Audit INJECTION_PATTERNS coverage on attribute-targeted rules post-#176

[twschiller]

Follow-up to #176.

Before #176, hidden-text-strip detached the entire hidden wrapper, which took image alt, aria-label, title, SVG <title> / <desc>, and data-* attributes with it. After #176 it only blanks Text nodes inside the hidden subtree. Attribute-shaped payloads inside a hidden box are now only caught by attribute-targeted rules — primarily attribute-injection-sanitize and svg-text-strip — if they match those rules' pattern sets.

In other words: hidden-text-strip is no longer back-stopping attribute-shaped injections inside hidden boxes. The broad "wipe everything inside the box" sweep is gone.

What to audit

Walk every rule that scrubs attribute or text content based on INJECTION_PATTERNS (extension/src/rules/injection-patterns.generated.ts) and check whether its match shape covers the payload classes that previously fell to hidden-text-strip's wrapper removal:

• attribute-injection-sanitize — does it catch alt, aria-label, title, data-* consistently across element types?
• svg-text-strip — covers SVG <title> / <desc> text; does it also cover SVG attribute payloads?
• Any others that read INJECTION_PATTERNS?

For each gap found, decide: extend the pattern set, extend the rule's selector, or accept and document.

Acceptance

• Inventory of attribute-shaped payload classes formerly caught only by hidden-text-strip.
• For each class: which rule (if any) covers it now, and what the gap is.
• Filed individual issues or pattern additions for confirmed gaps.

Out of scope

• meta-injection-strip / noscript-strip watcher gaps — tracked separately.
• html-comment-strip broad-sweep restoration — tracked separately.

[twschiller]

Audit complete.

Inventory

hidden-text-strip's pre-#176 wrapper detach took every attribute and non-text descendant inside the hidden box with it. After #176 only Text nodes are blanked, so every non-text carrier inside a hidden box has to be caught by another rule's pattern + selector match.

Carrier	Covered by	Status
alt, aria-label, aria-description, title, placeholder, data-tooltip	attribute-injection-sanitize	✅
value on input[disabled]	attribute-injection-sanitize	✅
SVG <title> / <desc> / <text> element text	svg-text-strip	✅
aria-label/title/alt on any SVG element	attribute-injection-sanitize (element-agnostic selector)	✅
<meta content> inside body subtree	meta-injection-strip (head + body watcher)	✅
JSON-LD inside hidden box	json-ld-sanitize	✅
aria-roledescription, aria-placeholder, aria-valuetext, aria-keyshortcuts	nothing	❌ #182
value on input[type="hidden"]	nothing	❌ #183
Enabled <input value> inside CSS-hidden wrapper	nothing	accepted, documented in #184
Arbitrary data-* (other than data-tooltip)	nothing	accepted — not surfaced to a11y tree
<noscript> children, HTML comments	noscript-strip / html-comment-strip	tracked separately (out of scope per issue)

Follow-ups filed

• attribute-injection-sanitize: cover aria-roledescription, aria-placeholder, aria-valuetext, aria-keyshortcuts #182 — extend CANDIDATE_ATTRIBUTES with the four ARIA carriers
• attribute-injection-sanitize: scrub value on input[type="hidden"] #183 — scrub value on input[type="hidden"]
• Docs: note accepted gap for enabled input value inside hidden wrapper #184 — docstring note for the accepted enabled-input-in-hidden-wrapper gap

Closing — acceptance criteria met (inventory, per-class coverage, gaps filed).