vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security: escape invisible exec approval format chars (#43687)

Browse Source 
* Infra: escape invisible exec approval chars

* Gateway: sanitize exec approval display text

* Tests: cover sanitized exec approval payloads

* Tests: cover sanitized exec approval forwarding

* Changelog: note exec approval prompt hardening
This commit is contained in:
Vincent Koc
2026-03-12 01:20:04 -04:00
committed by GitHub
parent 1dcef7b644
commit 2504cb6a1e
5 changed files with 80 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@@ -4,6 +4,9 @@ Docs: https://docs.openclaw.ai
## Unreleased
### Security
- Security/exec approvals: escape invisible Unicode format characters in approval prompts so zero-width command text renders as visible `\u{...}` escapes instead of spoofing the reviewed command. (#43687) Thanks @EkiXu and @vincentkoc.
### Changes
### Fixes