mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-02 04:12:36 +00:00
Validates open-link schemes before opening. A sandboxed app could send ui/open-link with any string; onmessage now opens only http and https URLs and ignores other schemes and malformed URLs, so apps cannot launch javascript: or data: targets from the host page. Decodes blob-backed app resources. resources/read may return HTML as a base64 blob rather than text per the MCP Apps spec, so fetchMCPResourceHtml decodes the blob when text is absent instead of rendering a blank iframe. Disambiguates embedded ui:// resource ids by payload. The embedded resource id was hashed from only the template text or URI, so the same template returned by multiple calls with different structuredContent collided and the conversation resource map overwrote earlier entries. The id now mixes in the structured content and tool arguments, matching the synthetic-resource path. Allows a dedicated sandbox origin to be framed by the host. The MCP Apps spec requires the host and sandbox to have different origins for web hosts, but the sandbox route hardcoded same-origin framing. Framing stays same-origin by default and an operator can list allowed host origins via MCP_SANDBOX_FRAME_ANCESTORS for a cross-origin sandbox deployment. |
||
|---|---|---|
| .. | ||
| src | ||
| types | ||
| .gitignore | ||
| babel.config.cjs | ||
| jest.config.mjs | ||
| jest.setup.cjs | ||
| package.json | ||
| tsconfig-paths-bootstrap.mjs | ||
| tsconfig.build.json | ||
| tsconfig.json | ||
| tsconfig.spec.json | ||
| tsdown.config.mjs | ||