From f87ad7b159887cf7cd5d7cc15306506621588822 Mon Sep 17 00:00:00 2001
From: luojiyin <luojiyin@hotmail.com>
Date: Tue, 25 Nov 2025 11:52:48 +0800
Subject: [PATCH] =?UTF-8?q?security:=20=E5=A2=9E=E5=BC=BA=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E9=9A=90=E7=A7=81=E4=BF=9D=E6=8A=A4=E5=92=8C=E6=95=8F?=
 =?UTF-8?q?=E6=84=9F=E6=95=B0=E6=8D=AE=E5=AE=89=E5=85=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

   • 防止剪贴板内容泄露到日志文件
   - 修改剪贴板日志记录，只记录内容长度而非实际内容
   - 保护用户隐私，避免敏感信息在日志中暴露

   • 增强API密钥输入安全性
   - 添加autoComplete=off防止浏览器自动填充
   - 添加spellCheck=false防止拼写检查泄露

   • 优化内存安全管理
   - 清理剪贴板数据在内存中的引用
   - 适用于macOS/Windows/Linux三平台
---
 src/helpers/clipboard.js | 18 ++++++++++--------
 src/settings.jsx         |  3 +++
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/src/helpers/clipboard.js b/src/helpers/clipboard.js
index 2368907..86c0191 100644
--- a/src/helpers/clipboard.js
+++ b/src/helpers/clipboard.js
@@ -82,17 +82,13 @@ class ClipboardManager {
     try {
       // 首先保存原始剪贴板内容
       const originalClipboard = clipboard.readText();
-      this.safeLog(
-        "💾 已保存原始剪贴板内容",
-        originalClipboard.substring(0, 50) + "..."
-      );
+      // 不记录剪贴板内容到日志，保护用户隐私
+      this.safeLog("💾 已保存原始剪贴板内容", { length: originalClipboard.length });
 
       // 将文本复制到剪贴板 - 这总是有效的
       clipboard.writeText(text);
-      this.safeLog(
-        "📋 文本已复制到剪贴板",
-        text.substring(0, 50) + "..."
-      );
+      // 不记录剪贴板内容到日志，保护用户隐私
+      this.safeLog("📋 文本已复制到剪贴板", { length: text.length });
 
       if (process.platform === "darwin") {
         // 简化权限检查，直接尝试粘贴
@@ -147,6 +143,8 @@ class ClipboardManager {
             setTimeout(() => {
               clipboard.writeText(originalClipboard);
               this.safeLog("🔄 原始剪贴板内容已恢复");
+              // 清理内存中的引用
+              originalClipboard = null;
             }, 100);
             resolve();
           } else {
@@ -187,6 +185,8 @@ class ClipboardManager {
           // 文本粘贴成功
           setTimeout(() => {
             clipboard.writeText(originalClipboard);
+            // 清理内存中的引用
+            originalClipboard = null;
           }, 100);
           resolve();
         } else {
@@ -217,6 +217,8 @@ class ClipboardManager {
           // 文本粘贴成功
           setTimeout(() => {
             clipboard.writeText(originalClipboard);
+            // 清理内存中的引用
+            originalClipboard = null;
           }, 100);
           resolve();
         } else {
diff --git a/src/settings.jsx b/src/settings.jsx
index 0163ba7..5c9cfbe 100644
--- a/src/settings.jsx
+++ b/src/settings.jsx
@@ -293,6 +293,9 @@ const SettingsPage = () => {
                       onChange={(e) => handleInputChange('ai_api_key', e.target.value)}
                       placeholder="请输入您的AI API Key"
                       className="w-full px-3 py-2 pr-10 text-sm border border-gray-300 dark:border-gray-600 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100"
+                      // 防止浏览器自动填充和记住敏感信息
+                      autoComplete="off"
+                      spellCheck="false"
                     />
                     <button
                       type="button"