RomanNum3ral
/
gstack
mirror of https://github.com/garrytan/gstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
gstack/browse
History
Garry Tan 10329e918f
fix: harden URL validation against hostname bypasses (Codex P1) 
Codex review found that metadata IPs could be reached via hex
(0xA9FEA9FE), decimal (2852039166), octal, trailing dot, and IPv6
bracket forms. Now normalizes hostnames before checking the blocklist
and probes numeric IP representations via URL constructor.

Also moves URL validation before page allocation in newTab() to
prevent zombie tabs on rejection (Codex P3).

5 new test cases for bypass variants.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 		2026-03-18 23:46:48 -07:00
..
bin Merge remote-tracking branch 'origin/main' into v0.3.6-qa-upgrades 2026-03-14 02:35:48 -05:00
src fix: harden URL validation against hostname bypasses (Codex P1) 2026-03-18 23:46:48 -07:00
test fix: harden URL validation against hostname bypasses (Codex P1) 2026-03-18 23:46:48 -07:00
SKILL.md feat: browse handoff — headless-to-headed browser switching (v0.7.4) (#201) 2026-03-19 00:38:58 -05:00
SKILL.md.tmpl feat: browse handoff — headless-to-headed browser switching (v0.7.4) (#201) 2026-03-19 00:38:58 -05:00