Skip to content

Main to dev#1758

Closed
jjramirezn wants to merge 6 commits intodevfrom
main
Closed

Main to dev#1758
jjramirezn wants to merge 6 commits intodevfrom
main

Conversation

@jjramirezn
Copy link
Contributor

@jjramirezn jjramirezn commented Mar 16, 2026

No description provided.

github-actions bot and others added 6 commits March 13, 2026 17:21
@github-actions
Update content submodule to latest main
33f3727
@Hugo0
Merge pull request #1750 from peanutprotocol/auto/update-content-2026…
037a834 
…0313-172101

Update content submodule
@chip-peanut-bot
fix: strip claim link secrets from PostHog analytics
bba0153 
PostHog was capturing full URLs including hash fragments containing
claim link passwords (p= parameter). Anyone with PostHog access could
extract these and steal funds from unclaimed links.

Adds sanitize_properties to PostHog init that redacts the p= parameter
from all URL properties before they leave the browser.

Security: HIGH — prevents credential leakage to third-party analytics.
@chip-peanut-bot
fix: bump peanut-content submodule (fix broken pt-br links)
4f1dcb7 
Updates content submodule to include fix for broken /pt-br/supported-geographies
links in binance-p2p and revolut comparison pages.
@chip-peanut-bot
fix: bump content submodule — correct link to /help/supported-geograp…
781948e 
…hies
@jjramirezn
Merge pull request #1756 from peanutprotocol/chip/hotfix-posthog-secr…
2498c8a 
…et-leak

fix: strip claim link secrets from PostHog analytics
@vercel
Copy link

vercel bot commented Mar 16, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
peanut-wallet Ready Ready Preview, Comment Mar 16, 2026 8:02pm

Request Review

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 16, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c39450e5-208f-4030-bcaa-2b7ff8bbe4ef

📥 Commits

Reviewing files that changed from the base of the PR and between a0076bc and 2498c8a.

📒 Files selected for processing (2)
  • instrumentation-client.ts
  • src/content

Walkthrough

Added a sanitization feature to remove sensitive URL parameters from PostHog instrumentation. Introduced sanitizeUrl() function and a constant listing URL properties to sanitize, then enabled the sanitize_properties hook in PostHog initialization. Additionally, updated a submodule reference in src/content.

Changes

Cohort / File(s) Summary
URL Sanitization
instrumentation-client.ts		 Added sanitizeUrl() function to remove sensitive p parameter from URL hash fragments and query strings, defined URL_PROPERTIES constant, and enabled sanitize_properties hook in PostHog init configuration.
Submodule Update
src/content		 Updated submodule pointer reference to track latest commit.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

✨ Finishing Touches
  • 📝 Generate docstrings (stacked PR)
  • 📝 Generate docstrings (commit on current branch)
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch main
📝 Coding Plan
  • Generate coding plan for human review comments

Comment @coderabbitai help to get the list of available commands and usage tips.

Tip

You can generate walkthrough in a markdown collapsible section to save space.

Enable the reviews.collapse_walkthrough setting to generate walkthrough in a markdown collapsible section.

@jjramirezn jjramirezn closed this Mar 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jjramirezn @Hugo0