github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-11 08:51:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden session export image data-url handling

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 02:52:33 +00:00
parent fefc414576
commit e578521ef4
8 changed files with 138 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/agents/tool-images.test.ts
View File

@@ -107,4 +107,22 @@ describe("tool image sanitizing", () => {
const image = getImageBlock(out);
expect(image.mimeType).toBe("image/jpeg");
});
it("drops malformed image base64 payloads", async () => {
const blocks = [
{
type: "image" as const,
data: 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/x8AAwMCAO2N4j8AAAAASUVORK5CYII=" onerror="alert(1)',
mimeType: "image/png",
},
];
const out = await sanitizeContentBlocksImages(blocks, "test");
expect(out).toEqual([
{
type: "text",
text: "[test] omitted image payload: invalid base64",
},
]);
});
});