negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
6c4c5358134512aa351fdced62c0e6af31783b0d
openclaw/src/security
History
Yi Liu 6c4c535813 fix(security): handle additional Unicode angle bracket homoglyphs in content sanitization (#14665) 
* fix(security): handle additional Unicode angle bracket homoglyphs in content sanitization

The foldMarkerChar function sanitizes external content markers to
prevent prompt injection boundary escapes, but only handles fullwidth
ASCII (U+FF21-FF5A) and fullwidth angle brackets (U+FF1C/FF1E).

Add handling for additional visually similar Unicode characters that
could be used to craft fake end markers:
- Mathematical angle brackets (U+27E8, U+27E9)
- CJK angle brackets (U+3008, U+3009)
- Left/right-pointing angle brackets (U+2329, U+232A)
- Single angle quotation marks (U+2039, U+203A)
- Small less-than/greater-than signs (U+FE64, U+FE65)

* test(security): add homoglyph marker coverage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-13 16:18:54 +01:00
..
audit-extra.async.ts
refactor(security,config): split oversized files (#13182)
2026-02-09 22:22:29 -08:00
audit-extra.sync.test.ts
fix(security): distinguish webhooks from internal hooks in audit summary (#13474)
2026-02-13 04:46:27 +01:00
audit-extra.sync.ts
fix(security): distinguish webhooks from internal hooks in audit summary (#13474)
2026-02-13 04:46:27 +01:00
audit-extra.ts
refactor(security,config): split oversized files (#13182)
2026-02-09 22:22:29 -08:00
audit-fs.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
audit.test.ts
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
audit.ts
feat(gateway): add auth rate-limiting & brute-force protection (#15035)
2026-02-13 15:32:38 +01:00
channel-metadata.ts
fix(security): separate untrusted channel metadata from system prompt (thanks @KonstantinMirin)
2026-02-03 23:02:45 -08:00
external-content.test.ts
fix(security): handle additional Unicode angle bracket homoglyphs in content sanitization (#14665)
2026-02-13 16:18:54 +01:00
external-content.ts
fix(security): handle additional Unicode angle bracket homoglyphs in content sanitization (#14665)
2026-02-13 16:18:54 +01:00
fix.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
fix.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
secret-equal.test.ts
fix(security): harden hook and device token auth
2026-02-13 01:23:53 +01:00
secret-equal.ts
fix(security): harden hook and device token auth
2026-02-13 01:23:53 +01:00
skill-scanner.test.ts
security: add skill/plugin code safety scanner (#9806)
2026-02-05 16:06:11 -08:00
skill-scanner.ts
refactor: centralize isPlainObject, isRecord, isErrno, isLoopbackHost utilities (#12926)
2026-02-09 17:02:55 -08:00
windows-acl.test.ts
fix: stabilize windows acl tests and command auth registry (#9335) (thanks @M00N7682)
2026-02-05 00:38:35 -08:00
windows-acl.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00