RomanNum3ral
/
gstack
mirror of https://github.com/garrytan/gstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
gstack/browse/src
History
Garry Tan b60162ae45
fix: symlink bypass in validateReadPath (MEDIUM-02) 
- Always resolve to absolute path first (fixes relative path bypass)
- Use realpathSync to follow symlinks before boundary check
- Throw on non-ENOENT realpathSync failures (explicit over silent)
- Resolve SAFE_DIRECTORIES through realpathSync (macOS /tmp → /private/tmp)
- Resolve directory part for non-existent files (ENOENT with symlinked parent)
 		2026-03-27 22:14:02 -07:00
..
activity.ts feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517) 2026-03-26 11:15:24 -06:00
browser-manager.ts fix: remove auth token from /health, secure extension bootstrap (CRITICAL-02 + HIGH-03) 2026-03-27 22:13:45 -07:00
buffers.ts feat: Phase 3.5 — cookie import, QA testing, team retro (v0.3.1) (#29) 2026-03-13 00:31:41 -07:00
bun-polyfill.cjs fix: Windows support — Node.js server fallback for Playwright (#255) 2026-03-20 12:22:11 -07:00
cli.ts fix: sidebar agent uses real tab URL instead of stale Playwright URL (v0.12.6.0) (#544) 2026-03-26 22:07:03 -06:00
commands.ts feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517) 2026-03-26 11:15:24 -06:00
config.ts feat: TODOS-aware skills, 2-tier Greptile replies, gitignore fix (#61) 2026-03-14 20:15:11 -07:00
cookie-import-browser.ts feat: Wave 3 — community bug fixes & platform support (v0.11.6.0) (#359) 2026-03-23 22:15:23 -07:00
cookie-picker-routes.ts fix: require auth on cookie-picker data routes (CRITICAL-01) 2026-03-27 22:13:48 -07:00
cookie-picker-ui.ts fix: require auth on cookie-picker data routes (CRITICAL-01) 2026-03-27 22:13:48 -07:00
find-browse.ts feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226) 2026-03-19 18:20:50 -07:00
meta-commands.ts fix: add state file TTL and plaintext cookie warning (HIGH-02) 2026-03-27 22:13:55 -07:00
platform.ts fix: Windows support — Node.js server fallback for Playwright (#255) 2026-03-20 12:22:11 -07:00
read-commands.ts fix: symlink bypass in validateReadPath (MEDIUM-02) 2026-03-27 22:14:02 -07:00
server.ts fix: remove auth token from /health, secure extension bootstrap (CRITICAL-02 + HIGH-03) 2026-03-27 22:13:45 -07:00
sidebar-agent.ts fix: remove auth token from /health, secure extension bootstrap (CRITICAL-02 + HIGH-03) 2026-03-27 22:13:45 -07:00
sidebar-utils.ts fix: sidebar agent uses real tab URL instead of stale Playwright URL (v0.12.6.0) (#544) 2026-03-26 22:07:03 -06:00
snapshot.ts feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517) 2026-03-26 11:15:24 -06:00
url-validation.ts feat: Wave 3 — community bug fixes & platform support (v0.11.6.0) (#359) 2026-03-23 22:15:23 -07:00
write-commands.ts feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517) 2026-03-26 11:15:24 -06:00