openclaw

Author	SHA1	Message	Date
Peter Steinberger	f41715a18f	refactor(browser): split act route modules and dedupe path guards	2026-02-26 01:21:34 +01:00
Peter Steinberger	496a76c03b	fix(security): harden browser trace/download temp path handling	2026-02-26 01:04:05 +01:00
Peter Steinberger	ef326f5cd0	fix(browser): revalidate upload paths at use time	2026-02-26 00:40:56 +01:00
Vignesh Natarajan	54e5f80424	Browser: accept canonical upload paths for symlinked roots	2026-02-21 21:54:57 -08:00
Mariano	8e4f6c0384	fix(browser): block upload symlink escapes (#21972 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: `4381ef9a4d` Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky	2026-02-20 16:36:25 +00:00
Peter Steinberger	3aa94afcfd	fix(security): harden archive extraction (#16203 ) * fix(browser): confine upload paths for file chooser * fix(browser): sanitize suggested download filenames * chore(lint): avoid control regex in download sanitizer * test(browser): cover absolute escape paths * docs(browser): update upload example path * refactor(browser): centralize upload path confinement * fix(infra): harden tmp dir selection * fix(security): harden archive extraction * fix(infra): harden tar extraction filter	2026-02-14 14:42:08 +01:00