github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-18 09:07:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(media): strip MEDIA: lines with local paths instead of leaking as text (#14399)

Browse Source 
When internal tools (e.g. TTS) emit MEDIA:/tmp/... with absolute paths,
isValidMedia() correctly rejects them for security. However, the rejected
MEDIA: line was kept as visible text in the output, leaking the path to
the user.

Now strip MEDIA: lines that look like local paths even when the path
is invalid, so they never appear as user-visible text.

Closes #14365

Co-authored-by: Echo Ito <echoito@MacBook-Air.local>
This commit is contained in:
0xRain
2026-02-12 21:45:22 +08:00
committed by GitHub
parent 94d6858160
commit 94bc62ad46
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/media/parse.ts
View File

@@ -191,6 +191,10 @@ export function splitMediaFromOutput(raw: string): {
if (invalidParts.length > 0) {
pieces.push(invalidParts.join(" "));
}
} else if (looksLikeLocalPath) {
// Strip MEDIA: lines with local paths even when invalid (e.g. absolute paths
// from internal tools like TTS). They should never leak as visible text.
foundMediaToken = true;
} else {
// If no valid media was found in this match, keep the original token text.
pieces.push(match[0]);