Mask value attribute changes for elements in maskInputOptions #602
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Juice10
changed the title
Juice10
changed the title
Yuyz0112
reviewed
Jun 29, 2021
src/utils.ts
Outdated
|
|
||
| // TODO: move me to rrweb-snapshot | ||
| // we are doing similar things there as well, would be best to keep things consistent | ||
| export function maskInputValue({ |
There was a problem hiding this comment.
is it possible to move this code now? I can release a new version of rrweb-snapshot when this gets merged.
There was a problem hiding this comment.
I'm out of office all day today, earliest I can do this would be about 24 hours from now
There was a problem hiding this comment.
Maybe we can merge this PR and I can follow up with a cleanup PR that moves this to rrweb-snapshot tomorrow?
There was a problem hiding this comment.
Juice10
added a commit
to Juice10/rrweb-snapshot
that referenced
this pull request
Jun 30, 2021
|
@Juice10 Let me understand this better. If someone use React to build an input component and sync the value to DOM attribute:
Am I right? |
|
@Yuyz0112 correct! |
Yuyz0112
pushed a commit
to rrweb-io/rrweb-snapshot
that referenced
this pull request
Jun 30, 2021
|
@Juice10 Please upgrade to rrweb-snapshot@1.1.6, thanks! |
|
LGTM |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I noticed that some frameworks keep the contents of their form fields in sync with their value attributes.
Since we were not filtering mutations to value attributes for sensitive fields, that means that passwords and other masked information could leak into rrweb events.
This PR masks attribute mutations on value attributes for masked input fields.