Skip to content

fix: disable autocomplete on input fields during replay #1771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
heathdutton wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix: disable autocomplete on input fields during replay #1771

heathdutton wants to merge 2 commits into from
+11 −6

Conversation

@heathdutton
Copy link

@heathdutton heathdutton commented Jan 2, 2026

During replay, input fields in the replayer iframe can trigger the viewer's browser autocomplete dropdown, making users think their private data is being leaked.

This adds autocomplete="off" to input and textarea elements when rebuilding the DOM for replay.

Fixes #1587

Copilot AI review requested due to automatic review settings January 2, 2026 23:15
@changeset-bot
Copy link

changeset-bot bot commented Jan 2, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: ad150c9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Copilot AI reviewed Jan 2, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a privacy concern during session replay by disabling browser autocomplete on input fields. When viewing replays, the browser's autocomplete dropdown could appear with the viewer's personal data, creating confusion about whether their information was being leaked.

Key Changes

  • Adds autocomplete="off" attribute to all input and textarea elements during DOM reconstruction for replay
  • Updates integration test snapshots to reflect the new autocomplete attribute on form fields

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
packages/rrweb-snapshot/src/rebuild.ts Adds logic to set autocomplete="off" on input and textarea elements during node building to prevent viewer's browser autocomplete from appearing
packages/rrweb-snapshot/test/snapshots/integration.test.ts.snap Updates test snapshot to include autocomplete="off" on all input and textarea elements in the form-fields.html test case

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: For Playback, User's Browser Autocomplete Shows On Input Fields

1 participant

@heathdutton