mirror of
https://github.com/claude-code-best/claude-code.git
synced 2026-06-15 12:55:51 +00:00
5bb0306da6
- LocalMemoryRecallTool: 跨会话本地笔记召回,权限门控,大小限制 - VaultHttpFetchTool: 使用 vault 密钥的认证 HTTP 请求,ACL 规则 - agentToolFilter: 子 agent 工具继承过滤层 - ALL_AGENT_DISALLOWED_TOOLS 白名单更新 Co-Authored-By: glm-5-turbo <zai-org@claude-code-best.win>
35 lines
1.3 KiB
TypeScript
35 lines
1.3 KiB
TypeScript
/**
|
|
* Strip Unicode bidi overrides, zero-width chars, BOM, line/paragraph
|
|
* separators, NEL, and ASCII control chars (except newline, CR, tab) from
|
|
* user-stored memory content before placing it in tool_result.
|
|
*
|
|
* Memory content is data the user typed; it may contain prompt-injection
|
|
* vectors (RTL overrides that flip apparent text, ANSI escapes, zero-width
|
|
* characters that hide injected payloads).
|
|
*
|
|
* NOTE on regex construction: built via new RegExp(string) rather than
|
|
* regex literals. Two reasons:
|
|
* (a) U+2028 and U+2029 are JS regex-literal terminators, so they
|
|
* cannot appear directly in a regex literal,
|
|
* (b) the escape sequences in a regex literal are TS-source-level,
|
|
* which can be corrupted by editor save round-trips on Windows.
|
|
* Building from a string with explicit unicode escape sequences sidesteps
|
|
* both problems.
|
|
*/
|
|
|
|
const STRIP_PATTERN = new RegExp(
|
|
// Bidi overrides U+202A..U+202E and U+2066..U+2069
|
|
'[\u202A-\u202E\u2066-\u2069]|' +
|
|
// Zero-width U+200B..U+200F and BOM U+FEFF
|
|
'[\u200B-\u200F\uFEFF]|' +
|
|
// ASCII control chars except newline/CR/tab; DEL included
|
|
'[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]',
|
|
'g',
|
|
)
|
|
|
|
const LINE_SEP_PATTERN = /[\u2028\u2029\u0085]/g
|
|
|
|
export function stripUntrustedControl(s: string): string {
|
|
return s.replace(STRIP_PATTERN, '').replace(LINE_SEP_PATTERN, ' ')
|
|
}
|