openclawd/SnapAPI
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
47 commits 1 branch 1 tag 1.4 MiB
Find a file
SnapAPI Security Hardening ba888bb580
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 10m4s
Details
feat: harden SSRF protection with comprehensive security improvements 
- Block IPv4-mapped IPv6 addresses (::ffff:127.0.0.1, etc.)
- Block IPv6 unspecified address (::)
- Add CSS injection sanitization for hideSelectors (no {}<>;)
- Add waitForSelector validation (max 200 chars, no javascript:/script)
- Add CSS parameter hardening (block @import, url() with non-data: schemes)
- Add 21 new security tests following TDD approach
- All 387 tests passing

Fixes potential SSRF bypasses and CSS injection vulnerabilities
2026-03-05 09:04:59 +01:00
.forgejo/workflows fix: promote workflow retags staging image instead of rebuilding 2026-02-20 11:34:58 +00:00
public feat: add css parameter for custom CSS injection in screenshots 2026-03-04 21:06:50 +01:00
sdk feat: add css parameter for custom CSS injection in screenshots 2026-03-04 21:06:50 +01:00
src feat: harden SSRF protection with comprehensive security improvements 2026-03-05 09:04:59 +01:00
.gitignore feat: update landing page, changelog, compare, quick-start with darkMode + hideSelectors features 2026-03-04 15:08:17 +01:00
Dockerfile fix: skip puppeteer browser download in Docker build 2026-02-20 11:21:02 +00:00
package-lock.json feat: add darkMode and hideSelectors screenshot parameters 2026-03-04 12:06:26 +01:00
package.json fix: cancelled tier, remove key logging, add billing rate limits 2026-03-04 09:06:16 +01:00
tsconfig.json fix: exclude test files from tsc build 2026-02-25 08:09:58 +00:00
vitest.config.ts Add comprehensive test framework with vitest and TDD tests 2026-02-24 16:23:06 +00:00