Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix: cover aria-roledescription/-placeholder/-valuetext/-keyshortcuts in attribute-injection-sanitize#186

Merged
twschiller merged 1 commit into
mainfrom
attribute-sanitize-aria-coverage
Jun 6, 2026
Merged

Fix: cover aria-roledescription/-placeholder/-valuetext/-keyshortcuts in attribute-injection-sanitize#186
twschiller merged 1 commit into
mainfrom
attribute-sanitize-aria-coverage

Conversation

@twschiller

Copy link
Copy Markdown
Contributor

Summary

  • Extend attribute-injection-sanitize's CANDIDATE_ATTRIBUTES allowlist with aria-roledescription, aria-placeholder, aria-valuetext, and aria-keyshortcuts. These surface to the accessibility tree as agent-readable name / description / value / shortcut text, so a payload there is read by browser-use agents even when nothing is visibly rendered. Pre-Fix: scrub instead of detach for framework-rendered DOM #176 they fell to hidden-text-strip's wrapper detachment; after Fix: scrub instead of detach for framework-rendered DOM #176 nothing scrubbed them.
  • Extend attribute-injection-sanitize.test.ts it.each cases (positive and clean-value) and the property-test ALLOWLISTED_ATTRS / TAG_FOR_ATTR fixture set so fuzzing covers the new attributes against the shared injection fixture pack.
  • Update docs/src/content/docs/rules.md "Scrub Attribute Injection" to enumerate the new attributes.

Closes #182.

Test plan

  • bun run test — 1391 / 1391 passing.
  • bun run check — biome + eslint clean.
  • pre-commit run --files docs/src/content/docs/rules.md — mdformat / markdownlint pass.

🤖 Generated with Claude Code

@vercel

vercel Bot commented Jun 5, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
agent-browser-shield-demo-site Ready Ready Preview, Comment Jun 5, 2026 11:37pm

Request Review

…uts in attribute-injection-sanitize

These ARIA attributes surface to the accessibility tree as agent-readable
name / description / value / shortcut text, so they're a quiet carrier for
injection payloads. Pre-#176 they fell to hidden-text-strip's wrapper
detachment; after #176 nothing was scrubbing them. Append the four names
to CANDIDATE_ATTRIBUTES; the selector and scrub loop pick them up
unchanged. Tests, property-test allowlist, and rule docs updated.

Closes #182

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
@twschiller twschiller force-pushed the attribute-sanitize-aria-coverage branch from e04bf74 to 9148204 Compare June 5, 2026 23:37
@twschiller twschiller merged commit 20e7a45 into main Jun 6, 2026
7 checks passed
@twschiller twschiller deleted the attribute-sanitize-aria-coverage branch June 6, 2026 00:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

attribute-injection-sanitize: cover aria-roledescription, aria-placeholder, aria-valuetext, aria-keyshortcuts

1 participant