eliott/browser-use
1
0
Fork 0
mirror of https://github.com/browser-use/browser-use synced 2026-05-06 17:52:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,344 Commits 515 Branches 132 Tags
d4a29c4b93a65bc3894de3228c3f264d008c041d
Commit Graph

227 Commits

Author SHA1 Message Date
Nick Sweeting
6c695d0a42 more lint and hint fixes 2025-06-21 05:39:17 -07:00
Nick Sweeting
f4b1987761 fixes 2025-06-21 03:43:37 -07:00
Nick Sweeting
095f8a72cf Revert "Fix cross-origin iframe DOM retrieval" 2025-06-21 05:48:11 -04:00
Magnus Müller
4c2952d640 Squashed commit of the following: 
commit a9cf53a1b1
Merge: 5aa62c11 0f9ffa10
Author: Magnus Müller <67061560+MagMueller@users.noreply.github.com>
Date:   Fri Jun 20 10:41:19 2025 +0200

    Set user_data_dir to None (#2015)

    <!-- This is an auto-generated description by cubic. -->
    Changed browser session setup to use incognito mode by setting
    user_data_dir to None, preventing persistent state between evaluation
    runs.

    <!-- End of auto-generated description by cubic. -->

commit 0f9ffa1072
Author: Magnus Müller <67061560+MagMueller@users.noreply.github.com>
Date:   Fri Jun 20 10:38:01 2025 +0200

    Set user_data_dir to None

commit 5aa62c1113
Merge: d8a9d21b e559ff5e
Author: Nick Sweeting <git@sweeting.me>
Date:   Thu Jun 19 23:01:49 2025 -0700

    Fix cross-origin iframe DOM retrieval (#1965)

commit d8a9d21b00
Merge: 3e5f3049 b6be1583
Author: Nick Sweeting <git@sweeting.me>
Date:   Thu Jun 19 23:01:21 2025 -0700

    Fix critical domain restriction bypass vulnerability (#2006)

commit b6be158319
Author: Sahar <saharhashai@gmail.com>
Date:   Thu Jun 19 02:28:34 2025 -0700

    Delete tests/ci/test_security_url_validation.py

commit aca4b57329
Author: Sahar <saharhashai@gmail.com>
Date:   Thu Jun 19 02:27:57 2025 -0700

    Delete SECURITY_FIX_REPORT.md

commit 45872c1e45
Author: Your Name <your.email@example.com>
Date:   Thu Jun 19 11:24:50 2025 +0200

    fix(security): prevent domain restriction bypass in controller actions

    - Add domain validation to controller.click() and controller.type() methods
    - Implement comprehensive security checks before executing actions
    - Prevent potential prompt injection and unauthorized data access
    - Add extensive test coverage for domain validation scenarios
    - Update documentation with security considerations

    This critical fix prevents complete bypass of domain restrictions that
    could enable attackers to perform unauthorized actions on any domain.

commit e559ff5eaa
Merge: 19ae8a11 f348e0c5
Author: Nick Sweeting <git@sweeting.me>
Date:   Sat Jun 14 01:56:09 2025 -0700

    Merge branch 'main' into main

commit 19ae8a1146
Merge: e1b3ff9e 08ed0be3
Author: Nick Sweeting <git@sweeting.me>
Date:   Sat Jun 14 00:31:30 2025 -0700

    Merge branch 'main' into main

commit e1b3ff9e9d
Author: Ilya Biryukov <ilbiryuk@microsoft.com>
Date:   Thu Jun 12 17:40:40 2025 -0700

    Revert changes to  examples/features/multiple_agents_same_browser.py

commit d20a3b55d6
Author: Ilya Biryukov <ilbiryuk@microsoft.com>
Date:   Thu Jun 12 17:30:59 2025 -0700

    Fix pre-commit lint issues and compile error in multiple_agents_same_browser

commit 13d5468aa2
Author: Ilya Biryukov <ilbiryuk@microsoft.com>
Date:   Thu Jun 12 14:07:21 2025 -0700

