RomanNum3ral
/
gstack
mirror of https://github.com/garrytan/gstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
gstack/browse
History
Garry Tan 0c915f9705
fix(browse): DNS rebinding protection for SSRF blocklist 
validateNavigationUrl is now async — resolves hostname to IP and checks
against blocked metadata IPs. Prevents DNS rebinding where evil.com
initially resolves to a safe IP, then switches to 169.254.169.254.
All callers updated to await. Tests updated for async assertions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 		2026-03-22 12:23:21 -07:00
..
bin feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226) 2026-03-19 18:20:50 -07:00
scripts fix: Windows support — Node.js server fallback for Playwright (#255) 2026-03-20 12:22:11 -07:00
src fix(browse): DNS rebinding protection for SSRF blocklist 2026-03-22 12:23:21 -07:00
test fix(browse): DNS rebinding protection for SSRF blocklist 2026-03-22 12:23:21 -07:00
SKILL.md feat: test coverage catalog — shared audit across plan/ship/review (v0.10.1.0) (#259) 2026-03-22 11:28:16 -07:00
SKILL.md.tmpl feat: browse handoff — headless-to-headed browser switching (v0.7.4) (#201) 2026-03-19 00:38:58 -05:00