diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..b0d4e0c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,69 @@
+# Security Policy
+
+## Content Security Policy
+
+All public HTML pages in this project set a `Content-Security-Policy` meta tag.
+The policy is intentionally strict and follows these principles:
+
+### `script-src` — no bare `'self'`
+
+Allowing `script-src 'self'` permits any script file served from the same origin
+to execute, including any accidentally committed debug script or a compromised
+static asset.  Instead, each page uses the minimum required permission:
+
+| Page | Approach | Rationale |
+|------|----------|-----------|
+| `index.html` | `'none'` | No script is loaded |
+| `demos.html` | `'none'` | No script is loaded |
+| `gallery.html` | `'none'` | No script is loaded |
+| `demo.html` | SHA-256 hash + `'strict-dynamic'` | Restricts execution to the single known inline bootstrap import |
+
+#### Hash-based policy for `demo.html`
+
+`demo.html` boots the application with a single inline module:
+
+```html
+<script type="module">import '/src/main.ts'</script>
+```
+
+The SHA-256 hash of that exact inline content (`import '/src/main.ts'`) is
+pre-computed and embedded in the `script-src` directive:
+
+```
+script-src 'sha256-NDWEjzGVmgdl6gIijt3W2YpACKUzjdbNjuRCLQIRDKo=' 'strict-dynamic'
+```
+
+`'strict-dynamic'` propagates the trust granted by the hash to any modules
+dynamically imported by that script (i.e. the rest of the application bundle).
+**`demo.html` requires `'strict-dynamic'` support to function correctly.**
+Without it, the browser will allow the inline bootstrap script (whose hash
+matches) but block its `import '/src/main.ts'` call, because no host source
+such as `'self'` is present to authorize the external module load.  All browsers
+that support WebGL 2.0 also support `'strict-dynamic'` (Chrome 52+, Firefox 52+,
+Safari 15.4+), so this is not a practical limitation for this project.
+
+#### Recomputing the hash
+
+If the inline bootstrap script ever changes, recompute the hash with:
+
+```bash
+printf "import '/src/main.ts'" | openssl dgst -sha256 -binary | base64
+```
+
+Replace the `sha256-…` value in `demo.html` with the new output.
+
+### Other directives
+
+| Directive | Value | Reason |
+|-----------|-------|--------|
+| `object-src` | `'none'` | Disables Flash and other plug-in content |
+| `base-uri` | `'self'` | Prevents base-tag hijacking |
+| `default-src` | `'self'` | Safe fallback for unlisted resource types |
+| `connect-src` | `'self' ws://localhost:* …` | Permits Vite HMR WebSocket in development |
+| `unsafe-eval` | absent | Disallows `eval()` and similar constructs |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in this project, please open a GitHub
+issue with the label **security**.  For sensitive reports you may contact the
+maintainers directly via the repository's GitHub profile.
diff --git a/demo.html b/demo.html
index 2b533bd..a8174c5 100644
--- a/demo.html
+++ b/demo.html
@@ -4,7 +4,7 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta http-equiv="Content-Security-Policy"
-      content="default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; connect-src 'self' ws://localhost:* wss://localhost:* ws://127.0.0.1:* wss://127.0.0.1:*; object-src 'none'; base-uri 'self';" />
+      content="default-src 'self'; script-src 'sha256-NDWEjzGVmgdl6gIijt3W2YpACKUzjdbNjuRCLQIRDKo=' 'strict-dynamic'; style-src 'self'; img-src 'self' data:; connect-src 'self' ws://localhost:* wss://localhost:* ws://127.0.0.1:* wss://127.0.0.1:*; object-src 'none'; base-uri 'self';" />
     <meta
       name="description"
       content="Interactive microgl demo scene showcasing WebGL 2.0 rendering, ECS systems, and camera controls."
@@ -13,6 +13,6 @@
     <link rel="stylesheet" href="/src/styles/theme.css" />
   </head>
   <body>
-    <script type="module" src="/src/main.ts"></script>
+    <script type="module">import '/src/main.ts'</script>
   </body>
 </html>
diff --git a/demos.html b/demos.html
index 9eadcb7..45d52ba 100644
--- a/demos.html
+++ b/demos.html
@@ -4,7 +4,7 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta http-equiv="Content-Security-Policy"
-      content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' ws://localhost:* wss://localhost:* ws://127.0.0.1:* wss://127.0.0.1:*; object-src 'none'; base-uri 'self';" />
+      content="default-src 'self'; script-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' ws://localhost:* wss://localhost:* ws://127.0.0.1:* wss://127.0.0.1:*; object-src 'none'; base-uri 'self';" />
     <meta
       name="description"
       content="Browse microgl technical demos including ECS stress tests, orbital camera interactions, and render loop examples."
diff --git a/gallery.html b/gallery.html
index 1430401..51c3b68 100644
--- a/gallery.html
+++ b/gallery.html
@@ -4,7 +4,7 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta http-equiv="Content-Security-Policy"
-      content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' ws://localhost:* wss://localhost:* ws://127.0.0.1:* wss://127.0.0.1:*; object-src 'none'; base-uri 'self';" />
+      content="default-src 'self'; script-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' ws://localhost:* wss://localhost:* ws://127.0.0.1:* wss://127.0.0.1:*; object-src 'none'; base-uri 'self';" />
     <meta
       name="description"
       content="microgl gallery page listing upcoming WebGL 2.0 scenes and technical showcase previews."
diff --git a/index.html b/index.html
index 4fa8700..d802c58 100644
--- a/index.html
+++ b/index.html
@@ -4,7 +4,7 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta http-equiv="Content-Security-Policy"
-      content="default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; connect-src 'self' ws://localhost:* wss://localhost:* ws://127.0.0.1:* wss://127.0.0.1:*; object-src 'none'; base-uri 'self';" />
+      content="default-src 'self'; script-src 'none'; style-src 'self'; img-src 'self' data:; connect-src 'self' ws://localhost:* wss://localhost:* ws://127.0.0.1:* wss://127.0.0.1:*; object-src 'none'; base-uri 'self';" />
     <meta
       name="description"
       content="microgl homepage presenting a minimal WebGL 2.0 engine with ECS architecture and gl-matrix utilities."
diff --git a/package-lock.json b/package-lock.json
index c06240b..ef99198 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "microgl",
-  "version": "1.1.13",
+  "version": "1.1.14",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "microgl",
-      "version": "1.1.13",
+      "version": "1.1.14",
       "license": "MIT",
       "dependencies": {
         "gl-matrix": "^3.4.4"
diff --git a/package.json b/package.json
index 604ad00..565cb8d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "microgl",
-  "version": "1.1.13",
+  "version": "1.1.14",
   "type": "module",
   "description": "Minimalist WebGL 2.0 3D rendering engine based on an ECS architecture, with support for glTF 2.0 and strict TypeScript.",
   "scripts": {
diff --git a/src/core/GltfLoader.ts b/src/core/GltfLoader.ts
index 2191756..4789401 100644
--- a/src/core/GltfLoader.ts
+++ b/src/core/GltfLoader.ts
@@ -35,6 +35,8 @@ const GLB_CHUNK_JSON = 0x4E4F534A;
 const GLB_CHUNK_BIN = 0x004E4942;
 const UTF8_DECODER = new TextDecoder();
 const MAX_JSON_BUFFER_BYTES = 64 * 1024 * 1024;
+/** Maximum URI length accepted in strict mode (guards against excessively long URIs that could cause resource exhaustion). */
+const MAX_URI_LENGTH = 2048;
 
