`aria-label`s should probably be scrubbed

[jgarplind]

Is there an existing issue for this?

• I have checked for existing issues https://github.com/getsentry/sentry-javascript/issues
• I have reviewed the documentation https://docs.sentry.io/
• I am using the latest SDK release https://github.com/getsentry/sentry-javascript/releases

How do you use Sentry?

Sentry Saas (sentry.io)

Which SDK are you using?

@sentry/react

SDK Version

9.10.1

Framework Version

18.3.1

Link to Sentry event

No response

Reproduction Example/SDK Setup

No response

Steps to Reproduce

User dead-clicked a link containing a non-text element, annotated by an aria-label.

Expected Result

aria-label contains text content the same way any other text node does, so it seems logical to me that it should be scrubbed the same way.

Actual Result

PII risks to be exposed, e.g. in Breadcrumbs view in a replay:

[chargome]

Hey @jgarplind thanks for pointing that out, sounds reasonable to me – we'll look into this!

cc @s1gr1d PII issue

[mydea]

This should be relatively simple by adding this to the default list of maskAttributes = ['title', 'placeholder'],, makes sense to treat this the same way!