Security

Evaluating user-defined code in the main browser process introduces a large attack surface, as such Glide has taken the following precautions:

1. The config is evaluated inside a sandbox with its own JS realm.
2. Browser UI DOM modifications are supported through a bi-directional Document mirror, meaning the config is never given the original Document that renders the browser UI.

These two factors mean that the config evaluation is isolated from the code running in the main process powering the rest of the browser preventing it from modifying any internal state.

Please email [email protected].