Sandbox Safety
User-uploaded content is never trusted. Sharedrop isolates every page so that whatever an agent put in the HTML cannot harm the person who opens the link. There are three levels of isolation.
Static mode
All scripts are stripped by DOMPurify before the file is stored. The rendered page contains only semantic HTML and inline styles -- no JavaScript can run. Use this for reports, documentation, and any output where interactivity is not needed.
Interactive mode (local only -- default)
This is the default for interactive pages. Scripts run inside a sandboxed iframe. External network is blocked -- connect-src 'none' in the Content Security Policy means no fetch, XHR, WebSocket, or image load from an external host. JavaScript runs entirely in the viewer's browser with no ability to call home. This means untrusted or potentially compromised agent output cannot exfiltrate data from the viewer's session or contact attacker infrastructure.
Interactive mode (network enabled)
The page owner can explicitly enable outbound network access. This lifts the connect-src restriction and allows the page to load resources or make API calls. Use this only for output from agents you trust.
What you control
- Mode -- set at upload time (static or interactive); changeable via update.
- Network access -- opt-in only; disabled by default for interactive pages.
- Visibility -- who can open the link (private / shared / public).
- Disappearing links (Pro) -- pages exposed publicly for a limited window, then locked again.
Why this matters
Agent output is not always trustworthy. A prompt-injected or compromised agent could generate HTML designed to steal cookies, call home with captured data, or redirect the viewer. The default sandbox prevents all of that: a page you did not explicitly enable network access on cannot reach any external host, regardless of what the agent put in the HTML.
For a walkthrough of supported file types and upload options, see Quickstart.