RomanNum3ral
/
gstack
mirror of https://github.com/garrytan/gstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
gstack/browse
History
Garry Tan 56c8c994bf
fix: block SSRF via URL validation in browse commands (#17) 
Adds validateNavigationUrl() that blocks non-HTTP(S) schemes (file://,
javascript:, data:) and cloud metadata endpoints (169.254.169.254,
metadata.google.internal). Applied to goto, diff, and newTab commands.
Localhost and private IPs remain allowed for local dev QA.

Closes #17

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 		2026-03-18 23:27:27 -07:00
..
bin Merge remote-tracking branch 'origin/main' into v0.3.6-qa-upgrades 2026-03-14 02:35:48 -05:00
src fix: block SSRF via URL validation in browse commands (#17) 2026-03-18 23:27:27 -07:00
test fix: block SSRF via URL validation in browse commands (#17) 2026-03-18 23:27:27 -07:00
SKILL.md feat: browse handoff — headless-to-headed browser switching (v0.7.4) (#201) 2026-03-19 00:38:58 -05:00
SKILL.md.tmpl feat: browse handoff — headless-to-headed browser switching (v0.7.4) (#201) 2026-03-19 00:38:58 -05:00