    Fix cross-origin iframe DOM retrieval
 2025-06-20 10:51:06 +02:00
yasithdev
8ea4b4c71a centralize playwright/patchwright imports, and update typing/checks to reduce lint errors 2025-06-16 22:57:20 -04:00
Nick Sweeting
3af0a40fa2 fix lint 2025-06-16 17:11:33 -07:00
rendi
fcd90ae31f #1970 format 2025-06-16 17:47:59 +08:00
rendi
c6a10e00a8 #1970 get_all_text_till_next_clickable_element returns incorrect text 2025-06-16 17:40:14 +08:00
rendi
02ab541755 #1970 get_all_text_till_next_clickable_element returns incorrect text 2025-06-16 11:13:20 +08:00
Nick Sweeting
f5546c633d use bounding box to determine a tag eligibility, fixes 1789 2025-06-13 18:02:20 -07:00
Nick Sweeting
023c702f4d pass logger object down the chain to sub-objects for re-use 2025-06-10 00:38:38 -07:00
Nick Sweeting
930a7aa4de use self.logger for timing log lines 2025-06-10 00:24:50 -07:00
mingzhong.li
c0a936e54c fix: fixing interactive element event checking: 
1. add event_listeners_script
2. adding getEventListenersForNode in buildDomTree.js for checking element event
 2025-05-24 20:50:33 +08:00
mingzhong.li
aeda8668bf docs: fixing word spell in comment 2025-05-24 18:42:25 +08:00
mingzhong.li
c1dc00cff2 fix: fixing interactive element event checking: restore code for using window.getEventListeners 2025-05-24 18:28:31 +08:00
Evgeny Kim
5da261310b Improve file upload detection 2025-05-23 13:05:06 +02:00
Nick Sweeting
50ade97062 simplify open_tab action 2025-05-23 00:58:09 -07:00
Nick Sweeting
f6ca4e13a3 massively improve logging experience and add loading animation on browser startup 2025-05-23 00:48:52 -07:00
Nick Sweeting
6b8360c475 better logging 2025-05-22 23:17:21 -07:00
Magnus Müller
faa655e02c Fix typo in children count print statement in accessibility playground test 
- Corrected a syntax error in the print statement that outputs the number of children nodes, ensuring proper formatting and clarity in the output.
 2025-05-22 12:23:41 +02:00
Magnus Müller
bbd0b4cf4b Add accessibility playground script for testing accessibility trees 
- Introduced a new script `test_accessibility_playground.py` that launches a browser and navigates to a specified URL to extract and print the accessibility tree.
- Implemented functionality to save the accessibility tree in a structured format and provide detailed information about each node.
- The script is designed for easy modification to facilitate user experiments with different web pages.
 2025-05-22 12:06:18 +02:00
Nick Sweeting
1d6aa96b53 Fixed the issue where getEventListeners was unavailable when used in page.evaluate. Changed to a custom event listener detection approach. (#1710) 2025-05-21 00:59:28 -07:00
marcyang
bc2beba636 Optimization: Fixed event listener detection logic 2025-05-21 11:32:58 +08:00
Nick Sweeting
a84b1c6d6b Merge branch 'main' into browser-session 2025-05-20 03:10:37 -07:00
Nick Sweeting
15a760ef17 backwards compatibility with old models and improved tests with icognito mode 2025-05-20 03:07:01 -07:00
Nick Sweeting
503eb97be7 fix stale tests 2025-05-20 02:33:42 -07:00
shawyang
58cc135a05 fix: replace getEventListeners with custom event listener detection for Playwright compatibility 2025-05-19 17:18:20 +08:00
mingzhong.li
91b1bb85e2 fix: detect interactive elements with click event listener : adding 'click' mouse event and fixing element mouse event check 2025-05-19 00:16:42 +08:00
Pavel Kuzmin
e0414e8a09 Update buildDomTree.js 
Fix: remove redundant checks and improve performance in isHeuristicallyInteractive