 /**
  * Deep-clone arbitrary JSON-like data into "data-only" structures:
@@ -126,15 +128,40 @@ function safeParseGltfJson(text: string): GltfAsset {
 export interface GltfLoaderOptions {
   /**
    * Callback invoked to resolve external buffer URIs referenced by the glTF asset.
-   * Receives the raw URI string and must return the corresponding binary data.
+   * Receives a URI string that the loader has attempted to percent-decode and must
+   * return the corresponding binary data. If the URI contains invalid percent-encoding,
+   * decoding may fail and the original (possibly still percent-encoded) URI string
+   * will be passed to this callback.
    * Required when loading plain `.gltf` files that reference external `.bin` files.
+   *
+   * **Security warning**: the URI received by this callback has already been validated
+   * and normalization / percent-decoding have been applied on a best-effort basis by
+   * the loader. Do not perform additional URI resolution or decoding inside this
+   * callback — doing so may re-introduce path-traversal or SSRF vulnerabilities that
+   * the loader's validation was designed to prevent.
    */
   resolveUri?: (uri: string) => Promise<ArrayBuffer>;
   /**
-   * Maximum accepted byte size for a plain JSON glTF payload.
+   * Maximum accepted raw byte length for a JSON glTF payload (plain `.gltf`) or
+   * the JSON chunk of a GLB file, checked before UTF-8 decoding.
+   *
    * Defaults to 64 MiB. Raise this value only when loading unusually large assets.
    */
   maxJsonBufferBytes?: number;
+  /**
+   * Maximum accepted approximate in-memory UTF-16 heap footprint of the decoded
+   * JSON string (`text.length * 2`), checked before `JSON.parse` is called.
+   * Enforced for both plain `.gltf` payloads and the JSON chunk of GLB files.
+   *
+   * Because a JavaScript string stores each code unit as two bytes (UTF-16), a
+   * 64 MiB ASCII JSON buffer decodes to a string with a ~128 MiB heap footprint.
+   * Setting this separately from `maxJsonBufferBytes` lets callers tune raw-byte
+   * and heap-footprint limits independently.
+   *
+   * Defaults to twice `maxJsonBufferBytes` (128 MiB). Raise this value only when
+   * loading unusually large assets.
+   */
+  maxJsonStringBytes?: number;
   /**
    * When `true`, each VEC3 normal vector is re-normalized to unit length after
    * loading. Useful when the source asset was exported with non-unit normals.
@@ -228,16 +255,28 @@ function wrapGltfError(prefix: string, cause: unknown): Error {
  */
 export function parseContainer(
   buffer: ArrayBuffer,
-  options?: Pick<GltfLoaderOptions, 'maxJsonBufferBytes'>,
+  options?: Pick<GltfLoaderOptions, 'maxJsonBufferBytes' | 'maxJsonStringBytes'>,
 ): {
   json: GltfAsset;
   binChunk: ArrayBuffer | undefined;
 } {
   const header = new DataView(buffer);
   const maxJsonBufferBytes = options?.maxJsonBufferBytes ?? MAX_JSON_BUFFER_BYTES;
+  const maxJsonStringBytes = options?.maxJsonStringBytes ?? maxJsonBufferBytes * 2;
+
+  if (!Number.isFinite(maxJsonBufferBytes) || maxJsonBufferBytes < 0) {
+    throw new RangeError(
+      `maxJsonBufferBytes must be a finite non-negative number (got ${maxJsonBufferBytes}).`,
+    );
+  }
+  if (!Number.isFinite(maxJsonStringBytes) || maxJsonStringBytes < 0) {
+    throw new RangeError(
+      `maxJsonStringBytes must be a finite non-negative number (got ${maxJsonStringBytes}).`,
+    );
+  }
 
