npm - @xcanwin/manyoyo - Versions diffs - 5.2.5 → 5.2.9 - Mend

@xcanwin/manyoyo 5.2.5 → 5.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/bin/manyoyo.js +1 -1
package/lib/plugin/playwright.js +1 -1
package/lib/web/frontend/app.js +1 -1
package/lib/web/frontend/markdown-renderer.js +30 -2
package/lib/web/server.js +34 -2
package/package.json +1 -1

package/bin/manyoyo.js CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
-const { execSync, spawnSync } = require('child_process');
+const { spawnSync } = require('child_process');
 const fs = require('fs');
 const path = require('path');
 const os = require('os');

package/lib/plugin/playwright.js CHANGED Viewed

@@ -1339,7 +1339,7 @@ class PlaywrightPlugin {
         const scenes = this.resolveTargets('all');
         for (const sceneName of scenes) {
             const url = `http://${host}:${this.scenePort(sceneName)}/mcp`;
-            this.writeStdout(`claude mcp add --transport http playwright-${sceneName} ${url}`);
+            this.writeStdout(`claude mcp add --transport http -s user playwright-${sceneName} ${url}`);
         }
         this.writeStdout('');
         for (const sceneName of scenes) {

package/lib/web/frontend/app.js CHANGED Viewed

@@ -1014,7 +1014,7 @@
     async function api(url, options) {
         const requestOptions = Object.assign(
-            { headers: { 'Content-Type': 'application/json' } },
+            { headers: { 'Content-Type': 'application/json', 'X-Requested-With': 'XMLHttpRequest' } },
             options || {}
         );
         const response = await fetch(url, requestOptions);

package/lib/web/frontend/markdown-renderer.js CHANGED Viewed

@@ -62,15 +62,43 @@
             renderer.link = function (href, title, text) {
                 const safeHref = sanitizeMarkdownUrl(href);
                 if (!safeHref) {
-                    return text || '';
+                    return escapeHtml(text || '');
                 }
+                // [P1-02] 移除 marked 已渲染链接文本中的 on* 事件属性，防止内联 HTML 注入 XSS
+                const safeText = String(text || '').replace(/\s+on\w+\s*=\s*(?:"[^"]*"|'[^']*'|[^\s>]*)/gi, '');
                 let output = '<a href="' + escapeHtml(safeHref) + '" target="_blank" rel="noopener noreferrer"';
                 if (title) {
                     output += ' title="' + escapeHtml(title) + '"';
                 }
-                output += '>' + (text || '') + '</a>';
+                output += '>' + safeText + '</a>';
                 return output;
             };
+            // [P1-01] 重写 image 渲染器：
+            //   - 外部 http/https 图片转为可点击链接，避免浏览器自动发起外部请求（追踪像素风险）
+            //   - 相对路径图片正常渲染为 <img>
+            //   - 危险协议（javascript:/data: 等）降级为纯文本
+            renderer.image = function (href, title, text) {
+                const safeHref = sanitizeMarkdownUrl(href);
+                if (!safeHref) {
+                    return escapeHtml(text || '');
+                }
+                // 外部绝对 URL：转为链接，用户主动决定是否访问
+                if (/^https?:/i.test(safeHref)) {
+                    const safeText = String(text || '').replace(/\s+on\w+\s*=\s*(?:"[^"]*"|'[^']*'|[^\s>]*)/gi, '')
+                        || escapeHtml(safeHref);
+                    let output = '<a href="' + escapeHtml(safeHref) + '" target="_blank" rel="noopener noreferrer"';
+                    if (title) {
+                        output += ' title="' + escapeHtml(title) + '"';
+                    }
+                    return output + '>[\uD83D\uDDBC\uFE0F点击查看图片:' + safeText + ']</a>';
+                }
+                // 相对路径：正常渲染为图片
+                let output = '<img src="' + escapeHtml(safeHref) + '" alt="' + escapeHtml(text || '') + '"';
+                if (title) {
+                    output += ' title="' + escapeHtml(title) + '"';
+                }
+                return output + '>';
+            };
             markedApi.use({
                 gfm: true,

package/lib/web/server.js CHANGED Viewed

@@ -414,11 +414,11 @@ function clearWebAuthSession(state, req) {
 }
 function getWebAuthCookie(sessionId) {
-    return `${WEB_AUTH_COOKIE_NAME}=${encodeURIComponent(sessionId)}; Path=/; HttpOnly; SameSite=Lax; Max-Age=${WEB_AUTH_TTL_SECONDS}`;
+    return `${WEB_AUTH_COOKIE_NAME}=${encodeURIComponent(sessionId)}; Path=/; HttpOnly; SameSite=Strict; Max-Age=${WEB_AUTH_TTL_SECONDS}`;
 }
 function getWebAuthClearCookie() {
-    return `${WEB_AUTH_COOKIE_NAME}=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0`;
+    return `${WEB_AUTH_COOKIE_NAME}=; Path=/; HttpOnly; SameSite=Strict; Max-Age=0`;
 }
 function getDefaultWebConfigPath() {
@@ -1455,6 +1455,14 @@ function sendWebUnauthorized(res, pathname) {
 }
 async function handleWebApi(req, res, pathname, ctx, state) {
+    // [P2-03] 对非只读请求校验自定义头，防止 CSRF 攻击
+    // 跨站请求无法设置自定义头（浏览器同源策略），合法前端请求统一携带此头
+    if (req.method !== 'GET' && req.method !== 'HEAD') {
+        if (req.headers['x-requested-with'] !== 'XMLHttpRequest') {
+            sendJson(res, 403, { error: 'CSRF check failed' });
+            return true;
+        }
+    }
     const routes = [
         {
             method: 'GET',
@@ -1853,6 +1861,30 @@ async function startWebServer(options) {
             return;
         }
+        // [P1-03] Origin 校验，防止跨站 WebSocket 劫持（CSWSH）
+        // 浏览器发起的 WebSocket 请求必须携带 Origin 头，非浏览器客户端（如 curl）不携带则放行
+        const requestOrigin = req.headers.origin;
+        if (requestOrigin) {
+            const allowedOrigins = new Set();
+            if (ctx.serverHost === '0.0.0.0') {
+                // 0.0.0.0 监听时，以请求的 Host 头构造允许来源
+                const hostHeader = req.headers.host || '';
+                if (hostHeader) {
+                    allowedOrigins.add(`http://${hostHeader}`);
+                    allowedOrigins.add(`https://${hostHeader}`);
+                }
+            } else {
+                allowedOrigins.add(`http://${formatUrlHost(ctx.serverHost)}:${listenPort}`);
+                if (ctx.serverHost === '127.0.0.1') {
+                    allowedOrigins.add(`http://localhost:${listenPort}`);
+                }
+            }
+            if (allowedOrigins.size > 0 && !allowedOrigins.has(requestOrigin)) {
+                sendWebSocketUpgradeError(socket, 403, 'Forbidden');
+                return;
+            }
+        }
         const authSession = getWebAuthSession(state, req);
         if (!authSession) {
             sendWebSocketUpgradeError(socket, 401, 'UNAUTHORIZED');

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@xcanwin/manyoyo",
-    "version": "5.2.5",
+    "version": "5.2.9",
     "imageVersion": "1.8.1-common",
     "description": "AI Agent CLI Security Sandbox for Docker and Podman",
     "keywords": [