sneak/AutistMask
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

security: fix high-severity findings from audit (closes #6) #7

Merged
sneak merged 8 commits from fix/high-severity-security into main 2026-02-27 20:56:43 +01:00
Conversation 1 Commits 8 Files Changed 6 +11 -1
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit eec96f9054 - Show all commits

7
src/popup/index.html
View File

@@ -1018,7 +1018,12 @@
<div <div
id="approve-sign-danger-warning" id="approve-sign-danger-warning"
class="hidden mb-3 p-2 text-xs font-bold" class="hidden mb-3 p-2 text-xs font-bold"
style="background: #fee2e2; color: #991b1b; border: 2px solid #dc2626; border-radius: 6px" style="
background: #fee2e2;
color: #991b1b;
border: 2px solid #dc2626;
border-radius: 6px;
"
></div> ></div>
<div class="mb-3"> <div class="mb-3">

5
src/popup/views/confirmTx.js
View File

@@ -334,8 +334,13 @@ function init(ctx) {
tx = await contract.transfer(pendingTx.to, amount); tx = await contract.transfer(pendingTx.to, amount);
} }
// Best-effort: clear decrypted secret after use.
// Note: JS strings are immutable; this nulls the reference but
// the original string may persist in memory until GC.
decryptedSecret = null;
txStatus.showWait(pendingTx, tx.hash); txStatus.showWait(pendingTx, tx.hash);
} catch (e) { } catch (e) {
decryptedSecret = null;
const hash = tx ? tx.hash : null; const hash = tx ? tx.hash : null;
txStatus.showError(pendingTx, hash, e.shortMessage || e.message); txStatus.showError(pendingTx, hash, e.shortMessage || e.message);
} }