Hi Rowboat team — I found a privacy-sensitive issue in the Browser2 page-inspection logic. The current Browser2 helper code can surface live input values as labels / verification payloads, including password field contents.
Affected area
- Browser2 branch / Browser2 release line (
v0.2.8–v0.2.11)
Code path
apps/x/apps/main/src/browser/page-scripts.ts
getElementLabel() falls back to element.value when no better label existsgetVerificationTargetState() captures raw value for inputs / textareas / selects / contenteditable elements- these values then flow into page-read / verification output
Local repro
I validated this with a local fixture page containing an email input, password input, and textarea. The Browser2 logic surfaced the live values directly:
ROWBOAT_LEAK_RECHECK {"labels":[{"id":"email","type":"email","label":"alice@example.com","rawValue":"alice@example.com"},{"id":"pwd","type":"password","label":"super-secret-password","rawValue":"super-secret-password"},{"id":"notes","type":"textarea","label":"confidential draft","rawValue":"confidential draft"}],"passwordVerification":{"selector":"#pwd","descriptor":"input \"super-secret-password\"","text":null,"checked":null,"value":"super-secret-password","selectedIndex":null,"open":null,"disabled":false,"active":false,"ariaChecked":null,"ariaPressed":null,"ariaExpanded":null}}
Why I think this matters
For unlabeled or minimally labeled fields, Browser2 can leak the actual typed content into tool-visible/model-visible output. That includes passwords, tokens, email drafts, and similar secrets.
Suggested direction
- never use
element.value as an automatic label fallback
- always redact password fields
- consider redacting all freeform input/textarea values unless the user explicitly requested value inspection
- prefer
aria-label, associated <label>, or placeholder, and otherwise return null
I also have a narrow redaction fix branch ready if that would be useful.
Hi Rowboat team — I found a privacy-sensitive issue in the Browser2 page-inspection logic. The current Browser2 helper code can surface live input values as labels / verification payloads, including password field contents.
Affected area
v0.2.8–v0.2.11)Code path
apps/x/apps/main/src/browser/page-scripts.tsgetElementLabel()falls back toelement.valuewhen no better label existsgetVerificationTargetState()captures rawvaluefor inputs / textareas / selects / contenteditable elementsLocal repro
I validated this with a local fixture page containing an email input, password input, and textarea. The Browser2 logic surfaced the live values directly:
Why I think this matters
For unlabeled or minimally labeled fields, Browser2 can leak the actual typed content into tool-visible/model-visible output. That includes passwords, tokens, email drafts, and similar secrets.
Suggested direction
element.valueas an automatic label fallbackaria-label, associated<label>, orplaceholder, and otherwise returnnullI also have a narrow redaction fix branch ready if that would be useful.