[justinclift]

Hmmm, I'm kind of in two minds about this.

On one hand, the problem doesn't seem to be any different than happens with standard JS. The exploit was possible only because the wasm (literally) did no input validation. And "validate all input" is the first thing web programmers learn. (or very close to first ;>)

On the other hand, it is a vector. And we've seen plenty of cases where vectors are chained together in novel ways to enable unexpected attacks. So there's that. ;)

> Oops, good point. They are now pushed, sorry about that.

No worries, thanks for getting that done. :)