Garry Tan d81229f9f2 fix(security): redact form fields with sensitive names, not just type=password ...

Form redaction only applied to type="password" fields. Hidden and text
fields named csrf_token, api_key, session_id, etc. were exposed unredacted
in LLM context, leaking secrets.

Extend redaction to check field name and id against sensitive patterns:
token, secret, key, password, credential, auth, jwt, session, csrf, sid,
api_key. Uses the same pattern style as SENSITIVE_COOKIE_NAME.

Closes #860

Co-Authored-By: Gus <garagon@users.noreply.github.com>

2026-04-13 09:34:13 -07:00

..

bin

feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226)

2026-03-19 18:20:50 -07:00

scripts

fix: Windows support — Node.js server fallback for Playwright (#255)

2026-03-20 12:22:11 -07:00

src

fix(security): redact form fields with sensitive names, not just type=password

2026-04-13 09:34:13 -07:00

test

fix(security): cookie-import path validation bypass + hardcoded /tmp

2026-04-13 09:33:48 -07:00

PLAN-snapshot-dropdown-interactive.md

fix: snapshot -i auto-detects dropdown/popover interactive elements (#845)

2026-04-05 22:57:45 -07:00

SKILL.md

feat: browser data platform for AI agents (v0.16.0.0) (#907)

2026-04-08 00:41:55 -07:00

SKILL.md.tmpl

feat: sidebar CSS inspector + per-tab agents (v0.13.9.0) (#650)

2026-03-30 12:51:05 -06:00