Skip to content

aria-labels should probably be scrubbed #16176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
3 tasks done
jgarplind opened this issue Apr 30, 2025 · 2 comments · May be fixed by #16192
Open
3 tasks done

aria-labels should probably be scrubbed #16176

jgarplind opened this issue Apr 30, 2025 · 2 comments · May be fixed by #16192
Assignees
@chargome
Labels
Browser Improvement

Comments

@jgarplind
Copy link

Is there an existing issue for this?

How do you use Sentry?

Sentry Saas (sentry.io)

Which SDK are you using?

@sentry/react

SDK Version

9.10.1

Framework Version

18.3.1

Link to Sentry event

No response

Reproduction Example/SDK Setup

No response

Steps to Reproduce

User dead-clicked a link containing a non-text element, annotated by an aria-label.

Expected Result

aria-label contains text content the same way any other text node does, so it seems logical to me that it should be scrubbed the same way.

Actual Result

PII risks to be exposed, e.g. in Breadcrumbs view in a replay:

Image
@jgarplind jgarplind added the Bug label Apr 30, 2025
@getsantry getsantry bot moved this to Waiting for: Product Owner in GitHub Issues with 👀 3 Apr 30, 2025
@github-actions github-actions bot added the React label Apr 30, 2025
@chargome chargome added Browser and removed React labels Apr 30, 2025
@chargome
Copy link
Member

Hey @jgarplind thanks for pointing that out, sounds reasonable to me – we'll look into this!

cc @s1gr1d PII issue

@mydea
Copy link
Member

mydea commented May 2, 2025

This should be relatively simple by adding this to the default list of maskAttributes = ['title', 'placeholder'],, makes sense to treat this the same way!

@chargome chargome self-assigned this May 5, 2025
@chargome chargome linked a pull request May 5, 2025 that will close this issue
Open
@mydea mydea added the Improvement label May 7, 2025 — with Linear
@mydea mydea removed the Bug label May 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chargome chargome

Labels
Browser Improvement
Projects
GitHub Issues with 👀 3
Status: Waiting for: Product Owner
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(replay): Extend default list for masking with aria-label getsentry/sentry-javascript
3 participants
@mydea @jgarplind @chargome