   if (buffer.byteLength >= 12 && header.getUint32(0, true) === GLB_MAGIC) {
-    return parseGlb(buffer);
+    return parseGlb(buffer, maxJsonBufferBytes, maxJsonStringBytes);
   }
 
   // Treat the whole buffer as UTF-8 JSON
@@ -248,6 +287,13 @@ export function parseContainer(
     );
   }
   const text = UTF8_DECODER.decode(buffer);
+  // Approximate heap usage of the decoded UTF-16 string (2 bytes per code unit)
+  if (text.length * 2 > maxJsonStringBytes) {
+    throw new Error(
+      `JSON glTF string too large (~${text.length * 2} UTF-16 bytes). ` +
+      `Maximum supported decoded size is ${maxJsonStringBytes} bytes.`,
+    );
+  }
   const json = safeParseGltfJson(text);
   return { json, binChunk: undefined };
 }
@@ -255,7 +301,11 @@ export function parseContainer(
 /**
  * Parse a GLB (binary glTF) container according to the glTF 2.0 spec §5.
  */
-function parseGlb(buffer: ArrayBuffer): {
+function parseGlb(
+  buffer: ArrayBuffer,
+  maxJsonBufferBytes: number,
+  maxJsonStringBytes: number,
+): {
   json: GltfAsset;
   binChunk: ArrayBuffer | undefined;
 } {
@@ -275,11 +325,29 @@ function parseGlb(buffer: ArrayBuffer): {
     if (chunkLength === 0) {
       throw new Error(`Invalid chunk length: ${chunkLength}`);
     }
+    if (offset + 8 + chunkLength > buffer.byteLength) {
+      throw new Error(
+        `GLB chunk at offset ${offset} extends beyond end of file ` +
+        `(chunk needs ${offset + 8 + chunkLength} bytes, file is ${buffer.byteLength} bytes).`,
+      );
+    }
     const chunkType = view.getUint32(offset + 4, true);
     const chunkData = buffer.slice(offset + 8, offset + 8 + chunkLength);
 
     if (chunkType === GLB_CHUNK_JSON) {
+      if (chunkData.byteLength > maxJsonBufferBytes) {
+        throw new Error(
+          `GLB JSON chunk too large (${chunkData.byteLength} bytes). ` +
+          `Maximum supported size is ${maxJsonBufferBytes} bytes.`,
+        );
+      }
       const text = UTF8_DECODER.decode(chunkData);
+      if (text.length * 2 > maxJsonStringBytes) {
+        throw new Error(
+          `GLB JSON chunk string too large (~${text.length * 2} UTF-16 bytes). ` +
+          `Maximum supported decoded size is ${maxJsonStringBytes} bytes.`,
+        );
+      }
       json = safeParseGltfJson(text);
     } else if (chunkType === GLB_CHUNK_BIN) {
       binChunk = chunkData;
@@ -361,11 +429,19 @@ function validateExternalUri(uri: string, bufferIndex: number, strict?: boolean)
     );
   }
 
-  if (strict && !candidates.every((v) => /^[A-Za-z0-9._\-/]+$/.test(v))) {
-    throw new Error(
-      `Buffer ${bufferIndex}: external URI "${uri}" contains characters not permitted in strict mode. ` +
-      `Only alphanumeric characters, dots, hyphens, underscores, and forward slashes are allowed.`,
-    );
+  if (strict) {
+    if (candidates.some((v) => v.length > MAX_URI_LENGTH)) {
+      const len = Math.max(...candidates.map((v) => v.length));
+      throw new Error(
+        `Buffer ${bufferIndex}: URI exceeds maximum allowed length in strict mode (len=${len}, max=${MAX_URI_LENGTH}).`,
+      );
+    }
+    if (!candidates.every((v) => /^[A-Za-z0-9._\-/]+$/.test(v))) {
+      throw new Error(
+        `Buffer ${bufferIndex}: external URI "${uri}" contains characters not permitted in strict mode. ` +
+        `Only alphanumeric characters, dots, hyphens, underscores, and forward slashes are allowed.`,
+      );
+    }
   }
 }
 
