mirror of
https://github.com/avinal/sciezka.git
synced 2026-07-03 23:30:09 +05:30
fix: postMessage security hardening and highlight grouping
Add per-session nonce to all postMessage exchanges between content script and iframe, use targeted origin instead of wildcard, add explicit CSP to manifest. Group consecutive matched characters into single mark elements to fix visual spacing. Assisted-by: Claude Code Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
This commit is contained in:
@@ -13,6 +13,9 @@
|
||||
"sessions",
|
||||
"storage"
|
||||
],
|
||||
"content_security_policy": {
|
||||
"extension_pages": "script-src 'self'; object-src 'self'; img-src 'self' data:;"
|
||||
},
|
||||
"background": {
|
||||
"scripts": ["dist/background.js"]
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user