6 Repos
Techniques for restricting the execution environment of scripts to prevent access to sensitive APIs or data.
Distinguishing note: Focuses on runtime environment restrictions for client-side code, distinct from server-side security.
Explore 6 awesome GitHub repositories matching security & cryptography · Execution Sandboxing. Refine with filters or upvote what's useful.
Appsmith is a low-code platform designed for building internal business tools, such as operational dashboards and administrative panels. It enables developers to construct dynamic user interfaces by dragging and dropping modular widgets onto a canvas and binding them directly to backend data sources. The platform utilizes a reactive framework that automatically updates interface elements and triggers functions whenever underlying data or widget properties change, eliminating the need for manual event handling. The platform distinguishes itself through a server-side proxy architecture that exe
Limits DOM access and cookie exposure to secure client-side script execution.
Chromium is an open-source browser platform that provides the foundational codebase for building cross-platform web browsers. At its core, it functions as a web browser engine that interprets standard web technologies to render interactive content and manage the complex lifecycle of web page navigation. The project utilizes a multi-process architecture that separates the browser interface from rendering engines into distinct operating system processes. This design ensures application stability by preventing a single tab crash from affecting the entire browser. Security is maintained through s
Executes web content in restricted subprocesses to prevent malicious code from accessing sensitive host resources.
Claude Quickstarts is a development framework and collection of reference implementations designed for building autonomous agents. It provides the foundational patterns necessary to orchestrate multi-agent workflows, enabling models to perform complex, multi-step tasks across software engineering, customer support, and computer-use domains. The platform distinguishes itself through specialized capabilities for desktop and browser automation, allowing agents to interact with graphical interfaces by capturing visual context and executing precise mouse and keyboard inputs. It includes robust inf
Restricts agent operations to isolated filesystem directories and enforces command allowlists to prevent unauthorized host access.
PeerTube is a decentralized, open-source video hosting platform that enables users to operate independent, interoperable servers. By utilizing the ActivityPub protocol, it connects these servers into a global, federated network where users can follow channels, discover content, and interact across different instances. The platform is designed to function as a self-hosted video content management system, providing a community-driven alternative to centralized media services. What distinguishes PeerTube is its hybrid approach to content delivery and infrastructure management. It integrates peer
Restricts process access to system devices and sensitive directories to minimize the security impact of a potential service compromise.
Liquid is a secure template engine and markup language used to generate dynamic HTML or text by combining static templates with backend data. It functions as a web template renderer that transforms markup into final output while restricting available logic to prevent arbitrary code execution. The engine focuses on secure markup execution, providing a restricted environment where user-provided templates cannot access sensitive system data. It utilizes a safe evaluation sandbox to ensure that only a predefined set of instructions can be executed. The system includes capabilities for template s
Restricts template operations to a predefined set of safe instructions to prevent arbitrary code execution.
HybridCLR is a hybrid C# execution engine and assembly loader designed for Unity. It provides a system for hot-updating C# logic across all platforms at runtime without requiring the application to be rebuilt or reinstalled. The project is distinguished by its mixed-mode execution, which runs unmodified code at native speed while using a high-performance interpreter for updated functions. It includes a generic type resolver that allows hot-updated code to use generic classes and functions regardless of whether they were pre-instantiated in the main binary. To protect proprietary source code,
Implements access control policies to limit the capabilities of external code and mitigate security risks.