admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
Files
28d9dd7a772501ccc3f71457b4adfee79084fe6f
Moltbot/src/browser
History
Peter Steinberger 3aa94afcfd fix(security): harden archive extraction (#16203) 
* fix(browser): confine upload paths for file chooser

* fix(browser): sanitize suggested download filenames

* chore(lint): avoid control regex in download sanitizer

* test(browser): cover absolute escape paths

* docs(browser): update upload example path

* refactor(browser): centralize upload path confinement

* fix(infra): harden tmp dir selection

* fix(security): harden archive extraction

* fix(infra): harden tar extraction filter
2026-02-14 14:42:08 +01:00
..
routes
fix(security): harden archive extraction (#16203)
2026-02-14 14:42:08 +01:00
bridge-auth-registry.ts
fix(security): enforce sandbox bridge auth
2026-02-14 13:17:41 +01:00
bridge-server.auth.test.ts
fix(security): enforce sandbox bridge auth
2026-02-14 13:17:41 +01:00
bridge-server.ts
refactor(browser): centralize http auth
2026-02-14 13:30:11 +01:00
cdp.helpers.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
cdp.helpers.ts
perf: use .abort.bind() instead of arrow closures to prevent memory leaks (#7174)
2026-02-13 18:13:18 +01:00
cdp.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
cdp.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
chrome.default-browser.test.ts
perf(test): reduce module reload overhead in key suites
2026-02-13 15:45:19 +00:00
chrome.executables.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
chrome.profile-decoration.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
chrome.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
chrome.ts
perf: use .abort.bind() instead of arrow closures to prevent memory leaks (#7174)
2026-02-13 18:13:18 +01:00
client-actions-core.ts
fix: prevent act:evaluate hangs from getting browser tool stuck/killed (#13498)
2026-02-11 07:54:48 +08:00
client-actions-observe.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
client-actions-state.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
client-actions-types.ts
feat(browser): expand browser control surface
2026-01-12 17:32:44 +00:00
client-actions.ts
feat(browser): expand browser control surface
2026-01-12 17:32:44 +00:00
client-fetch.bridge-auth-registry.test.ts
test(browser): cover bridge auth registry fallback
2026-02-14 13:23:24 +01:00
client-fetch.loopback-auth.test.ts
fix(browser): require auth on control HTTP and auto-bootstrap token
2026-02-13 02:02:28 +01:00
client-fetch.ts
fix(security): enforce sandbox bridge auth
2026-02-14 13:17:41 +01:00
client.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
client.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
config.test.ts
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
config.ts
refactor: centralize isPlainObject, isRecord, isErrno, isLoopbackHost utilities (#12926)
2026-02-09 17:02:55 -08:00
constants.ts
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
control-auth.auto-token.test.ts
fix(browser): require auth on control HTTP and auto-bootstrap token
2026-02-13 02:02:28 +01:00
control-auth.test.ts
feat(gateway): add trusted-proxy auth mode (#15940)
2026-02-14 12:32:17 +01:00
control-auth.ts
feat(gateway): add trusted-proxy auth mode (#15940)
2026-02-14 12:32:17 +01:00
control-service.ts
fix(browser): hot-reload profiles added after gateway start (#4841) (#8816)
2026-02-14 00:44:04 +01:00
extension-relay.test.ts
fix: secure chrome extension relay cdp
2026-02-01 02:25:14 -08:00
extension-relay.ts
Deduplicate more
2026-02-09 18:56:58 -08:00
http-auth.ts
refactor(browser): centralize http auth
2026-02-14 13:30:11 +01:00
paths.ts
fix(security): harden archive extraction (#16203)
2026-02-14 14:42:08 +01:00
profiles-service.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
profiles-service.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
profiles.test.ts
chore: Enable typescript/no-explicit-any rule.
2026-02-02 16:18:09 +09:00
profiles.ts
chore: Enable typescript/no-explicit-any rule.
2026-02-02 16:18:09 +09:00
pw-ai-module.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
pw-ai-state.ts
perf(test): reduce hot-suite import and setup overhead
