Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Feat: scrub value on input[type=hidden] in attribute-injection-sanitize#185

Merged
twschiller merged 1 commit into
mainfrom
attribute-injection-sanitize-hidden-input
Jun 5, 2026
Merged

Feat: scrub value on input[type=hidden] in attribute-injection-sanitize#185
twschiller merged 1 commit into
mainfrom
attribute-injection-sanitize-hidden-input

Conversation

@twschiller

Copy link
Copy Markdown
Contributor

Closes #183.

Summary

  • Extend attribute-injection-sanitize to also scrub value on input[type="hidden"] — same asymmetry as the existing input[disabled] case (not user-facing, not editable in the UI, read by browser-use agents directly off the DOM).
  • Selector and scrub branch updated; type check is case-insensitive. Enabled visible <input value> remains untouched (documented accepted limitation for the "enabled input inside CSS-hidden wrapper" shape).
  • Docstring + docs/src/content/docs/rules.md updated to reflect the extended trigger.
  • New unit tests covering the hidden case (matching value, case-insensitive type, clean value preserved, lazy-subtree mutation), and the property test now exercises a disabled / hidden / enabled triplet.

Test plan

  • bun run test src/rules/__tests__/attribute-injection-sanitize.test.ts — 23 passing
  • bun run test src/rules/__tests__/attribute-injection-sanitize.property.test.ts — 4 passing
  • bun run check (biome + eslint)
  • bun run typecheck
  • pre-commit run on changed files

🤖 Generated with Claude Code

Closes #183. Hidden inputs are by definition not user-facing — same
asymmetry as the disabled-input case the rule already handles — so an
adversarial page can plant instruction-shaped text in `value` that the
user has no way to see or clear while the agent reads it directly off
the DOM. Extends the selector and scrub branch to cover
`input[type="hidden"][value]`; type check is case-insensitive.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
@vercel

vercel Bot commented Jun 5, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
agent-browser-shield-demo-site Ready Ready Preview, Comment Jun 5, 2026 11:28pm

Request Review

@twschiller twschiller merged commit 9d9dd4e into main Jun 5, 2026
7 checks passed
@twschiller twschiller deleted the attribute-injection-sanitize-hidden-input branch June 5, 2026 23:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

attribute-injection-sanitize: scrub value on input[type="hidden"]

1 participant