eliott/browser-use
1
0
Fork 0
mirror of https://github.com/browser-use/browser-use synced 2026-05-06 17:52:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,344 Commits 515 Branches 132 Tags
d4a29c4b93a65bc3894de3228c3f264d008c041d
Commit Graph

105 Commits

Author SHA1 Message Date
Nick Sweeting
095f8a72cf Revert "Fix cross-origin iframe DOM retrieval" 2025-06-21 05:48:11 -04:00
Magnus Müller
4c2952d640 Squashed commit of the following: 
commit a9cf53a1b1
Merge: 5aa62c11 0f9ffa10
Author: Magnus Müller <67061560+MagMueller@users.noreply.github.com>
Date:   Fri Jun 20 10:41:19 2025 +0200

    Set user_data_dir to None (#2015)

    <!-- This is an auto-generated description by cubic. -->
    Changed browser session setup to use incognito mode by setting
    user_data_dir to None, preventing persistent state between evaluation
    runs.

    <!-- End of auto-generated description by cubic. -->

commit 0f9ffa1072
Author: Magnus Müller <67061560+MagMueller@users.noreply.github.com>
Date:   Fri Jun 20 10:38:01 2025 +0200

    Set user_data_dir to None

commit 5aa62c1113
Merge: d8a9d21b e559ff5e
Author: Nick Sweeting <git@sweeting.me>
Date:   Thu Jun 19 23:01:49 2025 -0700

    Fix cross-origin iframe DOM retrieval (#1965)

commit d8a9d21b00
Merge: 3e5f3049 b6be1583
Author: Nick Sweeting <git@sweeting.me>
Date:   Thu Jun 19 23:01:21 2025 -0700

    Fix critical domain restriction bypass vulnerability (#2006)

commit b6be158319
Author: Sahar <saharhashai@gmail.com>
Date:   Thu Jun 19 02:28:34 2025 -0700

    Delete tests/ci/test_security_url_validation.py

commit aca4b57329
Author: Sahar <saharhashai@gmail.com>
Date:   Thu Jun 19 02:27:57 2025 -0700

    Delete SECURITY_FIX_REPORT.md

commit 45872c1e45
Author: Your Name <your.email@example.com>
Date:   Thu Jun 19 11:24:50 2025 +0200

    fix(security): prevent domain restriction bypass in controller actions

    - Add domain validation to controller.click() and controller.type() methods
    - Implement comprehensive security checks before executing actions
    - Prevent potential prompt injection and unauthorized data access
    - Add extensive test coverage for domain validation scenarios
    - Update documentation with security considerations

    This critical fix prevents complete bypass of domain restrictions that
    could enable attackers to perform unauthorized actions on any domain.

commit e559ff5eaa
Merge: 19ae8a11 f348e0c5
Author: Nick Sweeting <git@sweeting.me>
Date:   Sat Jun 14 01:56:09 2025 -0700

    Merge branch 'main' into main

commit 19ae8a1146
Merge: e1b3ff9e 08ed0be3
Author: Nick Sweeting <git@sweeting.me>
Date:   Sat Jun 14 00:31:30 2025 -0700

    Merge branch 'main' into main

commit e1b3ff9e9d
Author: Ilya Biryukov <ilbiryuk@microsoft.com>
Date:   Thu Jun 12 17:40:40 2025 -0700

    Revert changes to  examples/features/multiple_agents_same_browser.py

commit d20a3b55d6
Author: Ilya Biryukov <ilbiryuk@microsoft.com>
Date:   Thu Jun 12 17:30:59 2025 -0700

    Fix pre-commit lint issues and compile error in multiple_agents_same_browser

commit 13d5468aa2
Author: Ilya Biryukov <ilbiryuk@microsoft.com>
Date:   Thu Jun 12 14:07:21 2025 -0700

