Flow Studio
Widget Security
Sandboxing, Content Security Policy, and the widget permission model — ensuring third-party widget bundles cannot compromise the platform.
Sandbox Policies
| Policy | Sandbox Attributes | Use When |
|---|---|---|
Standard | allow-scripts, allow-same-origin | Platform-built widgets |
Restricted | allow-scripts (no same-origin) | Third-party widgets |
Strict | allow-scripts only (most restrictive) | Untrusted/community widgets |
Content Security Policy
Widget pages are served with a strict CSP that only allows scripts from explicitly allowlisted domains. The BundleUrl's origin must be added to the platform's widget script-src allowlist:
Content-Security-Policy:
script-src 'self' https://cdn.bizfirstai.com https://cdn.acme.com;
frame-ancestors 'self';
connect-src 'self' https://api.bizfirstai.com;Permission Model
Which widgets a tenant can use is controlled by NodeCapabilityPolicy at the capability level, plus an optional widget-specific allowlist:
{
"tenantId": "tenant-acme",
"allowedWidgets": ["data-approval-widget", "my-risk-scorer"],
"blockedWidgets": ["map-location-picker"]
}Interaction Data Validation
Before resuming the workflow, the backend validates the interaction data against the widget's declared InteractionSchema. This ensures a malicious or buggy widget cannot inject arbitrary data into the workflow memory:
var def = _registry.GetWidget(task.WidgetId);
var validationResult = _schemaValidator.Validate(request.InteractionData, def.InteractionSchema);
if (!validationResult.IsValid)
return BadRequest(new { errors = validationResult.Errors });
Third-party bundle security: Treat third-party widget bundles with the same caution as npm packages. Review the bundle's source, verify the CDN domain is trusted, and use the
Restricted or Strict sandbox policy. Never grant platform-level DOM access to unknown bundles.