Hide form context menu to prevent field modification exploits

The right-click context menu on form headers provided options that could
be used to modify form fields outside the task scope. This adds a
MutationObserver that removes context menus as soon as they appear,
preventing agents from using this mechanism to bypass field restrictions.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: aldro61

src/browsergym/workarena/tasks/form.py

@@ -395,6 +395,30 @@ def get_init_scripts(self) -> List[str]:
 
                 runInGsftMainOnlyAndProtectByURL(removeAdditionalActionsButton, '{url_suffix}');
             """,
+            f"""
+                function removeContextMenus() {{
+                    waLog('Setting up context menu removal observer...', 'removeContextMenus');
+                    // Remove any existing context menus
+                    document.querySelectorAll('.context_menu').forEach((menu) => {{
+                        menu.remove();
+                    }});
+                    // Observe for new context menus being added
+                    const observer = new MutationObserver((mutations) => {{
+                        mutations.forEach((mutation) => {{
+                            mutation.addedNodes.forEach((node) => {{
+                                if (node.nodeType === 1 && node.classList && node.classList.contains('context_menu')) {{
+                                    node.remove();
+                                    waLog('Removed dynamically added context menu', 'removeContextMenus');
+                                }}
+                            }});
+                        }});
+                    }});
+                    observer.observe(document.body, {{ childList: true, subtree: true }});
+                    waLog('Context menu observer active', 'removeContextMenus');
+                }}
+
+                runInGsftMainOnlyAndProtectByURL(removeContextMenus, '{url_suffix}');
+            """,
         ]
 
     def start(self, page: Page) -> None: