惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Full Disclosure
Recorded Future
Recorded Future
T
Tenable Blog
S
Securelist
C
CERT Recently Published Vulnerability Notes
T
Threatpost
S
Schneier on Security
A
Arctic Wolf
The Hacker News
The Hacker News
C
CXSECURITY Database RSS Feed - CXSecurity.com
Know Your Adversary
Know Your Adversary
P
Privacy International News Feed
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Register - Security
The Register - Security
Cisco Talos Blog
Cisco Talos Blog
AWS News Blog
AWS News Blog
K
Kaspersky official blog
T
True Tiger Recordings
T
Threat Research - Cisco Blogs
V
Vulnerabilities – Threatpost
P
Palo Alto Networks Blog
T
The Exploit Database - CXSecurity.com
小众软件
小众软件
B
Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Microsoft Azure Blog
Microsoft Azure Blog
Cyberwarzone
Cyberwarzone
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tor Project blog
Spread Privacy
Spread Privacy
Malwarebytes
Malwarebytes
P
Proofpoint News Feed
F
Fox-IT International blog
F
Fortinet All Blogs
P
Privacy & Cybersecurity Law Blog
G
GRAHAM CLULEY
量子位
Latest news
Latest news
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 叶小钗
Project Zero
Project Zero
T
Tailwind CSS Blog
N
Netflix TechBlog - Medium
Martin Fowler
Martin Fowler
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
I
Intezer
博客园_首页
腾讯CDC
H
Hackread – Cybersecurity News, Data Breaches, AI and More
D
Darknet – Hacking Tools, Hacker News & Cyber Security

