gstack/extension/content.js at 7b8966b563bdac5d0da80ec5333ba2b1ea9c8405

hai/gstack

mirror of https://github.com/garrytan/gstack.git synced 2026-05-12 23:43:05 +08:00

Files

Garry Tan 929190c588 fix: innerHTML XSS in extension content script and sidepanel (MEDIUM-01)

- content.js: replace innerHTML with createElement/textContent for ref panel
- sidepanel.js: escape entry.command with escapeHtml() in activity feed
- Both found by security audit + Codex adversarial red team

2026-03-27 22:13:59 -07:00

4.7 KiB

Raw Blame History

View Raw

4.7 KiB Raw Blame History

4.7 KiB

Raw Blame History