github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-12 00:33:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden session export image data-url handling

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 02:52:33 +00:00
parent fefc414576
commit e578521ef4
8 changed files with 138 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/media/base64.ts
View File

@@ -35,3 +35,17 @@ export function estimateBase64DecodedBytes(base64: string): number {
const estimated = Math.floor((effectiveLen * 3) / 4) - padding;
return Math.max(0, estimated);
}
const BASE64_CHARS_RE = /^[A-Za-z0-9+/]+={0,2}$/;
/**
* Normalize and validate a base64 string.
* Returns canonical base64 (no whitespace) or undefined when invalid.
*/
export function canonicalizeBase64(base64: string): string | undefined {
const cleaned = base64.replace(/\s+/g, "");
if (!cleaned || cleaned.length % 4 !== 0 || !BASE64_CHARS_RE.test(cleaned)) {
return undefined;
}
return cleaned;
}