Chrome扩展程序中的Wasm模块编译错误 [英] Wasm module compile error in Chrome Extension

问题描述

在我的扩展程序中，我想使用自己的WebAssembly模块.

In my extension I want to use my own WebAssembly module.

在加载模块(到background.html或popup.html)之后，出现编译错误:

After loading my module (to background.html, or popup.html), I catch the compile error:

CompileError:WebAssembly.compile():嵌入程序不允许生成Wasm代码.

CompileError: WebAssembly.compile(): Wasm code generation disallowed by embedder.

Chrome扩展程序不支持wasm模块吗?

Are wasm modules not supported in Chrome Extensions?

推荐答案

从此讨论，至少在目前情况下如此

It seems from this issue that Chrome requires script-src: 'unsafe-eval' CSP directive be active for WebAssembly compilation. See this discussion as to why this is the case, at least for now.

Chrome扩展程序附带 CSP的默认限制；其中包括不允许unsafe-eval.有些限制不能取消；在这种情况下，您可以通过添加清单密钥来允许unsafe-eval:

Chrome Extensions come with default restrictions on CSP; that includes not allowing unsafe-eval. Some of the restrictions cannot be lifted; in this case, you can allow unsafe-eval by adding a manifest key:

"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"

这应该足以测试Wasm是否在扩展程序中起作用.但是请注意文档中的警告:

This should be enough to test if Wasm works in extensions. But heed this warning from documentation:

但是，我们强烈建议您不要这样做.这些功能是臭名昭著的XSS攻击媒介.

However, we strongly recommend against doing this. These functions are notorious XSS attack vectors.

您可以使用文档中的以下方法对需要扩展的unsafe-eval进行沙箱编码:

Instead of allowing unsafe-eval for your whole extension, you can sandbox code that requires it, using the following approach from the docs:

在Chrome扩展程序中使用eval.安全.

要点是在扩展程序中创建一个单独的页面，其中允许unsafe-eval，但不允许Chrome API访问；然后，您可以将此页面嵌入到扩展程序中，并使用 .

The gist of it is to create a separate page in your extension, where unsafe-eval is allowed but Chrome API access is disallowed; you then embed this page in your extension and communicate with it using postMessage().

这篇关于Chrome扩展程序中的Wasm模块编译错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！