Summary
In ctx.push(), sanitizeText is only called when text is truthy. When text is undefined (or an empty string), the sanitizer is bypassed and the fallback '' is stored directly. This is inconsistent with DOM-based focus paths where the sanitizer always runs on the extracted text.
Root cause
packages/core/src/context.ts:
const sanitizedText = this.sanitizeTextFn && text
? this.sanitizeTextFn(text)
: (text ?? '');
If text is undefined and a sanitizeTextFn exists, the sanitizer is never invoked.
Expected behavior
The sanitizer should be called on the resolved value:
const sanitizedText = this.sanitizeTextFn
? this.sanitizeTextFn(text ?? '')
: (text ?? '');
Impact
Low in most cases (empty string is safe), but it creates an inconsistent contract for users who configure sanitizeText expecting it to intercept every stored text value, including empty/undefined ones.
Summary
In
ctx.push(),sanitizeTextis only called whentextis truthy. Whentextisundefined(or an empty string), the sanitizer is bypassed and the fallback''is stored directly. This is inconsistent with DOM-based focus paths where the sanitizer always runs on the extracted text.Root cause
packages/core/src/context.ts:If
textisundefinedand asanitizeTextFnexists, the sanitizer is never invoked.Expected behavior
The sanitizer should be called on the resolved value:
Impact
Low in most cases (empty string is safe), but it creates an inconsistent contract for users who configure
sanitizeTextexpecting it to intercept every stored text value, including empty/undefined ones.