From e2ba31429f561cf28a277d8bf506e72d50bf648f Mon Sep 17 00:00:00 2001
From: gus <gustavoraularagon@gmail.com>
Date: Mon, 6 Apr 2026 10:18:31 -0300
Subject: [PATCH] fix(browse): redact form fields with sensitive names, not
 just type=password

The forms command only redacted input values for type="password". Hidden
inputs and text fields with names like csrf_token, api_key, session_id
were exposed unredacted in the LLM context.

Cookies and storage already use SENSITIVE_COOKIE_NAME pattern matching
against field names. Apply the same pattern to form field name and id
attributes for consistency.
---
 browse/src/read-commands.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/browse/src/read-commands.ts b/browse/src/read-commands.ts
index 03b327af5..e5d0368b0 100644
--- a/browse/src/read-commands.ts
+++ b/browse/src/read-commands.ts
@@ -145,7 +145,10 @@ export async function handleReadCommand(
               id: input.id || undefined,
               placeholder: input.placeholder || undefined,
               required: input.required || undefined,
-              value: input.type === 'password' ? '[redacted]' : (input.value || undefined),
+              value: input.type === 'password'
+                || (input.name && /(^|[_.-])(token|secret|key|password|credential|auth|jwt|session|csrf|sid)($|[_.-])|api.?key/i.test(input.name))
+                || (input.id && /(^|[_.-])(token|secret|key|password|credential|auth|jwt|session|csrf|sid)($|[_.-])|api.?key/i.test(input.id))
+                ? '[redacted]' : (input.value || undefined),
               options: el.tagName === 'SELECT'
                 ? [...(el as HTMLSelectElement).options].map(o => ({ value: o.value, text: o.text }))
                 : undefined,