Cool project but watch out for security risks #1
Description
This package compiles and executes user-provided Svelte code at runtime with no apparent sandboxing or security measures?
Users can:
- Execute arbitrary JavaScript
- Access browser APIs (localStorage, cookies, fetch, etc.)
- Steal sensitive data from other users
- Perform XSS attacks
- Access and manipulate your application's state
The README should show:
- Input sanitization
- Code validation
- Sandboxing mechanisms
- CSP (Content Security Policy) considerations
- Security best practices