feat(security): harden API export, remove global flags, unify scheduler

Browse Source

- Removed reliance on window.DEBUG_MODE and window.DISABLE_* flags.
- Configuration is now passed via constructor instead of global variables.
- Exposed API remains on `window.secureBitChat`, but without backup globals or hidden toggles.
- Consolidated multiple setInterval tasks into a single scheduler to reduce attack surface.
- Added strict limits for IV history and log storage to prevent memory exhaustion.
- Improved XSS hardening: no more global switches to disable security features.

...

This commit is contained in:

lockbitchat

2025-08-31 18:01:46 -04:00

parent 39ae9f01b7

commit 6c4d0eeaee

1 changed files with 868 additions and 815 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

1683

src/network/EnhancedSecureWebRTCManager.js

File diff suppressed because it is too large Load Diff