LiveForge is currently maintained as a browser-based open-source project.
Security updates are applied to the latest version available on the main branch.
| Version | Supported |
|---|---|
Latest main branch |
Yes |
| Older revisions | No |
Please do not publicly disclose a suspected security vulnerability before it has been reviewed.
If you discover a potential vulnerability:
- Open the repository's Security tab.
- Use GitHub's private vulnerability reporting feature if it is available.
- Provide a clear description of the issue.
- Include steps to reproduce the vulnerability.
- Explain the potential impact.
- Include screenshots or proof-of-concept details when appropriate.
Repository:
https://github.com/Anu261105/realtime-html-css-javascript-editor
A useful security report should contain:
- Affected component
- Vulnerability description
- Reproduction steps
- Expected behavior
- Actual behavior
- Potential impact
- Browser and operating system
- Suggested mitigation, if known
LiveForge executes user-provided HTML, CSS and JavaScript inside a browser preview environment.
The project uses a sandboxed iframe to help separate previewed code from the main editor interface. Contributors should carefully review changes involving:
- iframe sandbox permissions
srcdocrenderingpostMessagecommunication- new-tab preview behavior
- user-generated JavaScript execution
- browser storage
- external dependencies
- dynamic HTML injection
Please allow reasonable time for a reported vulnerability to be investigated and addressed before public disclosure.
Thank you for helping keep LiveForge and its users safe.