Do web workers alleviate or intensify any of JavaScript's and the Browser Environment's known security issues?
Asked
Active
Viewed 1,159 times
7
-
7What "known security issues"? What's the specific problem you face? – George Stocker Oct 09 '12 at 01:33
-
@GeorgeStocker I am considering using web workers and would like to know if they bring any added security risk, or if I get some security enhancements for free. – Noah Freitas Oct 09 '12 at 01:34
-
Web workers are basically very limited threads. There aren't really any security implications one way or another. – Chris Heald Oct 09 '12 at 01:38
-
2Please avoid "the title says it all". Also, I second George Stocker. – Oct 09 '12 at 01:41
-
Why do you think it may or may not? – epascarello Oct 09 '12 at 01:53
-
3The same issues that apply to broken js engine sandboxing, apply to web workers that's it, so if you are using js already there is no new attack surface added to your app. (But that's something new and not tested, as always security bugs are possible :) ) – damiankolasa Oct 09 '12 at 06:32
1 Answers
6
According to the Mozilla Web Workers Security Review:
- Workers execute in a tightly controlled sandbox.
- No access to Components or other global JS components.
- Only basic JS (Math, Date, etc.), timeouts, XHR, and importScripts.
- Script loading is subject to the same restrictions as on the main thread (content policies, same origin restrictions, etc.).
- XHR uses the same code as the main thread.
These answered all the security considerations I had.
Stumpy7
- 252
- 3
- 14