[bobajeff]

Still, overall better than the situation of having to install a plugin that may or may not be available or working fully on your system. Plus security concerns of running sometimes obscure binaries on your system to access web content.

[pjmlp]

You can compile heartbleed to WebAssembly, and there are ways to exploit memory corruption to change observable behaviour.

[bobajeff]

I'm aware it's not impossible to exploit the current plug-in free browsers we have now. It's still objectively better than before.

Not that I'm satisfied with the current state of browsers mind you. I just think not being forced to install someone's binary blob to look at web content is a net benefit.

[pjmlp]

Except you can't disable WebAssembly, and you can't control how a SPA is implemented, see Figma for example.

Now you can enjoy Flash like ads using WebAssembly + WebGL, making it all a Phyrric victory.

[ranger_danger]

WebAssembly can absolutely be disabled:

Chromium-based: --js-flags=--noexpose_wasm

Firefox-based: about:config javascript.options.wasm = false

[pjmlp]

Great now explain that to granny on her phone.

[tredre3]

Seems like you're moving the goalposts...

Webassembly is clearly an improvement over the old plugins. For one thing it's a full virtual machine and was designed with sandboxing in mind.