A proof-of-concept URL path interpolation library written in Rust compiled to vanilla WebAssembly (wasm32-unknown-unknown) with no bindings to a specific operating system, architecture, or host language runtime
Note that this library alone is not sufficient for handling arbitrary user input, but may be used in conjunction with other checks, restrictions, etc.
// - Example host usage
// - Dynamic (interpolated) portions are percent-encoded in accordance with
// RFC 3986
// - Static portions are percent-encoded in accordance with RFC 3986 except
// for the slash (solidus)
url_path!("/user/{user_id}/product/{product_id}")`;
// \____/\_______/\_______/\__________/
// \ \ \ \
// \ \ \ - fully encoded
// \ \ - fully encoded except for slashes
// \ - fully encoded
// - fully encoded except for slashes- The emphasis of this project is on the agnostic library concept
- URL path interpolation was simply top-of-mind because I was thinking about SSRF prevention at the same time
- Not production ready
- Despite list usage, this is not LLM-generated; I've been writing in this style since before it was popularized
- Libraries generally can't be shared across different architectures, operating systems, and/or language runtimes, leading to an explosion of implementations, even for things that have well-defined specifications
- WASM runtimes are available for a wide variety of languages
- Writing your own WASM runtime can mostly be done within a conference talk
- This aims to prove that one can have a single implementation of a library that works across the boundaries mentioned above
- Proof-of-concept of:
safe-url-paths-rust/: A URL path interpolation library written in Rust that targets WASM in a runtime-agnostic mannersafe-url-paths-java/: A Java application using the Chicory WASM runtime to consume the librarysafe-url-paths-python/: A Python application using the Wasmtime WASM runtime to consume the library
- The path interpolation is written in a specific style where there are both static and dynamic components
- The main difference between the two is that slashes are not percent-encoded in static portions; for example:
- The target use case is contexts where custom interpolation handlers are supported
- Scala's custom interpolators
- Rust via a macro similar to
format! - JavaScript's tagged template literals
- Performance is worse than using the host language directly
- Each host must implement packing/unpacking for data that crosses the WASM boundary and back
- The implementation is good enough for the examples, but could use more serious thought
- More complicated libraries may be harder or impossible to implement with this approach
- It's not a silver bullet, but the concept may resemble a shiny, gray projectile for some use cases
- Absolutely not
- RFC 3986: Uniform Resource Identifier (URI): Generic Syntax
- WebAssembly Specification — WebAssembly 3.0 (2025-11-22)
- Wasmtime: A fast and secure runtime for WebAssembly
- Chicory: A JVM native WebAssembly runtime
- Server-side request forgery - Wikipedia
- A Talk Near the Future of Python (a.k.a., Dave live-codes a WebAssembly Interpreter) - YouTube
- Initially implemented in November 2024
- Cleaned up and opened up in November 2025
- © 2024-2025 Tim Walter
- Mozilla Public License 2.0