1

I am trying to get a library with WebAssembly running with manifest v3 in a Chrome extension.

I have a basic file (call it sandbox.html) which executes some JavaScript:

if (typeof WebAssembly === "object" && typeof WebAssembly.instantiate === "function") {
    const module = new WebAssembly.Module(Uint8Array.of(0x0, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00));
}

This is embedded in a page with this tag:

<iframe
    sandbox="allow-same-origin allow-scripts" 
    csp="script-src 'self' 'unsafe-eval'; object-src 'self'" src="sandbox.html">
</iframe>

I have not added sandbox or content_security_policy to my manifest.json because I require allow-same-origin, see this comment.

However I get the following error:

Uncaught CompileError: WebAssembly.Module(): Wasm code generation disallowed by embedder

According to this and this, it's suggested that using unsafe-eval should be enough to make this run. However as far as I am aware, I am doing that but I still get this error.

(I believe I should be using wasm-eval over unsafe-eval; I have tried both and neither work. I have also tried including content_security_policy without allow-same-origin in my manifest.json but excluding the sandbox key.)

Am I missing something?

Bentley Carr
  • 672
  • 1
  • 8
  • 24
  • Per https://crbug.com/1173354#c19 it should work with content_security_policy.sandbox in manifest.json. – wOxxOm Sep 25 '21 at 05:27
  • @wOxxOm thanks for your reply - do you know if there's anywhere else I need to add the CSP apart from in manifest.json as you mentioned and the sandbox csp attribute, especially if the library I'm trying to use uses Workers? Ive tried putting the CSP in both places but it doesn't seem to resolve the issue :/ – Bentley Carr Sep 25 '21 at 23:40

0 Answers0