fix: server-side payload cap + cleaner image abort

Addresses Copilot review on PR #9:

- /api/vision: add MAX_ANNOTATED_BYTES (3 MB) cap on annotatedImageBase64,
  plus an explicit type/non-empty check. Browser annotator resizes to 768
  wide (typically 200-800 KB base64), so 3 MB rejects abusive direct-API
  payloads that would otherwise inflate upstream vision LLM costs.
- annotateClient: replace `img.src = ""` on timeout with removeAttribute
  to avoid the legacy browser behavior of treating empty src as a
  navigation to the current document URL.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
yuanzonghao
2026-06-02 22:13:40 +08:00
parent 72331bb865
commit 203e63edc2
2 changed files with 25 additions and 3 deletions
+3 -1
View File
@@ -59,7 +59,9 @@ function loadImage(
return new Promise((resolve, reject) => {
const img = new Image();
const timer = setTimeout(() => {
img.src = "";
// removeAttribute, not `src = ""` — setting empty string can trigger
// a navigation to the current document URL in some browsers.
img.removeAttribute("src");
reject(new Error(`Image load timed out after ${timeoutMs}ms`));
}, timeoutMs);
img.crossOrigin = "anonymous";