I built a browser extension that detects and redacts sensitive data in real-time inside ChatGPT, Gemini, and Claude before you hit send.
The hardest part was working inside ProseMirror. ChatGPT's editor silently reverts direct DOM mutations, so I couldn't just inject or modify text nodes. I ended up using the CSS Custom Highlight API to paint visual highlights on detected ranges without touching the DOM, and a twin-write architecture that works with ProseMirror's state instead of against it.
Detection is regex + Shannon entropy analysis for high-randomness strings like API keys + a lightweight NLP layer (compromise.js) for names and locations. Everything runs client-side in the content script. No data leaves the browser.
Built with Plasmo, TypeScript, React. Available on Chrome Web Store, Firefox version pending review.
Would appreciate feedback on the detection approach — particularly curious if anyone has dealt with ProseMirror content injection in extensions before.
Fire-Dragon-DoL•5m ago
Isn't too late when you paste in the prompt, even if you didn't send it?
TheAlexRider•1h ago
The hardest part was working inside ProseMirror. ChatGPT's editor silently reverts direct DOM mutations, so I couldn't just inject or modify text nodes. I ended up using the CSS Custom Highlight API to paint visual highlights on detected ranges without touching the DOM, and a twin-write architecture that works with ProseMirror's state instead of against it.
Detection is regex + Shannon entropy analysis for high-randomness strings like API keys + a lightweight NLP layer (compromise.js) for names and locations. Everything runs client-side in the content script. No data leaves the browser.
Built with Plasmo, TypeScript, React. Available on Chrome Web Store, Firefox version pending review.
Would appreciate feedback on the detection approach — particularly curious if anyone has dealt with ProseMirror content injection in extensions before.
Fire-Dragon-DoL•5m ago