> You've got some ancient C or C++ source code for the parser, but it hasn't been vetted for security or denial-of-service issues. Compile it to WASM, run it in an isolated runtime, and you can be confident that it won't be able to escape its sandbox

This is not just a theory: according to https://hacks.mozilla.org/2021/12/webassembly-and-back-again... Firefox does exactly that trick with five of its C or C++ dependencies.