Skip to content

UI: prevent tabnabbing in chat images#1

Merged
Mariana-Codebase merged 1 commit intomainfrom
security/tabnabbing-chat-images
Feb 16, 2026
Merged

UI: prevent tabnabbing in chat images#1
Mariana-Codebase merged 1 commit intomainfrom
security/tabnabbing-chat-images

Conversation

@Mariana-Codebase
Copy link
Copy Markdown
Owner

@Mariana-Codebase Mariana-Codebase commented Feb 16, 2026

Summary

  • Problem: opening chat images with window.open allows tabnabbing via window.opener.
  • Why it matters: an external tab can redirect or manipulate the original app (phishing).
  • What changed: use noopener,noreferrer and force opener = null.
  • What did NOT change (scope boundary): no changes to image rendering or loading.

Change Type (select all)

  • Bug fix
  • Feature
  • Refactor
  • Docs
  • Security hardening
  • Chore/infra

Scope (select all touched areas)

  • Gateway / orchestration
  • Skills / tool execution
  • Auth / tokens
  • Memory / storage
  • Integrations
  • API / contracts
  • UI / DX
  • CI/CD / infra

Linked Issue/PR

  • Closes #
  • Related #

User-visible / Behavior Changes

  • Opening chat images now opens a new tab without access to window.opener.

Security Impact (required)

  • New permissions/capabilities? (No)
  • Secrets/tokens handling changed? (No)
  • New/changed network calls? (No)
  • Command/tool execution surface changed? (No)
  • Data access scope changed? (No)
  • If any Yes, explain risk + mitigation:

Repro + Verification

Environment

  • OS: Windows 10
  • Runtime/container: N/A
  • Model/provider: N/A
  • Integration/channel (if any): N/A
  • Relevant config (redacted): N/A

Steps

  1. Open a chat image.
  2. Verify the opened tab has no access to window.opener.

Expected

  • window.opener is null in the opened tab.

Actual

  • window.opener is null in the opened tab.

Evidence

Attach at least one:

  • Failing test/log before + passing after
  • Trace/log snippets
  • Screenshot/recording
  • Perf numbers (if relevant)

Human Verification (required)

  • Verified scenarios: clicking a chat image opens a new tab without opener.
  • Edge cases checked: N/A
  • What you did not verify: other browsers.

Compatibility / Migration

  • Backward compatible? (Yes)
  • Config/env changes? (No)
  • Migration needed? (No)
  • If yes, exact upgrade steps:

Failure Recovery (if this breaks)

  • How to disable/revert this change quickly: revert commit.
  • Files/config to restore: ui/src/ui/chat/grouped-render.ts
  • Known bad symptoms reviewers should watch for: N/A

Risks and Mitigations

  • Risk: None.
    • Mitigation: N/A

@Mariana-Codebase Mariana-Codebase merged commit e3eab17 into main Feb 16, 2026
Mariana-Codebase pushed a commit that referenced this pull request Mar 4, 2026
@napetrov @tyler6204
sessions_spawn: inline attachments with redaction, lifecycle cleanup,…
a9f1188 
… and docs (openclaw#16761)

Add inline file attachment support for sessions_spawn (subagent runtime only):

- Schema: attachments[] (name, content, encoding, mimeType) and attachAs.mountPath hint
- Materialization: files written to .openclaw/attachments/<uuid>/ with manifest.json
- Validation: strict base64 decode, filename checks, size limits, duplicate detection
- Transcript redaction: sanitizeToolCallInputs redacts attachment content from persisted transcripts
- Lifecycle cleanup: safeRemoveAttachmentsDir with symlink-safe path containment check
- Config: tools.sessions_spawn.attachments (enabled, maxFiles, maxFileBytes, maxTotalBytes, retainOnSessionKeep)
- Registry: attachmentsDir/attachmentsRootDir/retainAttachmentsOnKeep on SubagentRunRecord
- ACP rejection: attachments rejected for runtime=acp with clear error message
- Docs: updated tools/index.md, concepts/session-tool.md, configuration-reference.md
- Tests: 85 new/updated tests across 5 test files

Fixes:
- Guard fs.rm in materialization catch block with try/catch (review concern #1)
- Remove unreachable fallback in safeRemoveAttachmentsDir (review concern openclaw#7)
- Move attachment cleanup out of retry path to avoid timing issues with announce loop

Co-authored-by: Tyler Yust <[email protected]>
Co-authored-by: napetrov <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Mariana-Codebase