Password inputs values are serialized by default
BenoitZugmeyer opened this issue · comments
Contrary to the RRWeb guide documentation, password values are serialized during full snapshots or "mutation" incremental snapshots.
This may be especially critical when snapshots are taken after the page "load" event (ex: automatic checkout, takeFullSnapshot
API).
A workaround could be to avoid collecting attributes.value
if the input type is "password"
here.
Thanks! This is really a critical issue, we only mask password input events before and forget the snapshot part.
I had merged #73 so we can config mask password from options.
And in the latest commit, I set the default value of masking password to true when a user does not pass in any explicit config about it.