mikael-lovqvists-claude-agent 0568026e7c Validate URL protocol in open-browser action ...

Parse the URL and reject anything that isn't http/https before passing
to xdg-open, blocking file://, javascript:// and other schemes.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-07 20:36:26 +00:00

1.9 KiB

Raw Blame History

View Raw