gitmost

vvzvlad/gitmost

Fork 0

Commit Graph

Author	SHA1	Message	Date
claude_code	f63719a21c	fix(share): neutralize own-origin absolute links in public-share AI chat isExternalHttpUrl treated any http(s):// URL as external, so an absolute link back to the app's own host (e.g. https://self/p/{uuid}, /settings/members) emitted by the assistant stayed clickable on the anonymous share, leaking internal UUIDs/structure and pointing at auth-gated routes. Classify a link as external only when its host differs from window.location.host; unparseable URLs are treated as internal (fail-closed). Tests cover own-origin absolute (flag on -> inert), external host (kept with safe rel/target), dangerous schemes, and no behavior change for the internal chat (flag off). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-21 01:20:11 +03:00
claude code agent 227	e0aac5aa04	feat(share): public-share AI chat reuses the internal chat's presentation (#41 ) The public-share widget was a separate minimal impl: plain-text answer, static 'Thinking…', no markdown, no tool-cards. Now it renders through the internal chat's debugged presentational layer (MessageList/MessageItem/TypingIndicator/ ToolCallCard), so a share gets the same incremental streaming, animated typing indicator, markdown, and tool-call cards. The share keeps its anonymous transport (useChat + DefaultChatTransport '/api/shares/ai/stream', credentials:'omit'). The shared components were already prop-driven (UIMessage[] + isStreaming) with no transport/auth coupling; made the new props additive optionals (emptyState, showCitations, neutralizeInternalLinks) all defaulting to current behavior, so the internal chat is unchanged. Security (review-caught): rendering assistant markdown on the ANONYMOUS share made internal links (/p/{id}, /settings/...) clickable, which the old plain-text render didn't. renderChatMarkdown gains neutralizeInternalLinks (true only on the share): a one-shot DOMPurify afterSanitizeAttributes hook (added/removed by reference around a single sanitize) strips href from internal/relative/non-http(s) links (rendered inert) and keeps external http(s) links with rel=noopener noreferrer nofollow target=_blank. Tests cover both the link neutralization and the absence of any global-hook leak into internal renders. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-21 00:04:18 +03:00

Author

SHA1

Message

Date

claude_code

f63719a21c

fix(share): neutralize own-origin absolute links in public-share AI chat

isExternalHttpUrl treated any http(s):// URL as external, so an absolute link
back to the app's own host (e.g. https://self/p/{uuid}, /settings/members)
emitted by the assistant stayed clickable on the anonymous share, leaking
internal UUIDs/structure and pointing at auth-gated routes. Classify a link as
external only when its host differs from window.location.host; unparseable URLs
are treated as internal (fail-closed). Tests cover own-origin absolute (flag
on -> inert), external host (kept with safe rel/target), dangerous schemes, and
no behavior change for the internal chat (flag off).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-21 01:20:11 +03:00

claude code agent 227

e0aac5aa04

feat(share): public-share AI chat reuses the internal chat's presentation (#41 )

The public-share widget was a separate minimal impl: plain-text answer, static
'Thinking…', no markdown, no tool-cards. Now it renders through the internal
chat's debugged presentational layer (MessageList/MessageItem/TypingIndicator/
ToolCallCard), so a share gets the same incremental streaming, animated typing
indicator, markdown, and tool-call cards. The share keeps its anonymous
transport (useChat + DefaultChatTransport '/api/shares/ai/stream',
credentials:'omit').

The shared components were already prop-driven (UIMessage[] + isStreaming) with
no transport/auth coupling; made the new props additive optionals (emptyState,
showCitations, neutralizeInternalLinks) all defaulting to current behavior, so
the internal chat is unchanged.

Security (review-caught): rendering assistant markdown on the ANONYMOUS share
made internal links (/p/{id}, /settings/...) clickable, which the old plain-text
render didn't. renderChatMarkdown gains neutralizeInternalLinks (true only on
the share): a one-shot DOMPurify afterSanitizeAttributes hook (added/removed by
reference around a single sanitize) strips href from internal/relative/non-http(s)
links (rendered inert) and keeps external http(s) links with
rel=noopener noreferrer nofollow target=_blank. Tests cover both the link
neutralization and the absence of any global-hook leak into internal renders.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-21 00:04:18 +03:00

2 Commits