- User input may contain sensitive data (credentials, PII, keys)
- Third-party plugins may be untrusted
- Risks: data exfiltration (network), DoS (infinite loop), XSS in UI, supply-chain compromise
Operations run inside a Web Worker:
- No DOM access
- Network APIs (
fetch,XHR,WebSocket) overridden to throw at runtime AbortSignal+ hard worker termination for timeouts/DoS
Set these HTTP headers on your server:
Content-Security-Policy:
default-src 'none';
script-src 'self' 'wasm-unsafe-eval';
style-src 'self';
img-src 'self' data:;
worker-src 'self';
connect-src 'none';
base-uri 'none';
object-src 'none';
frame-ancestors 'none'
Recommended companion headers for the static workbench runtime:
X-Content-Type-Options: nosniffX-Frame-Options: DENYReferrer-Policy: no-referrerPermissions-Policy: accelerometer=(), camera=(), microphone=(), payment=()Cross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-origin
The shipped container image enforces these headers in docker/nginx/default.conf, and pnpm docker:test
verifies them during image smoke validation.
'wasm-unsafe-eval' is intentionally enabled so browser-safe hashing fallbacks based on WebAssembly
can run when WebCrypto.subtle is unavailable.
- pnpm v10: use
allow-buildsallowlist for trusted native dependencies - Commit
pnpm-lock.yamlto the repository - Dependabot for automated dependency updates
- CodeQL for static analysis (JavaScript/TypeScript)
eval()andnew Function()are forbidden in production code- ESLint rule
no-evalenforced - Dynamic
import()from user-controlled strings is forbidden
Open a GitHub issue with label security or contact maintainers privately.
Do not publish vulnerability details before a fix is available.