Skip to content

Fix/2164#331

Open
conradmugabe wants to merge 6 commits into
mainfrom
fix/2164
Open

Fix/2164#331
conradmugabe wants to merge 6 commits into
mainfrom
fix/2164

Conversation

@conradmugabe

Copy link
Copy Markdown
Contributor

Checklist

  • Tests were added/updated according to the feature/bugfix/change made
  • Version was rolled according to semver requirements
  • API endpoints openapi schema was updated if applicable

Changes

conradmugabe and others added 6 commits July 13, 2026 20:16
Introduce sanitizePromptParam() to defend the ?prompt= deep-link query
param against prompt-injection smuggling and oversized payloads. It strips
control characters (preserving \n and \t), zero-width/invisible characters,
and the Unicode Tag block, trims, and caps length at a new
MAX_PROMPT_PARAM_LENGTH (4000). HTML is intentionally NOT escaped: the chat
render layer already auto-escapes user turns, so escaping would only corrupt
legitimate prompts like "what does <div> do?" without adding safety.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Route the ?prompt= query param through sanitizePromptParam() at the chat
entry point instead of a bare .trim(), so an attacker-crafted deep link
cannot smuggle invisible/control characters or an oversized payload into
the auto-submitted first message.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ding

Add a dedicated spec covering every branch of sanitizePromptParam (XSS-ish
passthrough, invisible/tag-block/control-char stripping with newline+tab
preserved, oversized truncation, legit prompt intact, null/empty/whitespace
→ undefined). Extend the chat "initialPrompt forwarding" suite to assert the
sanitized value is what reaches useAdvancedChat.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Extend the chat URL prompt-injection journey with four checkpoints for the
sanitization behavior: a clean prompt rendering verbatim, invisible/control
chars stripped to visible-only text, a whitespace/zero-width-only param
producing no auto-submit, and an HTML/script-ish payload rendering as inert
literal text (no injected element, no dialog). Adds a clearCachedSession
helper; existing TC1-TC5 are left untouched.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add checkpoints upi-06..upi-09 for the new ?prompt= sanitization specs and
upi-10 (oversized truncation) as unit-covered/not-e2e-reproducible, keeping
COVERAGE.md and coverage.json in sync with the journey additions.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@conradmugabe conradmugabe requested a review from mamigot as a code owner July 13, 2026 22:20
@conradmugabe conradmugabe self-assigned this Jul 13, 2026
@conradmugabe conradmugabe requested a review from sonegillis1 July 13, 2026 22:20
@mamigot

mamigot commented Jul 13, 2026

Copy link
Copy Markdown
Member

Claude finished @conradmugabe's task —— View job


E2E Coverage Review

  • Dismiss stale REQUEST_CHANGES reviews (none found)
  • Identify changed files (no new page.tsx routes)
  • Run mechanical coverage check — ✅ pass (545 → 550 checkpoints, +5)
  • Read current coverage state — new chat-url-prompt-injection journey properly added
  • Apply decision logic and post review — ✅ approved

Result: No new app routes introduced. Coverage improved with 5 new checkpoints for the ?prompt= sanitization feature. All 25/25 source files remain covered.

@mamigot mamigot left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ E2E Coverage — No Issues

No new app routes were introduced. All existing coverage is intact.

Coverage check: 545 → 550 checkpoints (+5) — improved by the new chat-url-prompt-injection journey spec.

@conradmugabe conradmugabe added the run-tests Trigger PR validation pipeline label Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

run-tests Trigger PR validation pipeline

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants