Security Design Document

This document is planned but not yet written.

See the Design Overview for scope.

Planned topics:

• XSS prevention
• WebSocket security
• Callback validation
• State isolation
• Session security
• CSRF
• Input validation
• Deserialization safety
• Native API exposure (desktop)
• Sandboxing (playground)