Recent Commits to openclaw:main

fix(lock): require owner identity proof before stale removal · openclaw/openclaw@daa7b1d fix(deps): pin shrinkwrap patch drift to pnpm lock · openclaw/openclaw@d8a14e7 revert: 60bec8c duplicate tool display guard · openclaw/openclaw@e09f89d fix(e2e): bound docker package preparation · openclaw/openclaw@38edae7 fix(cli): add Windows stack-size respawn (#87031) · openclaw/openclaw@5e8f498 fix(agents): preserve sessions_spawn transcript payloads (#82203) · openclaw/openclaw@ef86d8c fix(agents): guard duplicate tool display metadata (#87025) · openclaw/openclaw@60bec8c ci(release): port 2026.5.25 release gate fixes · openclaw/openclaw@f7e2d9b chore: update tool display snapshot · openclaw/openclaw@ad71c42 fix(web-search): keep runtime legacy merge out of validation (#86818) · openclaw/openclaw@4a85cd7 fix(cli): default logs to local timestamps (#85387) · openclaw/openclaw@3127808 fix(agents): dedupe transcripts tool display config · openclaw/openclaw@8788ae1 fix(updater): exclude prerelease tags from stable git channel (#86559) · openclaw/openclaw@e070519 fix(agents): memoize session lock owner args · openclaw/openclaw@c430fcd fix: dedupe transcripts tool display metadata · openclaw/openclaw@0f49bbb fix(cli): validate timeout and banner TTY state · openclaw/openclaw@abb85cc fix(codex): project newer history on app-server resume (#86677) fix(codex): keep turn timeouts inside Codex (#86476) fix(e2e): support plain telegram install timeouts fix(mac): harden restart and dSYM packaging · openclaw/openclaw@639e7ff fix(exec): avoid default approval store writes (#86964) · openclaw/openclaw@4d65936 fix(agents): restore current guard checks (#86934) · openclaw/openclaw@9b1b6d0 docs(changelog): prepare 2026.5.26 notes · openclaw/openclaw@983b338 fix(commands): keep slash handling off reply startup · openclaw/openclaw@c2b56de fix(reply): defer context compaction safely · openclaw/openclaw@ed3ae0d fix(telegram): refine typing and progress drafts · openclaw/openclaw@0afccc6 fix(codex): gate profiler timing and startup setup · openclaw/openclaw@21c25bb fix(agents): avoid runtime model hydration on hot paths · openclaw/openclaw@7951cc0 fix(reply): reduce visible reply delivery latency · openclaw/openclaw@699c047 docs(changelog): note reply latency fixes · openclaw/openclaw@29a1dc2 fix(e2e): support plain timeout wrappers fix(channels): preserve direct native progress callbacks · openclaw/openclaw@e750041 fix: tighten parser edge cases (#86999) · openclaw/openclaw@174cd49 fix(e2e): clean stale docker lane containers · openclaw/openclaw@3968288 fix(e2e): bound docker lifecycle hangs · openclaw/openclaw@71cb607 fix(gateway): bound live agent model probes fix(e2e): bound plugin binding docker smoke · openclaw/openclaw@b36fa1d fix(e2e): preserve docker run failure status feat(discord): bucket large model picker menus fix(telegram): derive DM topics from bot capability · openclaw/openclaw@aa117ec fix: improve discord voice playback and wake replies fix(e2e): kill timed kitchen rpc command groups · openclaw/openclaw@23aeb58 ci: use supported codex mini live target · openclaw/openclaw@b56ddcc fix(ci): kill wedged bun smoke commands fix(e2e): bound corrupt plugin update runs · openclaw/openclaw@2b63eb2 ci: require codex profiles for live probes · openclaw/openclaw@6930538 docs: clarify inline comment guidance docs: update changelog for landed sweep fixes · openclaw/openclaw@8c575bd fix(agents): disclose scoped session list results (#86944) · openclaw/openclaw@598aad4 fix(telegram): treat ENETDOWN as transient network failure (#86762) · openclaw/openclaw@1fd8de8 fix(mac): harden package script safety · openclaw/openclaw@564e0bb fix(ci): kill wedged checkout fetches · openclaw/openclaw@c867ecb ci: restore codex replay live probe contract · openclaw/openclaw@9fd8158 fix(codex): preserve oversized native thread reuse · openclaw/openclaw@7a14741 fix(scripts): detect timed changed gates · openclaw/openclaw@a5eee8f ci: stop waiting for nonexistent capability restart wake · openclaw/openclaw@3c6fd49 fix(e2e): route plugin update through timeout helper · openclaw/openclaw@e8f584e fix: respect root options in startup guards (#86927) · openclaw/openclaw@7e6837b fix: tighten CLI utility failure handling (#86918) · openclaw/openclaw@0ec2928 fix: preserve config and hook contracts (#86911) fix: tighten small runtime parsing guards (#86909) fix(ci): kill timed tui pty test runs · openclaw/openclaw@081e295 fix(logging): preserve env placeholders during redaction · openclaw/openclaw@6c18c21 fix(memory-core): avoid per-file watcher FD fan-out for memory direct… fix: use current config sdk contract in feishu doctor · openclaw/openclaw@5535eef Validate wide-area DNS zone domains [AI] (#84136) · openclaw/openclaw@84b9704 ci: stabilize release live QA gates · openclaw/openclaw@27359ec ci: harden live release gates · openclaw/openclaw@cf21c8a ci: normalize Windows toolcache Node paths perf: cache read-only channel resolution chore: remove stale codex test conversion · openclaw/openclaw@fdb7848 fix(test): explain missing vitest dependency · openclaw/openclaw@373b3bf fix(e2e): kill timed docker scenario runners · openclaw/openclaw@d5bf325 fix: add transcripts tool display metadata · openclaw/openclaw@645cbf6 docs: update changelog for landed fixes · openclaw/openclaw@12b81d8 fix(agents): route btw through embedded stream resolver (#86312) fix(telegram): treat targeted bot commands as mentions (#86553) · openclaw/openclaw@c7821bd fix(e2e): route doctor switch commands through timeout helper · openclaw/openclaw@9ced76a fix: ignore other codex thread completions · openclaw/openclaw@ead847f fix(feishu): repair stale channel state · openclaw/openclaw@b7c461a fix: remove stale image provider assertions · openclaw/openclaw@0973a7e fix: accept trailing fuzzy voice wake questions · openclaw/openclaw@d001d35 fix(podman): bound setup image builds · openclaw/openclaw@d6fcb56 fix(podman): kill timed container launches · openclaw/openclaw@6118f3f fix(scripts): preserve native pnpm exec paths · openclaw/openclaw@fb853de fix(codex): bridge cli api-key auth into app-server fix: update Discord voice to libopus-wasm 0.1.0 · openclaw/openclaw@0f605ee fix(e2e): kill timed docker helper commands · openclaw/openclaw@e89afa6 fix(e2e): kill timed live docker runs · openclaw/openclaw@dc0d4c2 fix(ci): kill timed website installer docker steps · openclaw/openclaw@d54c906 fix(scripts): trim macOS node bootstrap · openclaw/openclaw@4ff5a61 fix(ci): kill timed install smoke docker steps · openclaw/openclaw@cf6f9ad fix(setup): kill timed image pulls when supported fix(test): default Vitest stall watchdog fix(ci): bound crabbox hydrate downloads · openclaw/openclaw@d1c8f09 fix(control-ui): guard stale overview usage refresh fix(qa): require genai otel model spans (#86920) refactor: move transcripts into core fix(message-tool): hydrate structured reply attachments fix(e2e): kill timed npm install process groups
fix(auto-reply): stage sandboxed workspace media · openclaw/openclaw@f22c3a5
mjamiv · 2026-05-27 · via Recent Commits to openclaw:main

