Security
1771 Technologies implements comprehensive security measures to ensure the safe integration of LyteNyte Grid within your web applications.
This guide outlines key security considerations when using LyteNyte Grid.
These guidelines apply to both the free Core edition and the commercial PRO edition.
Content Security Policy
LyteNyte Grid may require specific Content Security Policy (CSP) settings. If you need background on CSP, see the MDN article on Content Security Policy.
Style Source CSP
To enable LyteNyte Grid's full feature set, the style-src directive in your CSP
must include unsafe-inline. This directive supports advanced layout and
virtualization features. Add the following tag to your HTML if your framework does not already provide it:
<metahttp-equiv="Content-Security-Policy"content="default-src 'self'; style-src 'self' 'unsafe-inline';"/>
Add this tag only if you use a custom meta framework. Popular frameworks such as Vite, React Router, TanStack Start, and Next.js already provide the necessary tags.
LyteNyte Grid requires unsafe-inline, but its implementation of inline styles
is designed to minimize risk. Inline styles can contribute to XSS
vulnerabilities when used improperly. LyteNyte Grid mitigates these risks through:
- Sanitization: All style definitions are validated before use to prevent malicious content.
- Controlled Execution Context: Inline styles are generated only within tightly controlled internal logic.
- Content Isolation: Dynamically created elements avoid sensitive parts of the DOM and prevent script execution.
- Framework Compatibility: Frameworks commonly paired with LyteNyte Grid include additional mechanisms that safely handle inline styles.
These protections allow LyteNyte Grid to use inline styles without compromising your
application's security. Many modern frameworks also include unsafe-inline in their CSP defaults for similar reasons.
Secure Data Transportation
LyteNyte Grid runs entirely in the browser. It does not perform any server communication. Your application is responsible for retrieving and securing all data before passing it to the grid.
Avoidance of Attack Vectors
LyteNyte Grid avoids JavaScript features commonly associated with security exploits:
- The code base never uses
eval, and future versions will not introduce it. - LyteNyte Grid does not modify the
prototypechain of any object. - The library has no external dependencies, ensuring that no third-party code is downloaded during installation.
We actively monitor and work to keep our codebase free of vulnerabilities, continuously enhancing our defenses against new threats. If you discover a security issue, email support@1771technologies.com. Our team will address the issue promptly.
Telemetry and Remote Checks
LyteNyte Grid does not collect telemetry and performs no remote validation checks. The library works entirely offline and supports sandboxed environments. No firewall configuration is required.
Next Steps
- Bundling & Tree Shaking: Learn the best way to include LyteNyte Grid in your bundle.
- Supported Browsers: Review which browsers LyteNyte Grid supports.
- Grid Versioning: Understand LyteNyte Grid's versioning strategy and how to update your package safely.
Bundling & Tree Shaking
LyteNyte Grid takes full advantage of automatic tree shaking, ensuring your final bundle includes only the components you use. This guide explains best practices to help your bundler exclude unused code.
Supported Browsers
LyteNyte Grid is designed to work seamlessly across all popular desktop and mobile browsers. Our comprehensive testing ensures consistent functionality and performance across these supported platforms.