# Security Hardening dev-0.7.1

This milestone continues the dev-0.7.0 security hardening work and focuses on package validation and runtime rendering safety.

## Implemented

- `.uctlx` package reader rejects unsafe entry paths, absolute paths, drive-letter paths and `..` path segments.
- `.uctlx` package reader enforces a maximum entry count to reduce package abuse risk.
- Manifest validation warns about non-standard handler paths and rejects non-standard content paths.
- Runtime image URLs are filtered to safe schemes.
- Runtime HTML Block content is escaped by default and sanitized when author-controlled HTML is explicitly enabled.
- Script validation now also reports component-level HTML / URL hazards.

## Still intentionally restricted

- Stored handler code is data at load time and is not auto-executed.
- Script execution remains available only in explicit Test Run / Runtime paths with Host-approved options.
- RestrictedScriptRunner is not a complete browser sandbox. A future milestone should evaluate iframe sandbox or Worker-based isolation for stronger production deployments.
