vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-19 16:39:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
spawn/packages
History
A 52550dbdca
fix(security): replace eval-style interpolation with env var in allowOpenClawPreviewOrigin (#3217) 
Pass the preview origin via SPAWN_PREVIEW_ORIGIN env var instead of
interpolating it into the Node.js inline script, preventing potential
command injection if a malicious preview URL were returned by the API.

Fixes #3215

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-06 23:09:45 -07:00
..
cli fix(security): replace eval-style interpolation with env var in allowOpenClawPreviewOrigin (#3217) 2026-04-06 23:09:45 -07:00
shared fix: rethrow normalized Error in tryCatchIf/asyncTryCatchIf (#2930) 2026-03-23 19:33:05 -07:00