gstack/browse/src at 9f88893f5bc376f99eb34b5e2979a96ff1ff2c8b - gstack - MS-GitHub-Backup (Gitea)

CalvinBackup/gstack

mirror of https://github.com/garrytan/gstack.git synced 2026-05-05 13:15:24 +02:00

Files

T

History

Garry Tan 053b46e371 fix: harden trust boundary markers against escape attacks

- Sanitize URLs in markers (remove newlines, cap at 200 chars) to prevent
  marker injection via history.pushState
- Escape marker strings in content (zero-width space) so malicious pages
  can't forge the END marker to break out of the untrusted block
- Wrap resume command snapshot with trust boundary markers
- Wrap diff command output with trust boundary markers
- Wrap watch stop last snapshot with trust boundary markers

Found by cross-model adversarial review (Claude + Codex).

2026-03-29 13:27:44 -07:00

..

activity.ts

feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517 )

2026-03-26 11:15:24 -06:00

browser-manager.ts

fix: security audit remediation — 12 fixes, 20 tests (v0.13.1.0) (#595 )

2026-03-28 08:35:24 -06:00

buffers.ts

feat: Phase 3.5 — cookie import, QA testing, team retro (v0.3.1) (#29 )

2026-03-13 00:31:41 -07:00

bun-polyfill.cjs

fix: Windows support — Node.js server fallback for Playwright (#255 )

2026-03-20 12:22:11 -07:00

cli.ts

fix: 6 critical fixes + community PR guardrails (v0.13.2.0) (#602 )

2026-03-28 11:31:56 -06:00

commands.ts

fix: harden trust boundary markers against escape attacks

2026-03-29 13:27:44 -07:00

config.ts

feat: TODOS-aware skills, 2-tier Greptile replies, gitignore fix (#61 )

2026-03-14 20:15:11 -07:00

cookie-import-browser.ts

feat: Wave 3 — community bug fixes & platform support (v0.11.6.0) (#359 )

2026-03-23 22:15:23 -07:00

cookie-picker-routes.ts

fix: security audit remediation — 12 fixes, 20 tests (v0.13.1.0) (#595 )

2026-03-28 08:35:24 -06:00

cookie-picker-ui.ts

fix: security audit remediation — 12 fixes, 20 tests (v0.13.1.0) (#595 )

2026-03-28 08:35:24 -06:00

find-browse.ts

feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226 )

2026-03-19 18:20:50 -07:00

meta-commands.ts

fix: harden trust boundary markers against escape attacks

2026-03-29 13:27:44 -07:00

platform.ts

fix: Windows support — Node.js server fallback for Playwright (#255 )

2026-03-20 12:22:11 -07:00

read-commands.ts

fix: security audit remediation — 12 fixes, 20 tests (v0.13.1.0) (#595 )

2026-03-28 08:35:24 -06:00

server.ts

fix: content trust boundary markers in browse output

2026-03-28 23:37:58 -07:00

sidebar-agent.ts

fix: sidebar prompt injection defense (v0.13.4.0) (#611 )

2026-03-28 22:10:35 -06:00

sidebar-utils.ts

fix: sidebar agent uses real tab URL instead of stale Playwright URL (v0.12.6.0) (#544 )

2026-03-26 22:07:03 -06:00

snapshot.ts

feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517 )

2026-03-26 11:15:24 -06:00

url-validation.ts

feat: Wave 3 — community bug fixes & platform support (v0.11.6.0) (#359 )

2026-03-23 22:15:23 -07:00

write-commands.ts

feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517 )

2026-03-26 11:15:24 -06:00