[Phase 1.1.3] Fix XPath injection in browser service

## Phase
`Phase 1 — Critical Security` | Track 1.1 — Input Boundary Enforcement | Priority: **P0 HIGH**

## Vulnerability Details
**File:** `operator_use/web/browser/service.py:939-945, 997-1016`
**CWE:** [CWE-643 — XPath Injection](https://cwe.mitre.org/data/definitions/643.html)

XPath parameters are injected into JavaScript strings with only double-quote escaping. Single quotes and backticks can break the string context and inject arbitrary JavaScript.

\`\`\`python
escaped = xpath.replace('"', '\\\\"')
# Missing: single quote, backtick, ${ template literal escaping
\`\`\`

## Fix
- Escape all dangerous characters: `"`, `'`, backtick, `$`, `\`
- Or use parameterized XPath evaluation (pass xpath as argument, not string interpolation)
- Validate XPath syntax before execution

## Acceptance Criteria
- [ ] All XPath injection points escaped or parameterized
- [ ] Security tests with injection payloads
- [ ] No JavaScript breakout possible via XPath strings

## References
- [CWE-643](https://cwe.mitre.org/data/definitions/643.html)
- Design Doc: `docs/plans/2026-03-29-security-ai-guardrails-performance-design.md`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Phase 1.1.3] Fix XPath injection in browser service #16

Phase

Vulnerability Details

Missing: single quote, backtick, ${ template literal escaping

Fix

Acceptance Criteria

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Phase 1.1.3] Fix XPath injection in browser service #16

Description

Phase

Vulnerability Details

Missing: single quote, backtick, ${ template literal escaping

Fix

Acceptance Criteria

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions