Skip to content

add API spec: IsEnhancedSecurityModeEnabled #5407

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 7 commits into
base: api-IsEnhancedSecurityModeEnabled
Choose a base branch
from
+130 −0
Open

add API spec: IsEnhancedSecurityModeEnabled #5407

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
e37a275
add API spec: IsEnhancedSecurityModeEnabled
GittyHarsha Oct 27, 2025
dac498c
spec improvements
GittyHarsha Oct 28, 2025
eb5b444
address comments
GittyHarsha Oct 30, 2025
711b317
use level instead of state
GittyHarsha Oct 31, 2025
7f7c435
rename property name
GittyHarsha Oct 31, 2025
4fd61f1
delete IsEnhancedSecurityModeEnabled.md
GittyHarsha Oct 31, 2025
752b04c
rename property name and doc improvements
GittyHarsha Nov 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
130 changes: 130 additions & 0 deletions specs/IsEnhancedSecurityModeEnabled.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
IsEnhancedSecurityModeEnabled
===

# Background

Enhanced Security Mode (ESM) is a Microsoft Edge security feature that reduces
the risk of memory-related vulnerabilities by disabling JavaScript Just-in-Time
(JIT) compilation and enabling additional operating system protections.

In WebView2, ESM is off by default to avoid performance impact. You can enable
ESM for stricter security when rendering untrusted sites. While this improves
security, it may reduce JavaScript performance.

In Microsoft Edge, ESM offers two levels:

- Balanced – Enhanced security is used for unfamiliar sites based on browser usage patterns.
- Strict – Enhanced security is used for all sites.

![image](https://github.com/MicrosoftEdge/WebView2Feedback/assets/82386753/35977716-e46c-4257-82da-906b0c6f833e)

Unlike Microsoft Edge, WebView2 does not support the heuristic-based "Balanced"
level; only Off and Strict are available.
Copy link
Contributor

@oldnewthing oldnewthing Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a possibility that such a mixed mode could arrive in the future? E.g. SetEnhancedSecurityModeExemptDomains("contoso.com") which lets you say "Turn on ESM for all non-contoso sites"?

Could be

enum CoreWebView2EnhancedSecurityMode
{
    Off,
    On,
   // future: OnForUntrustedDomains
}

runtimeclass CoreWebView2Profile
{
    CoreWebView2EnhancedSecurityMode EnhancedSecurityMode { get; set; }
}

?

Copy link
Contributor

@oldnewthing oldnewthing Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right now, ESM does two things. Suppose that we later think of a third thing. Would we

  1. Add it to the things you get when you enable ESM
  2. Make it another tier of ESM that apps have to opt into [IsEnhancedSecurityMode =very true]
  3. Make it an entirely separate feature (Super-Secure Mode) that apps have to opt into separately from ESM

Copy link
Contributor

@FrankC-msft FrankC-msft Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My expectation based on reading "enabling additional OS protections" is that a third thing could already quietly light up when ESM is on.

If we create this as an enum to make it extensible, should probably be { Off, Strict } (instead of "On") since 3rd+ values (e.g. "Balanced" being supported) would be different flavors of "on".


Today, the ESM level in WebView2 can be set only at environment creation by using
the `--sdsm-state` browser feature flag ([webview2 browser flag docs](https://learn.microsoft.com/en-us/microsoft-edge/webview2/concepts/webview-features-flags?tabs=dotnetcsharp)).
The setting applies globally to all profiles and cannot be changed at runtime.

This proposal introduces an API to enable or disable ESM and persist the configuration
for a WebView2 profile within the user data folder.

## CoreWebView2Profile.IsEnhancedSecurityModeEnabled
Enables or disables Enhanced Security Mode (ESM) for all WebView2 instances
sharing the same profile. This property value is persisted for a WebView2
profile in the user data folder. The default value is false.

- true: ESM enabled in Strict level: Enhanced security is used for all sites.
- false: ESM level is Off.

> Changes apply to future navigations; reload may be required.
# Examples

## IsEnhancedSecurityModeEnabled

Enable Enhanced Security Mode for a profile.

```c#
void EnableEnhancedSecurityMode()
{
var profile = webView2.CoreWebView2.Profile;
if (!profile.IsEnhancedSecurityModeEnabled)
{
profile.IsEnhancedSecurityModeEnabled = true;
MessageBox.Show(this,
"Enhanced Security Mode (Strict) enabled for this profile. Reload pages to apply.",
"Enhanced Security Mode");
}
}
```

```cpp
void EnableEnhancedSecurityMode()
{
wil::com_ptr<ICoreWebView2_13> webView2_13;
webView2_13 = m_webView.try_query<ICoreWebView2_13>();

if (webView2_13)
{
wil::com_ptr<ICoreWebView2Profile> profile;
CHECK_FAILURE(webView2_13->get_Profile(&profile));

auto profile12 = profile.try_query<ICoreWebView2Profile12>();
if (profile12)
{
CHECK_FAILURE(profile12->put_IsEnhancedSecurityModeEnabled(TRUE));
MessageBox(nullptr,
L"Enhanced Security Mode (Strict) enabled. Reload pages to apply.",
L"Enhanced Security Mode", MB_OK);
}
}
}
```

# API Details

```c#
/// Extension of ICoreWebView2Profile to control Enhanced Security Mode (ESM) level.
///
/// ESM reduces the risk of memory-related vulnerabilities by disabling JavaScript
/// Just-in-Time (JIT) compilation and enabling additional OS protections.
/// This property applies to all WebView2 instances sharing the same profile and
/// is persisted in the user data folder.
///
/// Default: false. ESM level is Off.
///
/// true: Enables ESM in Strict level for all sites.
/// false: ESM level is Off.
///
/// Notes:
/// - Changes apply to future navigations; reload may be required.
/// - Enabling ESM improves security but may reduce JavaScript performance.
///
/// See: https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-security-browse-safer
///
///
[uuid(d5b781db-0a75-5f9c-85b1-40fa814fcea7), object, pointer_default(unique)]
interface ICoreWebView2Profile12 : IUnknown {
/// Gets whether Enhanced Security Mode is enabled for this profile.
[propget] HRESULT IsEnhancedSecurityModeEnabled([out, retval] BOOL* value);

/// Enables or disables Enhanced Security Mode for this profile.
/// See notes above for behavior and performance impact.
[propput] HRESULT IsEnhancedSecurityModeEnabled([in] BOOL value);
}
```

```c#
namespace Microsoft.Web.WebView2.Core
{
runtimeclass CoreWebView2Profile
{
// ...
[interface_name("Microsoft.Web.WebView2.Core.ICoreWebView2Profile12")]
{
// ICoreWebView2Profile12 members
Boolean IsEnhancedSecurityModeEnabled { get; set; };
}
}
}
```