Phase
Phase 1 — Critical Security | Track 1.1 — Input Boundary Enforcement | Priority: P0 HIGH
Vulnerability Details
File: operator_use/web/browser/service.py:939-945, 997-1016
CWE: CWE-643 — XPath Injection
XPath parameters are injected into JavaScript strings with only double-quote escaping. Single quotes and backticks can break the string context and inject arbitrary JavaScript.
```python
escaped = xpath.replace('"', '\\"')
Missing: single quote, backtick, ${ template literal escaping
```
Fix
- Escape all dangerous characters:
", ', backtick, $, \
- Or use parameterized XPath evaluation (pass xpath as argument, not string interpolation)
- Validate XPath syntax before execution
Acceptance Criteria
References
- CWE-643
- Design Doc:
docs/plans/2026-03-29-security-ai-guardrails-performance-design.md
Phase
Phase 1 — Critical Security| Track 1.1 — Input Boundary Enforcement | Priority: P0 HIGHVulnerability Details
File:
operator_use/web/browser/service.py:939-945, 997-1016CWE: CWE-643 — XPath Injection
XPath parameters are injected into JavaScript strings with only double-quote escaping. Single quotes and backticks can break the string context and inject arbitrary JavaScript.
```python
escaped = xpath.replace('"', '\\"')
Missing: single quote, backtick, ${ template literal escaping
```
Fix
",', backtick,$,\Acceptance Criteria
References
docs/plans/2026-03-29-security-ai-guardrails-performance-design.md