b95d85bb4c
Adversarial payloads in markdown link title attributes (rendered as tooltips, parsed by agents) bypassed the existing HTML-content checks which gated on `<tag>` presence. Pattern: [text](url "title"). Adds linkTitleRegex extraction to the HTML-content block, runs each captured title through scanForInjection, emits at the strongest tier encountered with category markdown-link-title-injection. +3 tests (62 → 62 in post-mcp-verify.test.mjs file, was 59). Refs: Batch B Wave 4 / Step 9 / v7.2.0 |
||
|---|---|---|
| .. | ||
| fixtures | ||
| helpers | ||
| hooks | ||
| lib | ||
| scanners | ||