- Issue created by @hooroomoo
- 🇺🇸United States effulgentsia
Editing the JS code of code components requires a
restrict accesspermission, so using non-sandboxed iframes for the various previews isn't a vulnerability, but sandboxing them would help add extra defense against some privilege escalation vectors, so switching the tag from Security to "Security improvements".However, I'm still tagging this as a beta blocker as well, because we want early adopters able to run the beta in production, and this would help provide extra confidence for doing so.
