Go to file

Will Chen 1c0255ab12 Enable iframe sandbox (#1178 )

This allows almost all the iframe sandbox tokens
https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/iframe#sandbox
except notably for allow-top-navigation*

Note: allow-same-origin should be OK because the main window is under
the `file://` origin while the iframe window is served on
`localhost:####`

    
<!-- This is an auto-generated description by cubic. -->
---

## Summary by cubic
Enable sandboxing on the preview iframe to isolate preview content while
preserving needed capabilities (allow-same-origin, scripts, forms,
popups, modals, orientation/pointer lock, presentation, downloads).
Top-level navigation remains disallowed; allow-same-origin is safe
because the app is file:// and the iframe runs on localhost.

<!-- End of auto-generated description by cubic. -->

2025-09-03 14:17:50 -07:00

.cursor/rules

allow creating and listing custom language model (#134 )

2025-05-12 16:00:16 -07:00

.devcontainer

Create devcontainer.json (#766 )

2025-08-05 14:20:36 -07:00

.github

Switch back to anthropic (#1135 )

2025-08-29 21:35:09 -07:00

.husky

Add prettier hook & contribution guide (#105 )

2025-05-06 23:15:56 -07:00

assets

Use new dyad icons (#1157 )

2025-09-01 21:33:44 -07:00

docs

architecture (#1052 )

2025-08-22 22:51:16 -07:00

drizzle

Prompt gallery (#957 )

2025-08-18 13:25:11 -07:00

e2e-tests

Enable iframe sandbox (#1178 )

2025-09-03 14:17:50 -07:00

packages/@dyad-sh

Click to edit UI (#385 )

2025-06-11 13:05:27 -07:00

scaffold

Add vercel.json for default React vite.js template (#755 )

2025-07-31 15:17:47 -07:00

scripts

Fix verify release assets (#699 )

2025-07-23 21:02:43 -07:00

shared

Show code snippet in fix problems (#745 )

2025-07-30 16:03:17 -07:00

src

Enable iframe sandbox (#1178 )

2025-09-03 14:17:50 -07:00

testing/fake-llm-server

Add Azure OpenAI Custom Model Integration (#1001 )

2025-08-30 20:47:25 -07:00

tools

Add macOS cert for release workflow

2025-04-14 23:56:11 -07:00

worker

Fix proxy server: remove URL param so it doesn't interfere with Next.js (#753 )

2025-07-31 15:18:37 -07:00

workers/tsc

Show code snippet in fix problems (#745 )

2025-07-30 16:03:17 -07:00

.cursorignore

Initial open-source release

2025-04-11 09:38:16 -07:00

.env.example

feat: add .env.example for local development (#831 )

2025-08-11 10:15:52 -07:00

.eslintrc.json

Initial open-source release

2025-04-11 09:38:16 -07:00

.gitattributes

Make CI run cross-platform (#295 )

2025-06-03 13:04:16 -07:00

.gitignore

Boilerplate free tests (#277 )

2025-05-28 22:55:54 -07:00

.oxlintrc.json

Support astro & other common FE file extensions (#489 )

2025-06-24 22:23:20 -07:00

.prettierignore

Boilerplate free tests (#277 )

2025-05-28 22:55:54 -07:00

.prettierrc

Run prettier on everything (#104 )

2025-05-06 23:02:28 -07:00

biome.json

Run prettier on everything (#104 )

2025-05-06 23:02:28 -07:00

components.json

Run prettier on everything (#104 )

2025-05-06 23:02:28 -07:00

CONTRIBUTING.md

Update missing direction creation (#1146 )

2025-09-01 21:24:46 -07:00

drizzle.config.ts

DB paths working on mac now

2025-04-11 10:21:05 -07:00

forge.config.ts

Bump to v0.14.0 and forge: prerelease (#704 )

2025-07-24 10:53:48 -07:00

forge.env.d.ts

Initial open-source release

2025-04-11 09:38:16 -07:00

index.html

update title (#263 )

2025-05-27 15:59:13 -07:00

LICENSE

Add License and README

2025-04-15 16:19:29 -07:00

merge.config.ts

Shard E2E tests (#941 )

2025-08-14 13:48:27 -07:00

package-lock.json

Enable iframe sandbox (#1178 )

2025-09-03 14:17:50 -07:00

package.json

Bump to v0.19.0 (stable) (#1161 )

2025-09-02 09:45:38 -07:00

playwright.config.ts

Shard E2E tests (#941 )

2025-08-14 13:48:27 -07:00

README.md

Update README.md (#908 )

2025-08-11 15:37:34 -07:00

SECURITY.md

Add security policy for supported versions and reporting (#1166 )

2025-09-02 16:03:49 -07:00

tsconfig.app.json

Improve check error performance by off-loading to worker thread w/ incremental compilation (#575 )

2025-07-07 12:47:33 -07:00

tsconfig.json

Initial open-source release

2025-04-11 09:38:16 -07:00

tsconfig.node.json

Initial open-source release

2025-04-11 09:38:16 -07:00

vite.main.config.mts

Prep for custom models: support reading custom providers (#131 )

2025-05-12 14:52:48 -07:00

vite.preload.config.mts

Run prettier on everything (#104 )

2025-05-06 23:02:28 -07:00

vite.renderer.config.mts

Initial open-source release

2025-04-11 09:38:16 -07:00

vite.worker.config.mts

Improve check error performance by off-loading to worker thread w/ incremental compilation (#575 )

2025-07-07 12:47:33 -07:00

vitest.config.ts

Initial open-source release

2025-04-11 09:38:16 -07:00

README.md

Dyad

Dyad is a local, open-source AI app builder. It's fast, private, and fully under your control — like Lovable, v0, or Bolt, but running right on your machine.

More info at: http://dyad.sh/

🚀 Features

⚡️ Local: Fast, private and no lock-in.
🛠 Bring your own keys: Use your own AI API keys — no vendor lock-in.
🖥️ Cross-platform: Easy to run on Mac or Windows.

📦 Download

No sign-up required. Just download and go.

👉 Download for your platform

🤝 Community

Join our growing community of AI app builders on Reddit: r/dyadbuilders - share your projects and get help from the community!

🛠️ Contributing

Dyad is open-source (Apache 2.0 licensed).

If you're interested in contributing to dyad, please read our contributing doc.

README.md Unescape Escape

Dyad

🚀 Features

📦 Download

👉 Download for your platform

🤝 Community

🛠️ Contributing

README.md