How does Tailor manage the security risk of injected JavaScript manipulating the DOM?

Tailor's serving script executes a set of preconfigured actions, for example text, image, and link swaps, against elements identified during editing. It also supports AI-generated styling, direct editing of HTML for certain elements, and configured callback logic for analytics event firing to platforms such as GA4.

Because of that, the relevant security controls are around access control, scoped rollout, auditability, domain validation, and operational safeguards, rather than describing the system as purely declarative-only.

Each serving payload is validated server-side before delivery, and domain-to-org mapping is enforced so an organization can only serve changes to its own domains. The script is also designed to fail safely: logic is wrapped in error handling so failures do not break the host page, duplicate execution is guarded against, and URL validation helps ensure changes are only applied on the intended pages.

In an account-compromise scenario, the blast radius is limited to that organization's own experiments and pages. It would not allow cross-org access. This is similar to the risk model used by other visual experimentation tools that apply controlled DOM changes client-side.

All experiment changes, including creation, deletion, ramping, and deramping, are logged with timestamps and user attribution in the Tailor dashboard.