lzh/picoclaw
1
0
Fork 0
mirror of https://github.com/sipeed/picoclaw.git synced 2026-06-12 18:08:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(chat): avoid full secret exposure for 7-char secrets (#1942)

Browse Source 
- ensure at least 40% of the characters are masked for secrets of length 4 or more
- secrets with length <= 6 now show first and last char with mask
- secrets with length <= 12 now show first two and last two chars
- longer secrets show 3 prefix and 4 suffix
This commit is contained in:
LC
2026-03-24 11:26:20 +08:00
committed by GitHub
parent cf9e0496f7
commit ce1619051d
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/frontend/src/components/secret-placeholder.ts
+11 -4
View File
@@ -4,13 +4,20 @@ export function maskedSecretPlaceholder(value: unknown, fallback = ""): string {
return fallback
}
if (secret.length < 7) {
// ensure at least 40% of the characters are masked for secrets of length 4 or more
if (secret.length <= 6) {
const first = secret[0]
const last = secret[secret.length - 1]
return `${first}***${last}`
}
const prefix = secret.slice(0, Math.min(3, secret.length))
const suffix = secret.slice(-Math.min(4, secret.length))
return `${prefix}***${suffix}`
if (secret.length <= 12) {
const firstTwo = secret.slice(0, 2)
const lastTwo = secret.slice(-2)
return `${firstTwo}****${lastTwo}`
}
const prefix = secret.slice(0, 3)
const suffix = secret.slice(-4)
return `${prefix}*****${suffix}`
}