openclawd/SnapAPI
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
47 commits 1 branch 1 tag 1.4 MiB
Commit graph

4 commits

Author SHA1 Message Date
SnapAPI Security Hardening
ba888bb580 feat: harden SSRF protection with comprehensive security improvements
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 10m4s
Details 
- Block IPv4-mapped IPv6 addresses (::ffff:127.0.0.1, etc.)
- Block IPv6 unspecified address (::)
- Add CSS injection sanitization for hideSelectors (no {}<>;)
- Add waitForSelector validation (max 200 chars, no javascript:/script)
- Add CSS parameter hardening (block @import, url() with non-data: schemes)
- Add 21 new security tests following TDD approach
- All 387 tests passing

Fixes potential SSRF bypasses and CSS injection vulnerabilities
 2026-03-05 09:04:59 +01:00
OpenClaw
0999474fbd feat: add css parameter for custom CSS injection in screenshots
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 10m33s
Details
2026-03-04 21:06:50 +01:00
Hoid
96d21aa63b feat: add darkMode and hideSelectors screenshot parameters
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 9m31s
Details 
- darkMode: emulates prefers-color-scheme: dark before navigation
- hideSelectors: injects CSS to hide elements before capture
  - POST: accepts string or string array
  - GET: accepts comma-separated string
  - Validation: max 10 selectors, each max 200 chars
- OpenAPI docs updated for both GET and POST endpoints
- 13 new tests added (service + route)
 2026-03-04 12:06:26 +01:00
Hoid
05c91e6747 test: add unit tests for browser pool and screenshot services
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 10m56s
Details
2026-03-03 15:07:02 +01:00