|
| 1 | +EnhancedSecurityMode |
| 2 | +=== |
| 3 | + |
| 4 | +# Background |
| 5 | + |
| 6 | +Enhanced Security Mode (ESM) is a Microsoft Edge security feature that reduces the risk of memory-related vulnerabilities by disabling JavaScript Just-in-Time (JIT) compilation and enabling additional operating system protections. |
| 7 | + |
| 8 | +In WebView2, ESM is off by default to avoid performance impact. Host applications can enable ESM for stricter security when rendering untrusted or sensitive content. While this improves security, it may reduce JavaScript performance. |
| 9 | + |
| 10 | +In Microsoft Edge, ESM offers two levels: |
| 11 | + |
| 12 | +- Balanced – Enabled only for unfamiliar sites based on browser usage patterns. |
| 13 | +- Strict – Always enabled for all sites. |
| 14 | + |
| 15 | + |
| 16 | + |
| 17 | +Unlike Edge browser, WebView2 does not support heuristic-based "Balanced" level. Only two options are available: Off and Strict. |
| 18 | + |
| 19 | +Currently, ESM level can only be configured via the `--sdsm-state` browser flag([see for more details](https://learn.microsoft.com/en-us/microsoft-edge/webview2/concepts/webview-features-flags?tabs=dotnetcsharp)) at environment creation, applying globally to all profiles. There is no flexibility to modify the level at runtime. |
| 20 | + |
| 21 | +This proposal introduces an API to enable or disable ESM and persist the configuration for a WebView2 profile within the user data folder. |
| 22 | + |
| 23 | +## CoreWebView2Profile.EnhancedSecurityMode |
| 24 | +Enables or disables Enhanced Security Mode (ESM) for all WebView2 instances sharing the same profile. This property value is persisted for a WebView2 profile in the user data folder. The default value is false. |
| 25 | + |
| 26 | +- true: ESM enabled in Strict level: disables JavaScript JIT and applies additional OS protections. |
| 27 | +- false: ESM level is Off. |
| 28 | + |
| 29 | +Changes apply to future navigations; reload may be required. Enabling ESM improves security but can reduce JavaScript performance. |
| 30 | + |
| 31 | +# Examples |
| 32 | + |
| 33 | +## EnhancedSecurityMode |
| 34 | + |
| 35 | +Enable Enhanced Security Mode for a profile. |
| 36 | + |
| 37 | +```c# |
| 38 | +void EnableEnhancedSecurityMode() |
| 39 | +{ |
| 40 | + var profile = webView2.CoreWebView2.Profile; |
| 41 | + profile.EnhancedSecurityMode = true; |
| 42 | + MessageBox.Show(this, "Enhanced security mode is enabled", "Enhanced Security Mode"); |
| 43 | +} |
| 44 | +``` |
| 45 | + |
| 46 | +```cpp |
| 47 | +void EnableEnhancedSecurityMode() |
| 48 | +{ |
| 49 | + wil::com_ptr<ICoreWebView2_13> webView2_13; |
| 50 | + webView2_13 = m_webView.try_query<ICoreWebView2_13>(); |
| 51 | + |
| 52 | + if (webView2_13) |
| 53 | + { |
| 54 | + wil::com_ptr<ICoreWebView2Profile> profile; |
| 55 | + CHECK_FAILURE(webView2_13->get_Profile(&profile)); |
| 56 | + |
| 57 | + auto profile12 = profile.try_query<ICoreWebView2Profile12>(); |
| 58 | + if (profile12) |
| 59 | + { |
| 60 | + CHECK_FAILURE(profile12->put_EnhancedSecurityMode(TRUE)); |
| 61 | + MessageBox( |
| 62 | + nullptr, L"Enhanced security mode is enabled", |
| 63 | + L"Enhanced Security Mode", MB_OK); |
| 64 | + } |
| 65 | + } |
| 66 | +} |
| 67 | +``` |
| 68 | + |
| 69 | +# API Details |
| 70 | + |
| 71 | +```c# |
| 72 | +/// Extension of ICoreWebView2Profile to control Enhanced Security Mode (ESM) level. |
| 73 | +/// |
| 74 | +/// ESM reduces the risk of memory-related vulnerabilities by disabling JavaScript |
| 75 | +/// Just-in-Time (JIT) compilation and enabling additional OS protections. |
| 76 | +/// This property applies to all WebView2 instances sharing the same profile and |
| 77 | +/// is persisted in the user data folder. |
| 78 | +/// |
| 79 | +/// Default: false. ESM level is Off. |
| 80 | +/// |
| 81 | +/// true: Enables ESM in Strict level for all sites. |
| 82 | +/// false: ESM level is Off. |
| 83 | +/// |
| 84 | +/// Notes: |
| 85 | +/// - Changes apply to future navigations; reload may be required. |
| 86 | +/// - Enabling ESM improves security but may reduce JavaScript performance. |
| 87 | +/// |
| 88 | +/// See: https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-security-browse-safer |
| 89 | +/// |
| 90 | +/// |
| 91 | +[uuid(d5b781db-0a75-5f9c-85b1-40fa814fcea7), object, pointer_default(unique)] |
| 92 | +interface ICoreWebView2Profile12 : IUnknown { |
| 93 | + /// Gets whether Enhanced Security Mode is enabled for this profile. |
| 94 | + [propget] HRESULT EnhancedSecurityMode([out, retval] BOOL* value); |
| 95 | + |
| 96 | + /// Enables or disables Enhanced Security Mode for this profile. |
| 97 | + /// See notes above for behavior and performance impact. |
| 98 | + [propput] HRESULT EnhancedSecurityMode([in] BOOL value); |
| 99 | +} |
| 100 | +``` |
| 101 | + |
| 102 | +```c# |
| 103 | +namespace Microsoft.Web.WebView2.Core |
| 104 | +{ |
| 105 | + runtimeclass CoreWebView2Profile |
| 106 | + { |
| 107 | + // ... |
| 108 | + [interface_name("Microsoft.Web.WebView2.Core.ICoreWebView2Profile12")] |
| 109 | + { |
| 110 | + // ICoreWebView2Profile12 members |
| 111 | + Boolean EnhancedSecurityMode { get; set; }; |
| 112 | + } |
| 113 | + } |
| 114 | +} |
| 115 | +``` |
0 commit comments