@@ -773,6 +773,20 @@ describe("loadWebMedia", () => {

773773

expect(result.contentType).toBe("text/markdown");

774774

});

775775776+

it("rejects host-read HTML files without a separate security-boundary approval", async () => {

777+

const htmlFile = path.join(fixtureRoot, "report.html");

778+

await fs.writeFile(htmlFile, "<!doctype html><title>Report</title><h1>Report</h1>\n", "utf8");

779+

await expectLoadWebMediaErrorCode(

780+

loadWebMedia(htmlFile, {

781+

maxBytes: 1024 * 1024,

782+

localRoots: "any",

783+

readFile: async (filePath) => await fs.readFile(filePath),

784+

hostReadCapability: true,

785+

}),

786+

"path-not-allowed",

787+

);

788+

});

789+776790

it.each([

777791

{

778792

label: "ZIP",

@@ -833,6 +847,7 @@ describe("loadWebMedia", () => {

833847834848

it.each([

835849

{ label: "CSV", fileName: "opaque.csv" },

850+

{ label: "HTML", fileName: "opaque.html" },

836851

{ label: "Markdown", fileName: "opaque.md" },

837852

])("rejects opaque non-NUL binary data disguised as %s", async ({ fileName }) => {

838853

const fakeTextFile = path.join(fixtureRoot, fileName);

@@ -854,6 +869,7 @@ describe("loadWebMedia", () => {

854869855870

it.each([

856871

{ label: "CSV", fileName: "prefix-tail.csv" },

872+

{ label: "HTML", fileName: "prefix-tail.html" },

857873

{ label: "Markdown", fileName: "prefix-tail.md" },

858874

])(

859875

"rejects %s files with a text prefix and binary tail after the old sample window",

@@ -921,6 +937,7 @@ describe("loadWebMedia", () => {

921937922938

it.each([

923939

{ label: "CSV", fileName: "nul-padded.csv" },

940+

{ label: "HTML", fileName: "nul-padded.html" },

924941

{ label: "Markdown", fileName: "nul-padded.md" },

925942

])("rejects NUL-padded binary data disguised as %s", async ({ fileName }) => {

926943

const fakeTextFile = path.join(fixtureRoot, fileName);

@@ -944,6 +961,7 @@ describe("loadWebMedia", () => {

944961945962

it.each([

946963

{ label: "CSV", fileName: "bom-binary.csv" },

964+

{ label: "HTML", fileName: "bom-binary.html" },

947965

{ label: "Markdown", fileName: "bom-binary.md" },

948966

])("rejects UTF-16 BOM-prefixed binary data disguised as %s", async ({ fileName }) => {

949967

const fakeTextFile = path.join(fixtureRoot, fileName);

@@ -967,6 +985,7 @@ describe("loadWebMedia", () => {

967985968986

it.each([

969987

{ label: "CSV", fileName: "alternating-high.csv" },

988+

{ label: "HTML", fileName: "alternating-high.html" },

970989

{ label: "Markdown", fileName: "alternating-high.md" },

971990

])("rejects alternating ASCII/high-byte data disguised as %s", async ({ fileName }) => {

972991

const fakeTextFile = path.join(fixtureRoot, fileName);

@@ -991,6 +1010,7 @@ describe("loadWebMedia", () => {

99110109921011

it.each([

9931012

{ label: "CSV", fileName: "high-bytes.csv" },

1013+

{ label: "HTML", fileName: "high-bytes.html" },

9941014

{ label: "Markdown", fileName: "high-bytes.md" },

9951015

])("rejects high-byte opaque data disguised as %s", async ({ fileName }) => {

9961016

const fakeTextFile = path.join(fixtureRoot, fileName);

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。