Skip to content

Remove use of legacy interop preventing CSP compliance in Blazor WebAssembly #48182

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 12, 2023
Merged

Remove use of legacy interop preventing CSP compliance in Blazor WebAssembly #48182

merged 1 commit into from
May 12, 2023

Conversation

@MackinnonBuck
Copy link
Member

@MackinnonBuck MackinnonBuck commented May 10, 2023
edited
Loading

Remove use of legacy interop preventing CSP compliance in Blazor WebAssembly

Opening as a draft until some open questions are resolved.

Contributes to #48042
Fixes #37787

@ghost ghost added the area-blazor Includes: Blazor, Razor Components label May 10, 2023
@MackinnonBuck
Copy link
Member Author

MackinnonBuck commented May 10, 2023

Regarding the removal of invokeJSFromDotNet: This function doesn't get invoked within the framework except in some E2E tests, so we could remove it easily. That said, eliminating this function will break external usage of IJSUnmarshalledRuntime. Are we okay with taking that step now?

@MackinnonBuck
Copy link
Member Author

MackinnonBuck commented May 10, 2023

By the way: According to my testing, this change will mean unsafe-eval is no longer required when specifying a CSP script-src.

@pavelsavara
Copy link
Member

pavelsavara commented May 11, 2023

This PR should just contribute to the issue 48042, not close it.

IJSUnmarshalledRuntime. Are we okay with taking that step now?

Perhaps we could make it throw exceptions when WasmEnableLegacyJsInterop=false and trim it.
Removing it completely need to be next LTS release, I think.

@pavelsavara
Copy link
Member

pavelsavara commented May 11, 2023

We discussed with @MackinnonBuck that it would be good to do some perf testing before we remove that stringCache.
Is it possible that there are many identical non-interned strings in the renderBatch ?

@MackinnonBuck MackinnonBuck marked this pull request as ready for review May 11, 2023 21:28
@MackinnonBuck MackinnonBuck requested a review from a team as a code owner May 11, 2023 21:28
@MackinnonBuck
Copy link
Member Author

MackinnonBuck commented May 11, 2023

I've marked this PR to close #37787. It should be noted that 'wasm-unsafe-eval' is still required, but that's true for any WebAssembly app.

@MackinnonBuck MackinnonBuck changed the title Remove remaining use of legacy interop in Blazor WebAssembly Remove use of legacy interop preventing CSP compliance in Blazor WebAssembly May 11, 2023
@MackinnonBuck MackinnonBuck merged commit cc28732 into main May 12, 2023
@MackinnonBuck MackinnonBuck deleted the mbuck/remove-legacy-interop-usage branch May 12, 2023 16:01
@ghost ghost added this to the 8.0-preview5 milestone May 12, 2023
@MackinnonBuck MackinnonBuck restored the mbuck/remove-legacy-interop-usage branch May 12, 2023 17:07
@MackinnonBuck MackinnonBuck deleted the mbuck/remove-legacy-interop-usage branch May 12, 2023 17:08
@guardrex guardrex mentioned this pull request May 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pavelsavara pavelsavara pavelsavara approved these changes

@javiercn javiercn javiercn approved these changes

@maraf maraf maraf approved these changes

@SteveSandersonMS SteveSandersonMS Awaiting requested review from SteveSandersonMS

Assignees

No one assigned

Labels

area-blazor Includes: Blazor, Razor Components

Projects

None yet

Milestone

8.0-preview5

Development

Successfully merging this pull request may close these issues.

Remove unsafe-eval CSP Requirement for Blazor WASM

5 participants

@MackinnonBuck @pavelsavara @javiercn @maraf