fix: remove XSS vulnerability and duplicate variant tooltip

- Remove ?url= query parameter from app.tsx (CVE-2026-22813, GHSA-c83v-7274-4vgp)
  Critical XSS vulnerability allowing command execution via malicious server URLs
- Remove duplicate variant cycle tooltip from TUI prompt
  Upstream implemented their own version, causing duplicate tooltips
- Document security fix in fork-features.json

Author: shuv1337

packages/app/src/app.tsx

@@ -39,26 +39,25 @@ declare global {
 }
 
 const defaultServerUrl = iife(() => {
-  // 1. Query parameter (highest priority)
-  const param = new URLSearchParams(document.location.search).get("url")
-  if (param) return param
+  // NOTE: The ?url= query parameter was intentionally removed due to CVE-2026-22813 (GHSA-c83v-7274-4vgp)
+  // Allowing arbitrary server URLs via query params enables XSS attacks on localhost:4096
 
-  // 2. Configured server URL (from desktop settings)
+  // 1. Configured server URL (from desktop settings)
   if (window.__OPENCODE__?.serverUrl) return window.__OPENCODE__.serverUrl
 
-  // 3. Known production hosts -> localhost (same as upstream + shuv.ai)
+  // 2. Known production hosts -> localhost (same as upstream + shuv.ai)
   if (location.hostname.includes("opencode.ai") || location.hostname.includes("shuv.ai")) return "http://localhost:4096"
 
-  // 4. Desktop app (Tauri) with injected port
+  // 3. Desktop app (Tauri) with injected port
   if (window.__SHUVCODE__?.port) return `http://127.0.0.1:${window.__SHUVCODE__.port}`
   if (window.__OPENCODE__?.port) return `http://127.0.0.1:${window.__OPENCODE__.port}`
 
-  // 5. Dev mode -> same-origin so Vite proxy handles LAN access + CORS
+  // 4. Dev mode -> same-origin so Vite proxy handles LAN access + CORS
   if (import.meta.env.DEV) {
     return `http://${import.meta.env.VITE_OPENCODE_SERVER_HOST ?? "localhost"}:${import.meta.env.VITE_OPENCODE_SERVER_PORT ?? "4096"}`
   }
 
-  // 6. Default -> same origin (production web command)
+  // 5. Default -> same origin (production web command)
   return window.location.origin
 })
 

packages/opencode/src/cli/cmd/tui/component/prompt/index.tsx

@@ -1122,11 +1122,6 @@ export function Prompt(props: PromptProps) {
                   <text fg={theme.text}>
                     {keybind.print("command_list")} <span style={{ fg: theme.textMuted }}>commands</span>
                   </text>
-                  <Show when={hasVariants()}>
-                    <text fg={theme.text}>
-                      {keybind.print("variant_cycle")} <span style={{ fg: theme.textMuted }}>cycle variants</span>
-                    </text>
-                  </Show>
                 </Match>
                 <Match when={store.mode === "shell"}>
                   <text fg={theme.text}>

script/sync/fork-features.json

@@ -120,6 +120,19 @@
         "Session migration for linked worktrees"
       ],
       "note": "Upstream uses Project.sandboxes array to track worktrees. Main worktree is always Project.worktree."
+    },
+    {
+      "pr": "CVE-2026-22813",
+      "title": "Query parameter server URL override",
+      "author": "fork",
+      "removedDate": "2026-01-12",
+      "reason": "Critical XSS vulnerability (GHSA-c83v-7274-4vgp, CVE-2026-22813) - malicious websites could execute commands via ?url= parameter. Upstream fixed in v1.1.10 by removing this feature.",
+      "filesModified": ["packages/app/src/app.tsx"],
+      "codeRemoved": [
+        "const param = new URLSearchParams(document.location.search).get('url')",
+        "if (param) return param"
+      ],
+      "note": "The ?url= query parameter allowed arbitrary server URL override, enabling XSS on localhost:4096. Attackers could inject malicious server URLs that return XSS payloads, then use /pty/ API to execute arbitrary commands."
     }
   ],
   "apiDependencies": [