@@ -398,6 +474,40 @@ async function resolveBuffers(
     }
   };
 
+  /**
+   * Fully percent-decode a URI in a bounded loop.
+   *
+   * This prevents double-encoded traversal/scheme payloads from slipping
+   * through validation when consumers perform an additional decode.
+   *
+   * If further decoding would fail (malformed escape sequences), the last
+   * successfully decoded value is used. After the loop, if the string still
+   * contains percent-encoded bytes, the URI is rejected as suspicious.
+   */
+  const fullyDecodeUri = (uri: string, maxIterations = 5): string => {
+    let current = uri;
+    for (let i = 0; i < maxIterations; i++) {
+      let decoded: string;
+      try {
+        decoded = decodeURIComponent(current);
+      } catch {
+        // Stop decoding on failure and use the last valid value.
+        break;
+      }
+      if (decoded === current) {
+        break;
+      }
+      current = decoded;
+    }
+    // If there are still percent-encoded octets present, treat as suspicious.
+    if (/%[0-9a-fA-F]{2}/.test(current)) {
+      throw new Error(
+        `Rejected suspicious percent-encoded URI after decoding: ${JSON.stringify(current)}`,
+      );
+    }
+    return current;
+  };
+
   let binChunkConsumed = false;
   for (let i = 0; i < gltfBuffers.length; i++) {
     const buf = gltfBuffers[i];
@@ -433,8 +543,15 @@ async function resolveBuffers(
             `Buffer ${i} references external URI "${buf.uri}" but no resolveUri callback was provided.`,
           );
         }
+        // Validate the original URI as authored in the glTF asset.
         validateExternalUri(buf.uri, i, options?.strict);
-        const externalBuffer = await resolveUri(buf.uri);
+        // Fully percent-decode the URI in a bounded loop so that any traversal
+        // or scheme payload only expressed after multiple decodes is exposed.
+        const fullyDecodedUri = fullyDecodeUri(buf.uri);
+        // Validate the fully decoded form as well, since this is what will be
+        // passed to the resolveUri callback and potentially used by consumers.
+        validateExternalUri(fullyDecodedUri, i, options?.strict);
+        const externalBuffer = await resolveUri(fullyDecodedUri);
         assertByteLength(externalBuffer, buf.byteLength, i);
         resolved.push(externalBuffer);
       }
diff --git a/src/core/ShaderCache.ts b/src/core/ShaderCache.ts
index 66daa9e..89b5d52 100644
--- a/src/core/ShaderCache.ts
+++ b/src/core/ShaderCache.ts
@@ -6,6 +6,9 @@
 import { createShader, createProgram } from './ShaderUtils';
 
 export class ShaderCache {
+  /** Maximum allowed length (in characters) for an explicit cache key. */
+  static readonly MAX_KEY_LENGTH = 512;
+
   private static readonly FNV1A_OFFSET_BASIS = 0x811c9dc5;
   // Second independent seed for the verification hash.  Chosen as the next
   // published 32-bit FNV offset basis candidate so the two hashes are
@@ -64,6 +67,31 @@ export class ShaderCache {
     return `fnv1a2-${ShaderCache.fnv1aSources(vertSrc, fragSrc, ShaderCache.FNV1A_OFFSET_BASIS_2)}`;
   }
 
+  /**
+   * Compute a compact, fixed-length cache key for a single GLSL source string
+   * using a composite of two independent 32-bit FNV-1a hashes so the raw
+   * source is never stored as a Map key while achieving ~64-bit effective
+   * collision resistance.
+   */
+  private static hashShaderSource(source: string): string {
+    const primary = ShaderCache.fnv1aSources(source, '', ShaderCache.FNV1A_OFFSET_BASIS);
+    const secondary = ShaderCache.fnv1aSources(source, '', ShaderCache.FNV1A_OFFSET_BASIS_2);
+    return `fnv1a-shader-${primary}-${secondary}`;
+  }
+
+  /**
+   * Throws a {@link RangeError} if `key` is defined and exceeds
+   * {@link MAX_KEY_LENGTH}. Call this at the top of every public method that
+   * accepts an optional explicit key.
+   */
+  private static assertKeyLength(key: string | undefined): void {
+    if (key !== undefined && key.length > ShaderCache.MAX_KEY_LENGTH) {
+      throw new RangeError(
+        `ShaderCache: explicit key exceeds maximum length of ${ShaderCache.MAX_KEY_LENGTH} characters.`,
+      );
+    }
+  }
+
   /** key → compiled WebGLShader */
   private readonly shaders: Map<string, WebGLShader> = new Map();
 
@@ -93,10 +121,11 @@ export class ShaderCache {
    *
    * @param type `gl.VERTEX_SHADER` or `gl.FRAGMENT_SHADER`
    * @param source GLSL source code
-   * @param key Optional cache key. Defaults to the source string itself.
+   * @param key Optional cache key. Defaults to an FNV-1a hash of the source string.
    */
   getShader(type: number, source: string, key?: string): WebGLShader {
-    const cacheKey = key ?? source;
+    ShaderCache.assertKeyLength(key);
+    const cacheKey = key ?? ShaderCache.hashShaderSource(source);
     const existing = this.shaders.get(cacheKey);
     if (existing) return existing;
 
