- Prevent fake finding injection via per-session nonce validation between
MAIN world interceptor and ISOLATED world content script
- Fix CSV formula injection in export by sanitizing cell values
- Serialize storage writes to prevent race conditions across tabs
- Cap findings at 5000 with oldest-first eviction
- Delete findings by unique ID instead of URL to avoid collateral removal
- Validate keyword length (50 chars) and count (50 max)
- Add MutationObserver for SPA support (dynamic DOM scanning)
- Add explicit CSP to manifest
- Add per-tab alert icon with red dot overlay when secrets are found
anthonyonazure