From ecc60f6a8ce2490e78558f1afa0ddaa011394c2f Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Thu, 29 Aug 2024 20:26:59 -0400
Subject: [PATCH] document Vanadium blocking dynamic native code exec

---
 static/features.html | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/static/features.html b/static/features.html
index b48ee8e4..50aa1ffe 100644
--- a/static/features.html
+++ b/static/features.html
@@ -954,6 +954,8 @@
                         <li>Strict site isolation and sandboxed iframes</li>
                         <li>JavaScript JIT disabled by default with per-site toggle via drop-down
                         permission menu</li>
+                        <li>Dynamic code execution is blocked when the JIT is enabled as an
+                        extension to the seccomp-bpf sandbox</li>
                         <li>Native Android autofill implementation to avoid needing sandboxed Google
                         Play for autofill support</li>
                         <li>WebGPU disabled for attack surface reduction</li>