CalvinBackup/keyFinder
1
0
Fork 0
mirror of https://github.com/momenbasel/keyFinder.git synced 2026-06-08 09:03:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Security hardening, bug fixes, and per-tab alert icon

Browse Source 
- Prevent fake finding injection via per-session nonce validation between
  MAIN world interceptor and ISOLATED world content script
- Fix CSV formula injection in export by sanitizing cell values
- Serialize storage writes to prevent race conditions across tabs
- Cap findings at 5000 with oldest-first eviction
- Delete findings by unique ID instead of URL to avoid collateral removal
- Validate keyword length (50 chars) and count (50 max)
- Add MutationObserver for SPA support (dynamic DOM scanning)
- Add explicit CSP to manifest
- Add per-tab alert icon with red dot overlay when secrets are found
This commit is contained in:
anthonyonazure
2026-04-14 04:17:15 -07:00
committed by moamen
parent 8d2f3fc1e4
commit bfc73ba018
6 changed files with 202 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
js/interceptor-loader.js
+16
View File
@@ -0,0 +1,16 @@
(function () {
"use strict";
const nonce = crypto.randomUUID();
// Store nonce where both MAIN world (interceptor) and ISOLATED world (content.js) can read it.
// The interceptor removes data-kf-nonce after reading; data-kf-verify stays for content.js.
const el = document.documentElement;
el.setAttribute("data-kf-nonce", nonce);
el.setAttribute("data-kf-verify", nonce);
const script = document.createElement("script");
script.src = chrome.runtime.getURL("js/interceptor.js");
(document.head || document.documentElement).appendChild(script);
script.onload = () => script.remove();
})();