Describe the feature
The current extension loader (apps/desktop/src/api/PluginManager.ts:73-88) evaluates index.js via new Function(...) inside the main webview, giving every extension full access to window.trixty, window.React and any Tauri IPC the webview can reach. Combined with withGlobalTauri: true and no CSP, this is effectively unrestricted RCE at the level of the IDE process.
Proposed feature:
- Load each extension inside an isolated Web Worker (or iframe sandbox with
sandbox="allow-scripts" and no same-origin).
- Expose a narrow, async, typed IPC bridge between worker ↔ host based on an explicit capability manifest in
package.json (e.g. capabilities: ["read-file", "workspace:search"]).
- Prompt the user (once per extension install) to approve capabilities.
- Remove direct access to
window.trixty and React from inside extension code.
This is a foundational change that gates most of the extensibility roadmap and closes the highest-severity class of vulnerabilities.
Would you like to implement this feature yourself by sending a PR?
Maybe
Describe the feature
The current extension loader (
apps/desktop/src/api/PluginManager.ts:73-88) evaluatesindex.jsvianew Function(...)inside the main webview, giving every extension full access towindow.trixty,window.Reactand any Tauri IPC the webview can reach. Combined withwithGlobalTauri: trueand no CSP, this is effectively unrestricted RCE at the level of the IDE process.Proposed feature:
sandbox="allow-scripts"and no same-origin).package.json(e.g.capabilities: ["read-file", "workspace:search"]).window.trixtyand React from inside extension code.This is a foundational change that gates most of the extensibility roadmap and closes the highest-severity class of vulnerabilities.
Would you like to implement this feature yourself by sending a PR?
Maybe