Skip to content

ScriptVault v1.7.1

Choose a tag to compare

@SysAdminDoc SysAdminDoc released this 24 Mar 14:55
· 88 commits to main since this release

v1.7.1 — Security & Bug Fix Release

Security Fixes

  • postMessage origin validation — Content script bridge now uses location.origin instead of '/' for all window.postMessage calls
  • Monaco adapter — Frame messages now scoped to iframe origin instead of wildcard *
  • Offscreen document — Added sender ID validation to reject cross-extension messages
  • Script signing — Fixed base64url encoding mismatch between sign and verify operations

Critical Bug Fixes

  • Side Panel & DevTools were non-functional — Fixed message key mismatch (type:action:) that prevented all background communication
  • Side Panel toggle broken — Fixed idscriptId parameter name for script settings
  • Duplicate script installationsinstallFromUrl() now detects existing scripts by name+namespace and updates instead of duplicating
  • Popup dropdown — Fixed clicks inside dropdown menu closing it prematurely

Improvements

  • DevTools panel uses Promise.allSettled for partial failure recovery
  • Side panel shows error state with retry instead of blank on connection loss
  • WebDAV validates URL before upload/download (prevents null crash)
  • Google Drive uses random multipart boundary (prevents body collision)
  • Token refresh failures now logged for Google, Dropbox
  • OneDrive validates upload data before sending
  • Static analyzer entropy detection lowered to 80 chars with adaptive threshold
  • Build artifacts (*.crx, *.zip, *.pem) added to .gitignore

Assets

  • ScriptVault-v1.7.1.zip — Chrome Web Store ready package
  • ScriptVault-v1.7.1.crx — Direct install CRX file