fix(qa): preserve adjacent control ui redaction · openclaw/openclaw@1df2cc5
vincentkoc
·
2026-06-20
·
via Recent Commits to openclaw:main
| Original file line number | Diff line number | Diff line change |
|---|
@@ -148,6 +148,24 @@ const CONTROL_UI_CREDENTIAL_QUERY_KEYS = new Set([
|
148 | 148 | "refresh_token", |
149 | 149 | "token", |
150 | 150 | ]); |
| 151 | +const CONTROL_UI_CREDENTIAL_QUERY_PATTERN = |
| 152 | +/([?&])(?:access_token|api_?key|auth|deviceToken|id_token|password|refresh_token|token)=[^&#\s]*&?/gi; |
| 153 | + |
| 154 | +function stripSensitiveQueryParamsFromText(rawUrl: string): string { |
| 155 | +let sanitized = rawUrl; |
| 156 | +for (;;) { |
| 157 | +const next = sanitized |
| 158 | +.replace(CONTROL_UI_CREDENTIAL_QUERY_PATTERN, (match: string, separator: string) => |
| 159 | +match.endsWith("&") ? separator : "", |
| 160 | +) |
| 161 | +.replace(/[?&]$/, "") |
| 162 | +.replace("?&", "?"); |
| 163 | +if (next === sanitized) { |
| 164 | +return next; |
| 165 | +} |
| 166 | +sanitized = next; |
| 167 | +} |
| 168 | +} |
151 | 169 | |
152 | 170 | function stripSensitiveQueryParams(rawUrl: string): string { |
153 | 171 | try { |
@@ -159,13 +177,7 @@ function stripSensitiveQueryParams(rawUrl: string): string {
|
159 | 177 | } |
160 | 178 | return url.toString(); |
161 | 179 | } catch { |
162 | | -return rawUrl |
163 | | -.replace( |
164 | | -/([?&])(?:access_token|api_?key|auth|deviceToken|id_token|password|refresh_token|token)=[^&#\s]*&?/gi, |
165 | | -(match: string, separator: string) => (match.endsWith("&") ? separator : ""), |
166 | | -) |
167 | | -.replace(/[?&]$/, "") |
168 | | -.replace("?&", "?"); |
| 180 | +return stripSensitiveQueryParamsFromText(rawUrl); |
169 | 181 | } |
170 | 182 | } |
171 | 183 | |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。