2026-02-13 20:26:39 +00:00
pw-ai.test.ts
perf(test): avoid heavy browser barrels in pw-ai tests
2026-02-14 03:13:32 +00:00
pw-ai.ts
perf(test): reduce hot-suite import and setup overhead
2026-02-13 20:26:39 +00:00
pw-role-snapshot.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
pw-role-snapshot.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
pw-session.browserless.live.test.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
pw-session.get-page-for-targetid.extension-fallback.test.ts
perf(test): eliminate resetModules via injectable seams
2026-02-13 16:20:37 +00:00
pw-session.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
pw-session.ts
fix: prevent act:evaluate hangs from getting browser tool stuck/killed (#13498)
2026-02-11 07:54:48 +08:00
pw-tools-core.activity.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
pw-tools-core.clamps-timeoutms-scrollintoview.test.ts
perf(test): cut setup/import overhead in hot suites
2026-02-13 21:23:50 +00:00
pw-tools-core.downloads.ts
fix(security): harden archive extraction (#16203)
2026-02-14 14:42:08 +01:00
pw-tools-core.interactions.evaluate.abort.test.ts
fix: prevent act:evaluate hangs from getting browser tool stuck/killed (#13498)
2026-02-11 07:54:48 +08:00
pw-tools-core.interactions.ts
fix: prevent act:evaluate hangs from getting browser tool stuck/killed (#13498)
2026-02-11 07:54:48 +08:00
pw-tools-core.last-file-chooser-arm-wins.test.ts
perf(test): cut setup/import overhead in hot suites
2026-02-13 21:23:50 +00:00
pw-tools-core.responses.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
pw-tools-core.screenshots-element-selector.test.ts
perf(test): cut setup/import overhead in hot suites
2026-02-13 21:23:50 +00:00
pw-tools-core.shared.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
pw-tools-core.snapshot.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
pw-tools-core.state.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
pw-tools-core.storage.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
pw-tools-core.trace.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
pw-tools-core.ts
refactor(browser): split pw tools + agent routes
2026-01-14 05:39:44 +00:00
pw-tools-core.waits-next-download-saves-it.test.ts
fix(security): harden archive extraction (#16203)
2026-02-14 14:42:08 +01:00
screenshot.e2e.test.ts
perf(test): speed up screenshot normalization e2e fixture
2026-02-14 00:17:49 +00:00
screenshot.ts
chore: Enable more lint rules, disable some that trigger a lot. Will clean up later.
2026-01-31 16:04:04 +09:00
server-context.ensure-tab-available.prefers-last-target.test.ts
perf(test): parallelize unit-isolated
2026-02-14 13:01:02 +00:00
server-context.hot-reload-profiles.test.ts
fix(browser): hot-reload profiles added after gateway start (#4841) (#8816)
2026-02-14 00:44:04 +01:00
server-context.list-known-profile-names.test.ts
fix(browser): hot-reload profiles added after gateway start (#4841) (#8816)
2026-02-14 00:44:04 +01:00
server-context.remote-tab-ops.test.ts
perf(test): parallelize unit-isolated
2026-02-14 13:01:02 +00:00
server-context.ts
fix(browser): hot-reload profiles added after gateway start (#4841) (#8816)
2026-02-14 00:44:04 +01:00
server-context.types.ts
fix(browser): hot-reload profiles added after gateway start (#4841) (#8816)
2026-02-14 00:44:04 +01:00
server.agent-contract-form-layout-act-commands.test.ts
fix(security): harden archive extraction (#16203)
2026-02-14 14:42:08 +01:00
server.agent-contract-snapshot-endpoints.test.ts
perf(test): parallelize unit-isolated
2026-02-14 13:01:02 +00:00
server.auth-token-gates-http.test.ts
fix(browser): require auth on control HTTP and auto-bootstrap token
2026-02-13 02:02:28 +01:00
server.evaluate-disabled-does-not-block-storage.test.ts
perf(test): cut setup/import overhead in hot suites
2026-02-13 21:23:50 +00:00
server.post-tabs-open-profile-unknown-returns-404.test.ts
perf(test): parallelize unit-isolated
2026-02-14 13:01:02 +00:00
server.ts
refactor(browser): centralize http auth
2026-02-14 13:30:11 +01:00
target-id.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
target-id.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
trash.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00