[Bug]: For Playback, User's Browser Autocomplete Shows On Input Fields

[danielh-official]

Preflight Checklist

• I have searched the issue tracker for a bug report that matches the one I want to file, without success.

What package is this bug report for?

rrweb-player

Version

https://cdn.jsdelivr.net/npm/rrweb-player@latest/dist/index.js

Expected Behavior

When a user clicks playback, under no circumstance does it show the user's autocomplete details in the input.

The user will end up thinking that there private information is getting leaked through the video.

Actual Behavior

It does under certain circumstances.

Steps to Reproduce

1. Go to a page with rrweb video playback set up, where there are inputs like email, name, password, or phone number.
2. Set autofill data in your browser (e.g., Chrome).
3. Click play on the video.

Testcase Gist URL

No response

Additional Information

No response

[eoghanmurray]

Could you check if manually adding autocomplete="off" to the field in the replayer using dev tools fixes it?
If setting in dev tools is too late, you could check report back whether the following patch would work:

index e4a4c9df4..5fb12676b 100644
--- a/packages/rrweb-snapshot/src/rebuild.ts
+++ b/packages/rrweb-snapshot/src/rebuild.ts
@@ -386,6 +386,9 @@ function buildNode(
           }
         }
       }
+      if (tagName === 'input' || tagName === 'textarea') {
+        node.setAttribute('autocomplete', 'off');
+      }      
       return node;
     }
     case NodeType.Text: