It runs each sandboxed plugin inside its own dynamic worker, with a separate bridge worker to enforce permissions. The worker only has access to its permitted APIs.
replythe bridge worker as permission enforcement is a solid pattern - the plugin can't escalate by calling APIs directly, everything goes through the bridge. the edge case I'd be curious about is plugin-to-plugin interaction. if two plugins share state through a permitted API, does the bridge enforce granular enough boundaries there, or does the trust model flatten at that layer?
reply