Really? Yeah, it's been tested extensively, but it's security has also been found to be quite lacking. I'm legitimately surprised someone can say this with a straight face.

>the javascript security model

:Ddd

So you’re saying they have mitigated every cross-origin-based exploit? I bet they really mean it this time.

Nobody's claiming it's flawless. I'm just objecting to the claim that it's untested.

Should I list all of the CVEs related to exploits on JavaScript VMs?

Just today there were a few on another HN thread.

It happens, yes. But we're not building WAsm on a greenfield.