@@ -116,6 +145,7 @@ export class ShaderCache {
   getProgram(vertexSource: string, fragmentSource: string, key?: string): WebGLProgram {
     // Explicit-key path: bypass auto-hashing entirely.
     if (key !== undefined) {
+      ShaderCache.assertKeyLength(key);
       const existing = this.programs.get(key);
       if (existing !== undefined) return existing;
       return this.compileAndCache(vertexSource, fragmentSource, key, undefined);
@@ -171,8 +201,8 @@ export class ShaderCache {
     cacheKey: string,
     secondaryKey: string | undefined,
   ): WebGLProgram {
-    const vertexShaderKey = vertexSource;
-    const fragmentShaderKey = fragmentSource;
+    const vertexShaderKey = ShaderCache.hashShaderSource(vertexSource);
+    const fragmentShaderKey = ShaderCache.hashShaderSource(fragmentSource);
     const vsPreExisted = this.shaders.has(vertexShaderKey);
     const fsPreExisted = this.shaders.has(fragmentShaderKey);
     let vs: WebGLShader;
@@ -233,7 +263,10 @@ export class ShaderCache {
    *   hash string; for explicitly-keyed programs it is the supplied `key` value.
    */
   getProgramKey(vertexSource: string, fragmentSource: string, key?: string): string {
-    if (key !== undefined) return key;
+    if (key !== undefined) {
+      ShaderCache.assertKeyLength(key);
+      return key;
+    }
     const hashKey = ShaderCache.hashSources(vertexSource, fragmentSource);
     const secondaryKey = ShaderCache.hashSources2(vertexSource, fragmentSource);
     const collisionKey = `${hashKey}:${secondaryKey}`;
diff --git a/tests/csp.test.ts b/tests/csp.test.ts
index dd7841e..865cd5f 100644
--- a/tests/csp.test.ts
+++ b/tests/csp.test.ts
@@ -1,3 +1,4 @@
+import { createHash } from 'node:crypto';
 import { readFileSync } from 'node:fs';
 import { describe, expect, it } from 'vitest';
 
@@ -46,4 +47,40 @@ describe('Content-Security-Policy', () => {
       expect(csp).toContain("base-uri 'self'");
     }
   });
+
+  it("does not use a bare 'self' in script-src without a complementary nonce or hash", () => {
+    for (const path of pagePaths) {
+      const html = readFileSync(new URL(path, import.meta.url), 'utf8');
+      const csp = extractCspContent(html);
+      if (csp === null) throw new Error(`${path} must have a CSP meta tag`);
+      const scriptSrcMatch = csp.match(/script-src\s+([^;]+)/);
+      if (scriptSrcMatch === null) continue;
+      const scriptSrc = scriptSrcMatch[1];
+      if (scriptSrc.includes("'self'")) {
+        const hasNonce = /'nonce-[^']+'/.test(scriptSrc);
+        const hasHash = /'sha(?:256|384|512)-[^']+'/.test(scriptSrc);
+        expect(
+          hasNonce || hasHash,
+          `${path} uses bare 'self' in script-src without a nonce or hash`,
+        ).toBe(true);
+      }
+    }
+  });
+
+  it('CSP hash in demo.html matches the actual inline bootstrap script content', () => {
+    const demoPath = new URL('../demo.html', import.meta.url);
+    const html = readFileSync(demoPath, 'utf8');
+    const csp = extractCspContent(html);
+    if (csp === null) throw new Error('demo.html must have a CSP meta tag');
+
+    const scriptMatch = html.match(/<script[^>]*type="module"[^>]*>([\s\S]*?)<\/script>/);
+    expect(scriptMatch, 'demo.html must contain an inline <script type="module"> element').not.toBeNull();
+    const scriptContent = scriptMatch![1];
+
+    const expectedHash = createHash('sha256').update(scriptContent, 'utf8').digest('base64');
+    expect(
+      csp,
+      `demo.html CSP hash is stale — recompute with: printf "<content>" | openssl dgst -sha256 -binary | base64`,
+    ).toContain(`'sha256-${expectedHash}'`);
+  });
 });
diff --git a/tests/gltf.test.ts b/tests/gltf.test.ts
index d56f9a6..3788f58 100644
--- a/tests/gltf.test.ts
+++ b/tests/gltf.test.ts
@@ -173,6 +173,59 @@ describe('parseContainer', () => {
     expect(() => parseContainer(oversized)).toThrow(/payload too large/);
   });
 
