mai
/
posimai-chronicle
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security(chronicle): PAT not exposed in input.value, fix manifest icon purpose 

- GitHub PAT: replaced input.value with placeholder to avoid exposing token in DOM
- manifest.json: split 'any maskable' into two separate icon entries per spec

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
posimai 2026-04-24 16:44:04 +09:00
parent ffc144fd31
commit ccc60626bb
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
index.html
View File

@ -512,7 +512,7 @@ function getGhPat() { return localStorage.getItem(GH_PAT_KEY) || ''; }
const status = document.getElementById('ghPatStatus'); const status = document.getElementById('ghPatStatus');
const pat = getGhPat(); const pat = getGhPat();
if (pat) { if (pat) {
input.value = pat; input.placeholder = '設定済み(変更する場合は再入力)';
status.textContent = '設定済み'; status.textContent = '設定済み';
status.style.color = 'var(--accent)'; status.style.color = 'var(--accent)';
} }

3
manifest.json
View File

@ -11,6 +11,7 @@
"orientation": "portrait-primary", "orientation": "portrait-primary",
"categories": ["productivity"], "categories": ["productivity"],
"icons": [ "icons": [
{ "src": "/logo.svg", "sizes": "any", "type": "image/svg+xml", "purpose": "any maskable" } { "src": "/logo.svg", "sizes": "any", "type": "image/svg+xml", "purpose": "any" },
{ "src": "/logo.svg", "sizes": "any", "type": "image/svg+xml", "purpose": "maskable" }
] ]
} }