Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

fix(devtools): add event tagging to prevent DDOS#62645

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
JeanMeche wants to merge1 commit intoangular:main
base:main
Choose a base branch
Loading
fromJeanMeche:devtools/spam-protection

Conversation

JeanMeche
Copy link
Member

@JeanMecheJeanMeche commentedJul 15, 2025
edited
Loading

One common problem encountered by the devtools content script is that it accepted almost any message send over the message bus. Some websites likeauth.openai.com were spamming the bus and DDOS the devtools app.

By introducing event tagging and skipping non-devtools events we prevent DDOS of the Angular devtools content script by on forward tagged events.

fixes#62471#62450#55854

andgdk and michael-small reacted with eyes emoji
@ngbotngbotbot added this to theBacklog milestoneJul 15, 2025
@JeanMecheJeanMecheforce-pushed thedevtools/spam-protection branch 3 times, most recently from8e83db9 to20fa9d5CompareJuly 15, 2025 12:52
@JeanMecheJeanMecheforce-pushed thedevtools/spam-protection branch from20fa9d5 tob55f820CompareJuly 15, 2025 16:15
@JeanMeche
Copy link
MemberAuthor

/gemini review

@angularangular deleted a comment fromgemini-code-assistbotJul 15, 2025
Copy link

@gemini-code-assistgemini-code-assistbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Code Review

This pull request introduces two important defensive mechanisms for the message bus: event tagging to filter out irrelevant messages, and a spam protection mechanism to prevent the devtools from being overwhelmed by high-frequency event streams. The event tagging is implemented correctly across the different message bus types.

My main feedback is on the spam protection logic incontent-script.ts. The current implementation has a delay in detection which could still allow a burst of messages to impact the extension. I've provided a suggestion for a more immediate protection strategy. Overall, this is a valuable improvement for the stability of the devtools.

@JeanMecheJeanMecheforce-pushed thedevtools/spam-protection branch fromb55f820 to54b55afCompareJuly 15, 2025 16:55
@JeanMecheJeanMeche requested a review fromdgp1130July 17, 2025 18:05
@JeanMecheJeanMecheforce-pushed thedevtools/spam-protection branch from54b55af toe060593CompareJuly 17, 2025 18:33
Copy link
Member

@AleksanderBodurriAleksanderBodurri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

So happy to see this issue solved. Thanks for this@JeanMeche 🙏

@JeanMecheJeanMecheforce-pushed thedevtools/spam-protection branch frome060593 to5ef124cCompareJuly 18, 2025 23:26
@JeanMecheJeanMeche changed the titlefix(devtools): Enhance message bus with event tagging and spam protec…fix(devtools): add event tagging to prevent DDOSJul 18, 2025
@JeanMecheJeanMeche added action: mergeThe PR is ready for merge by the caretaker target: patchThis PR is targeted for the next patch release target: minorThis PR is targeted for the next minor release labelsJul 18, 2025
One common problem encountered by the devtools content script is that it accepted almost any message send over the message bus. Some websites like `auth.openai.com` were spamming the bus and DDOS the devtools app.By introducing event tagging and skipping non-devtools events we prevent DDOS of the Angular devtools content script by on forward tagged events.
@JeanMecheJeanMecheforce-pushed thedevtools/spam-protection branch from5ef124c toa6503d4CompareJuly 18, 2025 23:55
@JeanMecheJeanMeche removed the target: patchThis PR is targeted for the next patch release labelJul 18, 2025
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@gemini-code-assistgemini-code-assist[bot]gemini-code-assist[bot] left review comments

@dgp1130dgp1130dgp1130 approved these changes

@AleksanderBodurriAleksanderBodurriAleksanderBodurri approved these changes

Assignees
No one assigned
Labels
action: mergeThe PR is ready for merge by the caretakerarea: devtoolstarget: minorThis PR is targeted for the next minor release
Projects
None yet
Milestone
Backlog
Development

Successfully merging this pull request may close these issues.

Devtools completely hangs Chrome with extremely high CPU / memory usage when visiting openAI auth page
3 participants
@JeanMeche@dgp1130@AleksanderBodurri
[8]ページ先頭
©2009-2025 Movatter.jp