+  it('rejects decoded JSON string exceeding maxJsonStringBytes before JSON.parse is called', () => {
+    const json = JSON.stringify(minimalGltf()); // pure ASCII: buf.byteLength == json.length
+    const buf = new TextEncoder().encode(json).buffer as ArrayBuffer;
+    const parseSpy = vi.spyOn(JSON, 'parse');
+    try {
+      // maxJsonStringBytes less than text.length * 2: the byte check passes, but
+      // the decoded-string guard fires. JSON.parse must never be reached.
+      try {
+        parseContainer(buf, { maxJsonStringBytes: json.length });
+      } catch {
+        // expected — the decoded-string guard fired
+      }
+      expect(parseSpy).not.toHaveBeenCalled();
+    } finally {
+      parseSpy.mockRestore();
+    }
+
+    // With maxJsonStringBytes >= text.length * 2, both guards pass and parsing succeeds.
+    expect(() => parseContainer(buf, { maxJsonStringBytes: json.length * 2 })).not.toThrow();
+  });
+
+  it('maxJsonBufferBytes and maxJsonStringBytes are independent limits', () => {
+    const json = JSON.stringify(minimalGltf()); // pure ASCII
+    const buf = new TextEncoder().encode(json).buffer as ArrayBuffer;
+    // Buffer within maxJsonBufferBytes but string too large:
+    expect(() =>
+      parseContainer(buf, { maxJsonBufferBytes: json.length, maxJsonStringBytes: json.length }),
+    ).toThrow(/string too large/);
+    // Buffer too large regardless of string limit:
+    expect(() =>
+      parseContainer(buf, { maxJsonBufferBytes: json.length - 1 }),
+    ).toThrow(/payload too large/);
+  });
+
+  it('rejects GLB JSON chunk exceeding maxJsonBufferBytes', () => {
+    const glb = buildGlb(minimalGltf());
+    // Read the first chunk's length directly from the GLB header (bytes 12-15, little-endian).
+    // This is the actual on-disk byte length of the JSON chunk, independent of re-stringify.
+    const jsonChunkBytes = new DataView(glb).getUint32(12, true);
+    expect(() =>
+      parseContainer(glb, { maxJsonBufferBytes: jsonChunkBytes - 1 }),
+    ).toThrow(/GLB JSON chunk too large/);
+  });
+
+  it('rejects GLB JSON chunk decoded string exceeding maxJsonStringBytes', () => {
+    const glb = buildGlb(minimalGltf());
+    // text.length * 2 for a pure-ASCII JSON string equals json.length * 2.
+    // Setting maxJsonStringBytes to 0 ensures the guard fires.
+    expect(() =>
+      parseContainer(glb, { maxJsonStringBytes: 0 }),
+    ).toThrow(/GLB JSON chunk string too large/);
+  });
+
   it('parses GLB container with JSON + BIN chunks', () => {
     const { json: srcJson, bin } = triangleAsset();
     const glb = buildGlb(srcJson, bin);
@@ -215,6 +268,52 @@ describe('parseContainer', () => {
     expect(() => parseContainer(glb)).toThrow(/Invalid chunk length/);
   });
 
+  it('throws when GLB chunk extends beyond end of file', () => {
+    // Build a GLB with a JSON chunk header that claims more bytes than remain.
+    // Header: magic(4) + version(4) + totalLength(4) + chunkLen(4) + chunkType(4) = 28 bytes total,
+    // but chunkLen is set to 100 so offset+8+100 > 28.
+    const glb = new ArrayBuffer(28);
+    const view = new DataView(glb);
+    view.setUint32(0, 0x46546C67, true); // magic
+    view.setUint32(4, 2, true);          // version 2
+    view.setUint32(8, 28, true);         // total length
+    view.setUint32(12, 100, true);       // chunk length — exceeds file
+    view.setUint32(16, 0x4E4F534A, true); // JSON chunk type
+
+    expect(() => parseContainer(glb)).toThrow(/extends beyond end of file/);
+  });
+
+  it('throws RangeError when maxJsonBufferBytes is NaN', () => {
+    const buf = jsonToBuffer(minimalGltf());
+    expect(() => parseContainer(buf, { maxJsonBufferBytes: NaN })).toThrow(RangeError);
+    expect(() => parseContainer(buf, { maxJsonBufferBytes: NaN })).toThrow(
+      /maxJsonBufferBytes must be a finite non-negative number/,
+    );
+  });
+
+  it('throws RangeError when maxJsonBufferBytes is Infinity', () => {
+    const buf = jsonToBuffer(minimalGltf());
+    expect(() => parseContainer(buf, { maxJsonBufferBytes: Infinity })).toThrow(RangeError);
+  });
+
+  it('throws RangeError when maxJsonBufferBytes is negative', () => {
+    const buf = jsonToBuffer(minimalGltf());
+    expect(() => parseContainer(buf, { maxJsonBufferBytes: -1 })).toThrow(RangeError);
+  });
+
+  it('throws RangeError when maxJsonStringBytes is NaN', () => {
+    const buf = jsonToBuffer(minimalGltf());
+    expect(() => parseContainer(buf, { maxJsonStringBytes: NaN })).toThrow(RangeError);
+    expect(() => parseContainer(buf, { maxJsonStringBytes: NaN })).toThrow(
+      /maxJsonStringBytes must be a finite non-negative number/,
+    );
+  });
+
+  it('throws RangeError when maxJsonStringBytes is negative', () => {
+    const buf = jsonToBuffer(minimalGltf());
+    expect(() => parseContainer(buf, { maxJsonStringBytes: -1 })).toThrow(RangeError);
+  });
+
   it('throws when GLB has no JSON chunk', () => {
     // Build a GLB header with no chunks following
     const glb = new ArrayBuffer(12);
@@ -1019,7 +1118,7 @@ describe('loadGltf', () => {
     const buffer = jsonToBuffer(minimalGltf());
 
