[frontend/security] API key prefixes regex-matched in client-side slashCommands.js #793

New issue

Closed

opened 2026-06-03 00:40:42 +02:00 by sleepy · 1 comment

sleepy commented

2026-06-03 00:40:42 +02:00

Owner

Finding

static/js/slashCommands.js lines 39-41 contain regex patterns that detect API key formats in user input client-side:

{ re: /^sk-ant-/,  name: "Anthropic",  url: "https://api.anthropic.com/v1" },
{ re: /^sk-or-/,   name: "OpenRouter", url: "https://openrouter.ai/api/v1" },
{ re: /^sk-proj-/, name: "OpenAI",     url: "https://api.openai.com/v1" },

The flow (lines 549, 627, 647, 663, 683, 704, 722) sends detected API keys via FormData (fd.append("api_key", ...)) to the server. The key is visible in browser DevTools, browser history, and any XSS payload on the page.

Impact

API keys typed into chat input are handled in client-side JS before being sent to the server
Combined with the XSS vulnerability in #788, an attacker could exfiltrate API keys entered by other users
Keys are temporarily in DOM/JS memory where any browser extension or XSS can read them

Recommendation

Move API key setup to a dedicated settings page (settings.js already handles this)
Never accept API keys through the chat input field
If slash-command key setup must remain, process it without retaining the key in JS variables longer than necessary

## Finding `static/js/slashCommands.js` lines 39-41 contain regex patterns that detect API key formats in user input client-side: ```javascript { re: /^sk-ant-/, name: "Anthropic", url: "https://api.anthropic.com/v1" }, { re: /^sk-or-/, name: "OpenRouter", url: "https://openrouter.ai/api/v1" }, { re: /^sk-proj-/, name: "OpenAI", url: "https://api.openai.com/v1" }, ``` The flow (lines 549, 627, 647, 663, 683, 704, 722) sends detected API keys via FormData (`fd.append("api_key", ...)`) to the server. The key is visible in browser DevTools, browser history, and any XSS payload on the page. ## Impact - API keys typed into chat input are handled in client-side JS before being sent to the server - Combined with the XSS vulnerability in #788, an attacker could exfiltrate API keys entered by other users - Keys are temporarily in DOM/JS memory where any browser extension or XSS can read them ## Recommendation 1. Move API key setup to a dedicated settings page (settings.js already handles this) 2. Never accept API keys through the chat input field 3. If slash-command key setup must remain, process it without retaining the key in JS variables longer than necessary

sleepy referenced this issue from a commit

2026-06-03 20:19:16 +02:00

[security] Remove API key regex patterns from client-side JS (#793)

sleepy referenced this issue from a pull request that will close it,

2026-06-03 20:20:00 +02:00

[security] Remove API key regex patterns from client-side JS (#793) #836

sleepy commented

2026-06-03 20:20:08 +02:00

Author

Owner

Fixed in PR #836. API key prefix patterns moved from client-side PROVIDER_PATTERNS in slashCommands.js to server-side POST /api/detect-key-provider endpoint in model_routes.py. Client-side detectProvider() now delegates key detection to the server.

Fixed in PR #836. API key prefix patterns moved from client-side `PROVIDER_PATTERNS` in `slashCommands.js` to server-side `POST /api/detect-key-provider` endpoint in `model_routes.py`. Client-side `detectProvider()` now delegates key detection to the server.

sleepy closed this issue

2026-06-03 20:20:15 +02:00