- Removed optional chaining before isSameNode (not needed for parentElement)
- Replaced Array.from() with direct use of .children and spread syntax
- Minor cleanup and comment improvements for clarity
 2025-05-13 13:23:03 +05:00
Pavel Kuzmin
1891cb91b1 Update buildDomTree.js 
Refactor: extract heuristic interactivity check into separate function

Improved readability and maintainability by moving visibility and interactivity heuristics
into a dedicated `isHeuristicallyInteractive` helper. Added detailed comments and optimized logic.
 2025-05-13 13:10:06 +05:00
Nick Sweeting
96682d8910 switch back from patchright to playwright until issues are resolved 2025-05-09 18:14:07 -07:00
Nick Sweeting
457e97842d fixes for viewportExpansion=-1 mode to force-include all elements 2025-05-04 21:09:52 +08:00
Nick Sweeting
d48697276c fix: add cursor:pointer handling in buildDomTree and update test URLs to handle expander icons (#1502) 2025-05-02 23:53:45 -07:00
Nick Sweeting
d810064a9e refactor: add caching for client rects and improve highlight cleanup logic (#1551) 2025-05-02 23:50:33 -07:00
satya-nutella
96b6e02194 Merge branch 'main' into fix/detect-expander-icons 2025-05-02 22:27:25 -07:00
Max Comperatore
cf6d8af73e Refine viewport expansion logic and update documentation for clarity 2025-05-02 21:50:51 +00:00
satya-nutella
c6016b7cc2 Add caching for client rects and improve highlight cleanup logic 
- Introduced caching for client rects using a WeakMap to optimize performance.
- Enhanced highlightElement function to use a document fragment for batch DOM updates.
- Added cleanup function to manage event listeners and overlay elements efficiently.
- Implemented throttling for position updates during scroll and resize events.
- Updated getXPathTree to cache results for improved efficiency.
 2025-05-02 13:13:33 -07:00
satya-nutella
7811a1cceb Refactor event listener tracking in BrowserSession and BrowserContext 
- Removed old init script for event listener tracking in BrowserSession.
- Introduced a new event listener tracking mechanism in BrowserContext using WeakMap for better memory management.
- Updated buildDomTree to utilize the new getEventListenersForNode function for interaction event listeners.
 2025-05-02 12:56:41 -07:00
satya-nutella
472bcd656b Remove cursor:pointer handling from buildDomTree 2025-05-02 12:56:05 -07:00
satya-nutella
ea4afadd1d Add cursor:pointer handling in buildDomTree and update test URLs 2025-05-02 12:56:04 -07:00
Edward Sun
223c0d7da9 Merge branch 'main' into fix/content-editable-visibility 2025-05-02 11:00:00 -07:00
Edward Sun
3b8a499136 Ensure contenteditable fields are interactable 2025-05-02 10:46:17 -07:00
Oskari Silvoniemi
ffbbf12fca lower z-index 2025-05-02 17:09:49 +03:00
Nick Sweeting
2be4ba4f70 more pyupgrade changes 2025-05-02 20:50:21 +08:00
Nick Sweeting
78148a96f9 remove unneeded noqas 2025-05-02 15:20:00 +08:00
Nick Sweeting
f01fde5dad Merge pull request #1414 from youngjuning/patch-1 2025-04-22 02:16:30 -07:00
Nick Sweeting
8e18a76699 Merge branch 'main' into main 2025-04-22 02:02:22 -07:00
Christian Clauss
fb3282527d Detect blocking synchronous commands in asyncio code 2025-04-21 22:30:43 +02:00
Aaron Young
13fbf21a40 fix: set highlight div backgroundColor to transparent 2025-04-18 10:34:32 +08:00
Nick Sweeting
8ba3e570e6 Merge branch 'main' into bot-detection-batch 2025-04-16 15:19:02 -07:00