Playwright Core Library Exposes Medium-Severity XSS Vulnerability in URI Sanitization

A medium-severity Cross-Site Scripting (XSS) vulnerability has been exposed within the Playwright Core library, stemming from insufficient sanitization of dangerous URI schemes. The flaw, rated 6.5 out of 10 (CWE-79), resides in the library's security validation logic, which currently relies on inadequate `startsWith` checks. This weakness allows attackers to potentially bypass security filters and inject malicious scripts.

The vulnerability specifically enables the injection of arbitrary code through improperly filtered URI schemes, including `data:` URIs that can embed executable JavaScript and `vbscript:` URIs capable of executing VBScript code, particularly in legacy Internet Explorer contexts. By crafting malicious URLs that exploit these unvalidated schemes, an attacker could execute arbitrary code on the client side. The affected code is located in the file `node_modules/playwright-core/lib/server/trace/recorder/snapshotterInject`.

This discovery places immediate scrutiny on the security posture of applications and testing frameworks that depend on the Playwright Core library for browser automation and tracing. The risk of client-side code execution necessitates prompt attention from developers and security teams to review and patch their implementations, as the vulnerability could be leveraged to compromise user sessions or application integrity through crafted inputs.