hai/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-20 03:12:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: content trust boundary markers in browse output

Browse Source 
Wrap page-content commands (text, html, links, forms, accessibility,
console, dialog, snapshot) with --- BEGIN/END UNTRUSTED EXTERNAL CONTENT ---
markers. Covers direct commands (server.ts), chain sub-commands, and
snapshot output (meta-commands.ts).

Adds PAGE_CONTENT_COMMANDS set and wrapUntrustedContent() helper in
commands.ts (single source of truth, DRY). Expands the SKILL.md trust
warning with explicit processing rules for agents.

Clears Snyk W011 (third-party content exposure).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-03-28 23:37:58 -07:00
parent 1d33bd50b9
commit 50d7b5fa1c
8 changed files with 63 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
browse/test/commands.test.ts
View File

@@ -649,6 +649,13 @@ describe('Chain', () => {
expect(result).toContain('[css]');
});
test('chain wraps page-content sub-commands with trust markers', async () => {
await handleWriteCommand('goto', [baseUrl + '/basic.html'], bm);
const result = await handleMetaCommand('chain', ['text'], bm, async () => {});
expect(result).toContain('BEGIN UNTRUSTED EXTERNAL CONTENT');
expect(result).toContain('END UNTRUSTED EXTERNAL CONTENT');
});
test('chain reports real error when write command fails', async () => {
const commands = JSON.stringify([
['goto', 'http://localhost:1/unreachable'],