Is WebAssembly fully supported in extensions?

Juraj M.

unread,

Aug 25, 2023, 2:23:35 AM8/25/23

to Chromium Extensions

I'm thinking about re-implementing my base93 encoder in Rust / Wasm but I want to be sue it will be supported in the modern browsers / MV3 extensions.

Is there anything I should know about before I start?

Juraj M.

unread,

Aug 25, 2023, 10:09:38 AM8/25/23

to Chromium Extensions, Juraj M.

So, if I'm seeing it right, in MV3 the wasm won't work without changing CSP first to:

```

"content_security_policy": {
"extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self';"
},

```

Without that, it will fail with:

```

Uncaught (in promise) CompileError: WebAssembly.instantiateStreaming(): Refused to compile or instantiate WebAssembly module because neither 'wasm-eval' nor 'unsafe-eval' is an allowed source of script in the following Content Security Policy directive: "script-src 'self'"

```

I've never had to change CSP before so I'm not really comfortable to do so (I know malware extensions often relaxes CSP).

I guess I should focus on the real features and not fun optimizations :)

Oliver Dunk

unread,

Aug 25, 2023, 10:20:07 AM8/25/23

to Juraj M., Chromium Extensions

Hi Juraj,

You can absolutely use WASM in extensions! That's something which I did a lot before I joined Google, and it can work out quite nicely.

Your CSP looks ok to me. You could consider setting object-src to 'none' if you don't have a need for that (the fewer allowances the better).

We have a few examples of using Rust in an extension in our samples repository which might be useful:

https://github.com/GoogleChrome/chrome-extensions-samples/tree/main/functional-samples/cookbook.wasm-helloworld-print-nomodule

https://github.com/GoogleChrome/chrome-extensions-samples/tree/main/functional-samples/cookbook.wasm-helloworld-print

Hope that helps!

Oliver Dunk | DevRel, Chrome Extensions | https://developer.chrome.com/ | London, GB

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/ef980db6-9afa-4161-8493-7e94c3cf27d9n%40chromium.org.

Juraj M.

unread,

Aug 25, 2023, 11:58:01 AM8/25/23

to Chromium Extensions, Oliver Dunk, Chromium Extensions, Juraj M.

Thank you Oliver for the info and the cool looking examples, I love that it's in Rust!

I just hope this won't affect review time. I'm already using so many dangerous permissions... so adding now "wasm-unsafe-eval" sounds like multiplying the threat level :)

Oliver Dunk

unread,

Aug 25, 2023, 12:49:54 PM8/25/23

to Juraj M., Chromium Extensions

I wouldn't expect that to be a problem - there are a number of extensions using WASM so it's something the team is used to handling :)

Oliver Dunk | DevRel, Chrome Extensions | https://developer.chrome.com/ | London, GB

Reply all

Reply to author

Forward