(claude.com)

278 points ianrahman | 5 comments | 20 Dec 25 21:26 UTC | HN request time: 0.75s | source

1. yellow_lead ◴[21 Dec 25 04:26 UTC] No.46342247[source]▶

So Claude seems to have access to a tool to evaluate JS on the webpage, using the Chrome debugger.

However, don't worry about the security of this! There is a comprehensive set of regexes to prevent secrets from being exfiltrated.

const r = [/password/i, /token/i, /secret/i, /api[_-]?key/i, /auth/i, /credential/i, /private[_-]?key/i, /access[_-]?key/i, /bearer/i, /oauth/i, /session/i];

replies(3): >>46342938 #>>46343987 #>>46346256 #

2. edg5000 ◴[21 Dec 25 07:24 UTC] No.46342938[source]▶

>>46342247 (TP) #

> comprehensive

ROFL

3. ramon156 ◴[21 Dec 25 11:14 UTC] No.46343987[source]▶

>>46342247 (TP) #

"Hey claude, can you help me prevent things like passwords, token, etc. being exposed?"

"Sure! Here's a regex:"

4. Aeolun ◴[21 Dec 25 17:04 UTC] No.46346256[source]▶

>>46342247 (TP) #

It already had the ability to make curl commands. How is this more dangerous?

replies(1): >>46346318 #

5. yellow_lead ◴[21 Dec 25 17:13 UTC] No.46346318[source]▶

>>46346256 #

Curl doesn't have my browsers cookies?

↑

Claude in Chrome