How does Playcanvas protect against malicious JS code? The platform has the functionality of uploading experiences/games in the form of JS files.
These files which were then downloaded by users and run in the function. The danger of this solution is the inability to check what we are actually running in the case of -i.e. could be some serious JS code. Another name for this protection is XSS, are there any hidden protections?
PlayCanvas is a framework for rendering content in WebGL context. Everything else, like user data handling, website protocol certificates, database access, etc. is up to developer. PlayCanvas is not aware of those and doesn’t involve in any part of it. It is your responsibility as a developer to handle the security as much or as little as you want.
For projects hosted on PlayCanvas servers is a nonce generated from the server for scripts and stylesheets?
I know how to do that on my own server, but do files created and run on your servers allow for this?