Compile all versions without dynamic execution openzim/javascript-libzim
1 participant
@Jaifroid