fix: security scan in purchaser_info, remove disableBlackout

TPEmist · TPEmist · commit 857beba3328f · 2026-04-09T15:50:12.000-07:00
- Add page security scan to request_purchaser_info (parity with npm)
- Remove _disable_blackout() method (security risk: exposes card data)
diff --git a/pop_pay/injector.py b/pop_pay/injector.py
@@ -1107,24 +1107,6 @@ async def _enable_blackout(page):
                     pass  # cross-origin frames may reject — that's OK
         except Exception as e:
             logger.debug("PopBrowserInjector: failed to enable blackout: %s", e)
-
-    @staticmethod
-    async def _disable_blackout(page):
-        """
-        Remove the field-level masking CSS from all frames.
-        Called after the user clicks submit, or if injection fails.
-        """
-        try:
-            for frame in page.frames:
-                try:
-                    await frame.evaluate("""() => {
-                        const style = document.getElementById('pop-pay-blackout');
-                        if (style) style.remove();
-                    }""")
-                except Exception:
-                    pass
-        except Exception as e:
-            logger.debug("PopBrowserInjector: failed to disable blackout: %s", e)
  
     @staticmethod
     async def _find_visible_locator(frame, selectors: list):
diff --git a/pop_pay/mcp_server.py b/pop_pay/mcp_server.py
@@ -500,6 +500,38 @@ async def request_purchaser_info(
 
     This tool does NOT issue a card, does NOT charge anything, and does NOT affect your budget.
     """
+    # -------------------------------------------------------------------
+    # P1: Automatic security scan (runs whenever page_url is provided)
+    # -------------------------------------------------------------------
+    if page_url:
+        # Check cache first (reuse recent scan within 5 minutes)
+        cached = snapshot_cache.get(page_url)
+        if cached and datetime.now() - cached["timestamp"] < timedelta(minutes=5):
+            scan_result = {
+                "flags": cached["flags"],
+                "snapshot_id": cached["snapshot_id"],
+                "safe": "hidden_instructions_detected" not in cached["flags"],
+                "error": None,
+            }
+        else:
+            scan_result = await _scan_page(page_url)
+
+        if scan_result.get("error"):
+            # Network/URL error — treat as unsafe; do not inject info
+            return (
+                f"Billing info rejected. Security scan failed: {scan_result['error']} "
+                f"Snapshot ID: {scan_result['snapshot_id']}. "
+                f"Fix the URL or skip page_url if the page has no associated URL."
+            )
+
+        if not scan_result["safe"]:
+            return (
+                f"Billing info rejected. Security scan detected hidden prompt injection. "
+                f"Snapshot ID: {scan_result['snapshot_id']}. "
+                f"Flags: {scan_result['flags']}. "
+                f"Do not retry this."
+            )
+
     if injector is None:
         return (
             "Billing info injection is not available. "
