Sandboxed AI-Generated HTML Security

AI-generated HTML can contain scripts, forms, links, external assets, and hidden assumptions. BinHTML treats that output as untrusted generated content and gives it an artifact workflow instead of treating it like a production website.

Last reviewed: 2026-06-22

Short answer

BinHTML renders generated HTML in a sandboxed iframe without same-origin access to BinHTML, uses a sandbox CSP on preview content, keeps artifact and project share pages noindex, and separates source access, versions, expiry, and revocation from public website deployment.

Turn generated HTML into a managed BinHTML link with sandboxed rendering, source access, versions, and projects.

Threat model

Generated HTML should be reviewed as untrusted code. It may include JavaScript, forms, downloads, links, image beacons, external fonts, third-party scripts, or copied snippets that the user did not inspect closely.

The practical risk is not only cross-site scripting. A generated artifact can mislead reviewers, load external resources, expose pasted secrets, or be mistaken for a maintained first-party website.

  • malicious or accidental script behavior
  • external network requests from embedded assets
  • secret or customer-data leakage in source
  • confusion between review artifacts and public websites

Sandboxed rendering

BinHTML renders shared HTML inside a sandboxed iframe. The sandbox allows generated reports and prototypes to remain interactive while preventing the frame from receiving same-origin access to BinHTML.

The preview content route also sends a sandbox Content Security Policy. That keeps generated HTML on a separate rendering path from the BinHTML app shell, dashboard, docs, and discovery pages.

Visibility and indexing

New artifact writes support private or unlisted visibility, not public website indexing. Unlisted is for anyone-with-link review; private is for owner-only access where the plan supports it.

Artifact share pages under /a/* and project share pages under /p/* are marked noindex, nofollow, and noarchive. Public discovery happens through product pages, docs, comparison pages, blog posts, LLM files, OpenAPI, and MCP metadata instead.

Source access and lifecycle controls

Source download is explicit and owner-gated from the dashboard and API response links. That lets owners inspect generated HTML without making the source a public search asset.

Versions let owners replace generated HTML while preserving the share URL. Expiry, revocation, and project grouping give generated artifacts a review lifecycle instead of a permanent website lifecycle.

Safe publishing checklist

Before publishing generated HTML, remove secrets, API keys, private URLs, credentials, customer data, and unnecessary external scripts. Check whether the recipient needs rendered preview access, source access, or a full deployment.

Use a website deployment platform instead when the output needs a custom domain, production monitoring, server routes, authentication, persistent databases, or public SEO indexing.

Comparison

AreaBinHTML artifact securityWebsite deployment security
Default assumptionGenerated HTML is untrusted artifact content for review.The site is an owned web property maintained over time.
Rendering boundarySandboxed iframe and sandbox CSP on preview content.Application routes, deployment config, and site-wide security headers.
Indexing postureArtifact and project share links are noindex by default.Public pages are often intended to be indexed and discovered.
LifecycleVersions, expiry, revocation, source access, and project grouping.Branches, deploys, domains, logs, auth, databases, and rollback workflows.

FAQ

Is sandboxed AI-generated HTML completely safe?

No. Sandboxing reduces what generated HTML can do to BinHTML, but owners should still review source, remove sensitive data, and avoid unnecessary external scripts before sharing.

Why does BinHTML allow scripts in the sandbox?

Many useful generated artifacts need JavaScript for charts, filters, controls, and interactive prototypes. BinHTML keeps those artifacts sandboxed without same-origin access rather than treating them as trusted app code.

Why are artifact and project pages noindex?

They are direct collaboration links, not public website pages. BinHTML keeps generated artifacts out of search results by default and uses public product, docs, comparison, blog, and LLM pages for discovery.

When should I use a deployment platform instead?

Use a deployment platform when the generated output is meant to become a public website, needs a custom domain, requires backend behavior, or should be part of a production release workflow.

Sources