CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-02 03:35:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
41793907991b2f859b664a2b60af7972197f3c5d
gstack/browse/src
T
History
Garry Tan 808ce0de8e fix(security): wrap snapshot output in untrusted-content envelope 
The sidebar system prompt pushes the agent to run \`\$B snapshot\` as its
primary read path, but snapshot was NOT in PAGE_CONTENT_COMMANDS, so its
ARIA-name output flowed to Claude unwrapped. A malicious page's
aria-label attributes became direct agent input without the trust
boundary markers that every other read path gets.

Adding 'snapshot' to the set runs the output through
wrapUntrustedContent() like text/html/links/forms already do.

Caught by codex adversarial review.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-20 11:06:45 +08:00
..
activity.ts
feat: content security — 4-layer prompt injection defense for pair-agent (#815)
2026-04-06 14:41:06 -07:00
audit.ts
feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062)
2026-04-18 23:25:33 +08:00
browser-manager.ts
feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062)
2026-04-18 23:25:33 +08:00
buffers.ts
feat: Phase 3.5 — cookie import, QA testing, team retro (v0.3.1) (#29)
2026-03-13 00:31:41 -07:00
bun-polyfill.cjs
fix: Windows support — Node.js server fallback for Playwright (#255)
2026-03-20 12:22:11 -07:00
cdp-inspector.ts
refactor: AI slop reduction with cross-model quality review (v0.16.3.0) (#941)
2026-04-10 17:13:15 -10:00
cli.ts
fix: headed browser auto-shutdown + disconnect cleanup (v0.18.1.0) (#1025)
2026-04-16 15:39:44 -07:00
commands.ts
fix(security): wrap snapshot output in untrusted-content envelope
2026-04-20 11:06:45 +08:00
config.ts
fix: security wave 3 — 12 fixes, 7 contributors (v0.16.4.0) (#988)
2026-04-13 07:49:37 -10:00
content-security.ts
refactor: AI slop reduction with cross-model quality review (v0.16.3.0) (#941)
2026-04-10 17:13:15 -10:00
cookie-import-browser.ts
community wave: 6 PRs + hardening (v0.18.1.0) (#1028)
2026-04-17 00:45:13 -07:00
cookie-picker-routes.ts
community wave: 6 PRs + hardening (v0.18.1.0) (#1028)
2026-04-17 00:45:13 -07:00
cookie-picker-ui.ts
fix: cookie picker auth token leak (v0.15.17.0) (#904)
2026-04-08 10:10:13 -07:00
error-handling.ts
refactor: AI slop reduction with cross-model quality review (v0.16.3.0) (#941)
2026-04-10 17:13:15 -10:00
find-browse.ts
feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226)
2026-03-19 18:20:50 -07:00
media-extract.ts
feat: browser data platform for AI agents (v0.16.0.0) (#907)
2026-04-08 00:41:55 -07:00
meta-commands.ts
feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062)
2026-04-18 23:25:33 +08:00
network-capture.ts
feat: browser data platform for AI agents (v0.16.0.0) (#907)
2026-04-08 00:41:55 -07:00
path-security.ts
fix: security wave 3 — 12 fixes, 7 contributors (v0.16.4.0) (#988)
2026-04-13 07:49:37 -10:00
platform.ts
fix: Windows support — Node.js server fallback for Playwright (#255)
2026-03-20 12:22:11 -07:00
read-commands.ts
fix: security wave 3 — 12 fixes, 7 contributors (v0.16.4.0) (#988)
2026-04-13 07:49:37 -10:00
security-bunnative.ts
feat(security): Bun-native inference research skeleton + design doc
2026-04-20 05:02:59 +08:00
security-classifier.ts
fix(security): make GSTACK_SECURITY_OFF a real kill switch
2026-04-20 07:17:16 +08:00
security.ts
fix(security): cache device salt in-process to survive fs-unwritable
2026-04-20 07:17:23 +08:00
server.ts
fix(security): relay security_event through processAgentEvent
2026-04-20 05:40:54 +08:00
sidebar-agent.ts
fix(sidebar-agent): evict tool-use registry entries on tool_result
2026-04-20 07:17:31 +08:00
sidebar-utils.ts
fix: sidebar agent uses real tab URL instead of stale Playwright URL (v0.12.6.0) (#544)
2026-03-26 22:07:03 -06:00
snapshot.ts
feat: UX behavioral foundations + ux-audit command (v0.17.0.0) (#1000)
2026-04-14 07:47:11 -10:00
tab-session.ts
feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062)
2026-04-18 23:25:33 +08:00
token-registry.ts
feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062)
2026-04-18 23:25:33 +08:00
url-validation.ts
feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062)
2026-04-18 23:25:33 +08:00
welcome.html
feat: GStack Browser — double-click AI browser with anti-bot stealth (#695)
2026-04-04 10:17:05 -07:00
write-commands.ts
feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062)
2026-04-18 23:25:33 +08:00