     await expect(loadGltf(buffer, { maxJsonBufferBytes: 1 })).rejects.toThrow(/payload too large/);
-    await expect(loadGltf(buffer, { maxJsonBufferBytes: buffer.byteLength })).resolves.toMatchObject({
+    await expect(loadGltf(buffer, { maxJsonBufferBytes: buffer.byteLength * 2 })).resolves.toMatchObject({
       meshes: [],
       nodes: [],
     });
@@ -1127,6 +1226,39 @@ describe('loadGltf', () => {
     expect(resolveUri).not.toHaveBeenCalled();
   });
 
+  it('rejects URI exceeding 2048 characters in strict mode', async () => {
+    const { json, bin } = triangleAsset();
+    // Build a 2049-character URI using only allowed characters so it would pass
+    // the allowlist regex — only the length cap should trigger the rejection.
+    const longUri = 'a'.repeat(2045) + '.bin';
+    json.buffers = [{ uri: longUri, byteLength: bin.byteLength }];
+    const buffer = jsonToBuffer(json);
+    const resolveUri = vi.fn().mockResolvedValue(bin);
+    await expect(loadGltf(buffer, { resolveUri, strict: true })).rejects.toThrow(/exceeds maximum allowed length in strict mode/);
+    expect(resolveUri).not.toHaveBeenCalled();
+  });
+
+  it('allows URI exactly at 2048 characters in strict mode', async () => {
+    const { json, bin } = triangleAsset();
+    const exactUri = 'a'.repeat(2044) + '.bin';
+    json.buffers = [{ uri: exactUri, byteLength: bin.byteLength }];
+    const buffer = jsonToBuffer(json);
+    const resolveUri = vi.fn().mockResolvedValue(bin);
+    await expect(loadGltf(buffer, { resolveUri, strict: true })).resolves.toMatchObject({ meshes: expect.any(Array) });
+    expect(resolveUri).toHaveBeenCalledWith(exactUri);
+  });
+
+  it('does not apply URI length cap in non-strict mode', async () => {
+    const { json, bin } = triangleAsset();
+    // URI longer than 2048 chars but with only safe relative characters
+    const longUri = 'a'.repeat(2045) + '.bin';
+    json.buffers = [{ uri: longUri, byteLength: bin.byteLength }];
+    const buffer = jsonToBuffer(json);
+    const resolveUri = vi.fn().mockResolvedValue(bin);
+    await expect(loadGltf(buffer, { resolveUri })).resolves.toMatchObject({ meshes: expect.any(Array) });
+    expect(resolveUri).toHaveBeenCalledWith(longUri);
+  });
+
   it('rejects URL-encoded path traversal URI "%2e%2e%2fetc%2fpasswd"', async () => {
     const { json, bin } = triangleAsset();
     json.buffers = [{ uri: '%2e%2e%2fetc%2fpasswd', byteLength: bin.byteLength }];
@@ -1199,6 +1331,26 @@ describe('loadGltf', () => {
     expect(resolveUri).toHaveBeenCalledWith('my file.bin');
   });
 
+  it('passes percent-decoded URI to resolveUri callback for safe encoded URIs', async () => {
+    const { json, bin } = triangleAsset();
+    // %6d%6f%64%65%6c%73%2ftriangle%2ebin decodes to "models/triangle.bin"
+    json.buffers = [{ uri: '%6d%6f%64%65%6c%73%2ftriangle%2ebin', byteLength: bin.byteLength }];
+    const buffer = jsonToBuffer(json);
+    const resolveUri = vi.fn().mockResolvedValue(bin);
+    await expect(loadGltf(buffer, { resolveUri })).resolves.toMatchObject({ meshes: expect.any(Array) });
+    // The callback must receive the decoded form, not the raw percent-encoded string
+    expect(resolveUri).toHaveBeenCalledWith('models/triangle.bin');
+  });
+
+  it('rejects encoded bypass "%2e%2e/secret" before it reaches the resolveUri callback', async () => {
+    const { json, bin } = triangleAsset();
+    json.buffers = [{ uri: '%2e%2e/secret', byteLength: bin.byteLength }];
+    const buffer = jsonToBuffer(json);
+    const resolveUri = vi.fn().mockResolvedValue(bin);
+    await expect(loadGltf(buffer, { resolveUri })).rejects.toThrow(/Only relative paths without traversal/);
+    expect(resolveUri).not.toHaveBeenCalled();
+  });
+
   it('handles meshes with normals and UVs', async () => {
     // 3 vertices × (3 pos + 3 normal + 2 uv) = 3×8 = 24 floats = 96 bytes
     // 3 indices = 6 bytes
@@ -2114,4 +2266,12 @@ describe('GltfLoaderOptions JSDoc', () => {
   it('strict JSDoc documents the false default value', () => {
     expect(gltfLoaderSource).toContain('(default) in production');
   });
+
+  it('resolveUri JSDoc warns consumers not to perform additional URI resolution', () => {
+    expect(gltfLoaderSource).toContain('Do not perform additional URI resolution');
+  });
+
+  it('resolveUri JSDoc documents that the URI is percent-decoded before being passed', () => {
+    expect(gltfLoaderSource).toContain('percent-decoded');
+  });
 });
diff --git a/tests/shader.test.ts b/tests/shader.test.ts
index 14c8c63..7ae37ea 100644
--- a/tests/shader.test.ts
+++ b/tests/shader.test.ts
@@ -214,6 +214,27 @@ describe('ShaderCache', () => {
     expect(gl.createShader).toHaveBeenCalledTimes(1);
   });
 
