The current supported development version is the main branch.
FullSnap is designed to process screenshots locally in the browser. It should not send screenshots, page content, analytics, telemetry, or browsing data to external services.
Important expectations:
- No remote code loading.
- No external analytics.
- No screenshot upload.
- No passive page collection.
- Capture should start only after user action.
- Sensitive screenshots should not be posted in public issues.
Please do not include private screenshots, credentials, tokens, customer data, internal dashboards, or personal information in public GitHub issues.
For non-sensitive security concerns, open a GitHub issue with:
- Chrome version
- Operating system
- FullSnap version or commit
- A minimal reproduction using a public or synthetic page
- Expected behavior and actual behavior
For sensitive vulnerability reports, use GitHub private vulnerability reporting if it is enabled for this repository. If it is not enabled, open a minimal public issue asking for a private reporting channel and do not include exploit details.
In scope:
- unintended network transmission
- capture without user action
- unsafe permission use
- persistent local data that should be deleted
- cross-page data exposure inside the extension
- remote code execution or unsafe dynamic evaluation
Out of scope:
- browser restrictions on
chrome://, Chrome Web Store, or other protected pages - screenshots that users voluntarily download, copy, or share
- issues caused by third-party pages changing while capture is in progress