mirror of
https://github.com/momenbasel/keyFinder.git
synced 2026-06-08 09:03:55 +02:00
anthonyonazure
bfc73ba018
- Prevent fake finding injection via per-session nonce validation between MAIN world interceptor and ISOLATED world content script - Fix CSV formula injection in export by sanitizing cell values - Serialize storage writes to prevent race conditions across tabs - Cap findings at 5000 with oldest-first eviction - Delete findings by unique ID instead of URL to avoid collateral removal - Validate keyword length (50 chars) and count (50 max) - Add MutationObserver for SPA support (dynamic DOM scanning) - Add explicit CSP to manifest - Add per-tab alert icon with red dot overlay when secrets are found
17 lines
614 B
JavaScript
17 lines
614 B
JavaScript
(function () {
|
|
"use strict";
|
|
|
|
const nonce = crypto.randomUUID();
|
|
|
|
// Store nonce where both MAIN world (interceptor) and ISOLATED world (content.js) can read it.
|
|
// The interceptor removes data-kf-nonce after reading; data-kf-verify stays for content.js.
|
|
const el = document.documentElement;
|
|
el.setAttribute("data-kf-nonce", nonce);
|
|
el.setAttribute("data-kf-verify", nonce);
|
|
|
|
const script = document.createElement("script");
|
|
script.src = chrome.runtime.getURL("js/interceptor.js");
|
|
(document.head || document.documentElement).appendChild(script);
|
|
script.onload = () => script.remove();
|
|
})();
|