+  it('uses a hash string, not the raw source, as the default shader cache key', () => {
+    let shaderId = 0;
+    (gl.createShader as ReturnType<typeof vi.fn>).mockImplementation(
+      () => ({ __shaderId: shaderId++ }) as unknown as WebGLShader,
+    );
+
+    // First call without an explicit key caches under a hash-derived key.
+    const s1 = cache.getShader(gl.VERTEX_SHADER, 'void main(){}');
+
+    // A second call with the same source returns the cached shader (hash hit).
+    const s2 = cache.getShader(gl.VERTEX_SHADER, 'void main(){}');
+    expect(s1).toBe(s2);
+    expect(gl.createShader).toHaveBeenCalledTimes(1);
+
+    // Passing the raw source string as an explicit key is a different slot:
+    // the hash key !== the source string, so a new shader is compiled.
+    const s3 = cache.getShader(gl.VERTEX_SHADER, 'void main(){}', 'void main(){}');
+    expect(s3).not.toBe(s1);
+    expect(gl.createShader).toHaveBeenCalledTimes(2);
+  });
+
   it('supports a custom cache key for getProgram', () => {
     const p1 = cache.getProgram('v', 'f', 'prog-key');
     const p2 = cache.getProgram('v', 'f', 'prog-key');
@@ -635,6 +656,54 @@ describe('ShaderCache', () => {
     vi.restoreAllMocks();
   });
 
+  // -------------------------------------------------------------------------
+  // Explicit key length validation
+  // -------------------------------------------------------------------------
+
+  describe('explicit key length validation', () => {
+    const overKey = 'x'.repeat(ShaderCache.MAX_KEY_LENGTH + 1);
+    const exactKey = 'x'.repeat(ShaderCache.MAX_KEY_LENGTH);
+
+    it('getProgram throws RangeError when explicit key exceeds MAX_KEY_LENGTH', () => {
+      expect(() => cache.getProgram('v', 'f', overKey)).toThrow(RangeError);
+      expect(() => cache.getProgram('v', 'f', overKey)).toThrow(
+        /ShaderCache: explicit key exceeds maximum length of \d+ characters\./,
+      );
+    });
+
+    it('getProgram accepts an explicit key of exactly MAX_KEY_LENGTH characters', () => {
+      expect(() => cache.getProgram('v', 'f', exactKey)).not.toThrow();
+    });
+
+    it('getShader throws RangeError when explicit key exceeds MAX_KEY_LENGTH', () => {
+      expect(() => cache.getShader(gl.VERTEX_SHADER, 'void main(){}', overKey)).toThrow(RangeError);
+      expect(() => cache.getShader(gl.VERTEX_SHADER, 'void main(){}', overKey)).toThrow(
+        /ShaderCache: explicit key exceeds maximum length of \d+ characters\./,
+      );
+    });
+
+    it('getShader accepts an explicit key of exactly MAX_KEY_LENGTH characters', () => {
+      expect(() => cache.getShader(gl.VERTEX_SHADER, 'void main(){}', exactKey)).not.toThrow();
+    });
+
+    it('getProgramKey throws RangeError when explicit key exceeds MAX_KEY_LENGTH', () => {
+      expect(() => cache.getProgramKey('v', 'f', overKey)).toThrow(RangeError);
+      expect(() => cache.getProgramKey('v', 'f', overKey)).toThrow(
+        /ShaderCache: explicit key exceeds maximum length of \d+ characters\./,
+      );
+    });
+
+    it('getProgramKey accepts an explicit key of exactly MAX_KEY_LENGTH characters', () => {
+      expect(() => cache.getProgramKey('v', 'f', exactKey)).not.toThrow();
+    });
+
+    it('getProgram without an explicit key is unaffected by long shader sources', () => {
+      const longSource = 'x'.repeat(10_000);
+      // auto-keyed path hashes the source — must not throw regardless of source length
+      expect(() => cache.getProgram(longSource, longSource)).not.toThrow();
+    });
+  });
+
   // -------------------------------------------------------------------------
   // FNV-1a hash correctness
   // -------------------------------------------------------------------------