apunkt/rowboat
1
0
Fork 0
mirror of https://github.com/rowboatlabs/rowboat.git synced 2026-04-25 00:16:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Stop leaking typed values through automatic Browser2 page inspection

Browse source 
The page-inspection helpers were using live text-entry values as fallback labels and verification payloads. This patch keeps structural metadata while redacting text-entry controls from automatic labels and verification values so Browser2 snapshots no longer surface typed secrets by default.

Constraint: Browser2 still needs stable selectors and non-secret metadata for automation flows
Rejected: Strip all verification metadata from form controls | would make click verification significantly less useful
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Do not reintroduce control  into automatic labels or verification output without an explicit user-initiated inspection mode
Tested: pnpm install; pnpm run deps; apps/main npm run build; browser fixture redaction validation via OpenChrome
Not-tested: Full end-to-end Electron Browser2 interaction loop
This commit is contained in:
JunghwanNA 2026-04-18 00:44:34 +09:00
parent 50df9ed178
commit c7374e72db
1 changed files with 21 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

25
apps/x/apps/main/src/browser/page-scripts.ts
View file

@ -100,6 +100,19 @@ const getElementType = (element) => {
return null;
};
const isTextEntryElement = (element) => (
element instanceof HTMLInputElement
|| element instanceof HTMLTextAreaElement
|| (element instanceof HTMLElement && element.isContentEditable)
);
const shouldRedactVerificationValue = (element) => (
element instanceof HTMLInputElement
? !['checkbox', 'radio', 'range', 'button', 'submit', 'reset'].includes((element.type || '').toLowerCase())
: element instanceof HTMLTextAreaElement
|| (element instanceof HTMLElement && element.isContentEditable)
);
const getElementLabel = (element) => {
const ariaLabel = truncateText(element.getAttribute('aria-label') ?? '', 120);
if (ariaLabel) return ariaLabel;
@ -121,10 +134,12 @@ const getElementLabel = (element) => {
const placeholder = truncateText(element.getAttribute('placeholder') ?? '', 120);
if (placeholder) return placeholder;
if (isTextEntryElement(element)) {
return null;
}
const text = truncateText(
element instanceof HTMLInputElement || element instanceof HTMLTextAreaElement
? element.value
: element.textContent ?? '',
element.textContent ?? '',
120,
);
return text || null;
@ -187,7 +202,9 @@ const getVerificationTargetState = (element) => {
? element.checked
: null,
value:
element instanceof HTMLInputElement || element instanceof HTMLTextAreaElement
shouldRedactVerificationValue(element)
? null
: element instanceof HTMLInputElement || element instanceof HTMLTextAreaElement
? truncateText(element.value ?? '', 200)
: element instanceof HTMLSelectElement
? truncateText(element.value ?? '', 200)