1.0.0-alpha.23

• Disabled implicit auto-connection to WS server by default
• Reworked sandbox init:
  • UI is loading into a sandboxed frame with allow-scripts allow-forms allow-popups allow-modals features enabled. That prevents access to data storage/cookies and some JavaScript APIs from UI scripts (because allow-same-origin is not enabled) but puts UI scripts in the same conditions across environments (e.g. a regular page, a page in "incognito mode", a devtools page etc).
  • Added sandboxSrc option for createSandbox() to specify a sandbox page URL, needed to define a specific origin e.g. in devtools
  • Added rempl/sanbox-init endpoint which exposes a code to inject into a sandbox page to init UI scripts, e.g.

    <!DOCTYPE html>
    <script>
      import { initSandboxScript } from 'rempl/sandbox-init';
      initSandboxScript();
    </script>