gstack

mirror of https://github.com/garrytan/gstack.git synced 2026-05-06 13:45:35 +02:00

Files

T

Garry Tan 56c8c994bf fix: block SSRF via URL validation in browse commands (#17 )

Adds validateNavigationUrl() that blocks non-HTTP(S) schemes (file://,
javascript:, data:) and cloud metadata endpoints (169.254.169.254,
metadata.google.internal). Applied to goto, diff, and newTab commands.
Localhost and private IPs remain allowed for local dev QA.

Closes #17

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-18 23:27:27 -07:00

bin

Merge remote-tracking branch 'origin/main' into v0.3.6-qa-upgrades

2026-03-14 02:35:48 -05:00

src

fix: block SSRF via URL validation in browse commands (#17 )

2026-03-18 23:27:27 -07:00

test

fix: block SSRF via URL validation in browse commands (#17 )

2026-03-18 23:27:27 -07:00

SKILL.md

feat: browse handoff — headless-to-headed browser switching (v0.7.4) (#201 )

2026-03-19 00:38:58 -05:00

SKILL.md.tmpl

feat: browse handoff — headless-to-headed browser switching (v0.7.4) (#201 )

2026-03-19 00:38:58 -05:00