    Fix cross-origin iframe DOM retrieval
 2025-06-20 10:51:06 +02:00
Nick Sweeting
f5546c633d use bounding box to determine a tag eligibility, fixes 1789 2025-06-13 18:02:20 -07:00
mingzhong.li
c0a936e54c fix: fixing interactive element event checking: 
1. add event_listeners_script
2. adding getEventListenersForNode in buildDomTree.js for checking element event
 2025-05-24 20:50:33 +08:00
mingzhong.li
aeda8668bf docs: fixing word spell in comment 2025-05-24 18:42:25 +08:00
mingzhong.li
c1dc00cff2 fix: fixing interactive element event checking: restore code for using window.getEventListeners 2025-05-24 18:28:31 +08:00
Evgeny Kim
5da261310b Improve file upload detection 2025-05-23 13:05:06 +02:00
Nick Sweeting
6b8360c475 better logging 2025-05-22 23:17:21 -07:00
Nick Sweeting
1d6aa96b53 Fixed the issue where getEventListeners was unavailable when used in page.evaluate. Changed to a custom event listener detection approach. (#1710) 2025-05-21 00:59:28 -07:00
marcyang
bc2beba636 Optimization: Fixed event listener detection logic 2025-05-21 11:32:58 +08:00
shawyang
58cc135a05 fix: replace getEventListeners with custom event listener detection for Playwright compatibility 2025-05-19 17:18:20 +08:00
mingzhong.li
91b1bb85e2 fix: detect interactive elements with click event listener : adding 'click' mouse event and fixing element mouse event check 2025-05-19 00:16:42 +08:00
Pavel Kuzmin
e0414e8a09 Update buildDomTree.js 
Fix: remove redundant checks and improve performance in isHeuristicallyInteractive

- Removed optional chaining before isSameNode (not needed for parentElement)
- Replaced Array.from() with direct use of .children and spread syntax
- Minor cleanup and comment improvements for clarity
 2025-05-13 13:23:03 +05:00
Pavel Kuzmin
1891cb91b1 Update buildDomTree.js 
Refactor: extract heuristic interactivity check into separate function

Improved readability and maintainability by moving visibility and interactivity heuristics
into a dedicated `isHeuristicallyInteractive` helper. Added detailed comments and optimized logic.
 2025-05-13 13:10:06 +05:00
Nick Sweeting
457e97842d fixes for viewportExpansion=-1 mode to force-include all elements 2025-05-04 21:09:52 +08:00
Nick Sweeting
d48697276c fix: add cursor:pointer handling in buildDomTree and update test URLs to handle expander icons (#1502) 2025-05-02 23:53:45 -07:00
Nick Sweeting
d810064a9e refactor: add caching for client rects and improve highlight cleanup logic (#1551) 2025-05-02 23:50:33 -07:00
satya-nutella
96b6e02194 Merge branch 'main' into fix/detect-expander-icons 2025-05-02 22:27:25 -07:00
Max Comperatore
cf6d8af73e Refine viewport expansion logic and update documentation for clarity 2025-05-02 21:50:51 +00:00
satya-nutella
c6016b7cc2 Add caching for client rects and improve highlight cleanup logic 
- Introduced caching for client rects using a WeakMap to optimize performance.
- Enhanced highlightElement function to use a document fragment for batch DOM updates.
- Added cleanup function to manage event listeners and overlay elements efficiently.
- Implemented throttling for position updates during scroll and resize events.
- Updated getXPathTree to cache results for improved efficiency.
 2025-05-02 13:13:33 -07:00
satya-nutella
7811a1cceb Refactor event listener tracking in BrowserSession and BrowserContext 
- Removed old init script for event listener tracking in BrowserSession.
- Introduced a new event listener tracking mechanism in BrowserContext using WeakMap for better memory management.
- Updated buildDomTree to utilize the new getEventListenersForNode function for interaction event listeners.
 2025-05-02 12:56:41 -07:00
satya-nutella
472bcd656b Remove cursor:pointer handling from buildDomTree 2025-05-02 12:56:05 -07:00
satya-nutella
ea4afadd1d Add cursor:pointer handling in buildDomTree and update test URLs 2025-05-02 12:56:04 -07:00
Edward Sun
223c0d7da9 Merge branch 'main' into fix/content-editable-visibility 2025-05-02 11:00:00 -07:00
Edward Sun
3b8a499136 Ensure contenteditable fields are interactable 2025-05-02 10:46:17 -07:00
Oskari Silvoniemi
ffbbf12fca lower z-index 2025-05-02 17:09:49 +03:00
Nick Sweeting
f01fde5dad Merge pull request #1414 from youngjuning/patch-1 2025-04-22 02:16:30 -07:00
Aaron Young
13fbf21a40 fix: set highlight div backgroundColor to transparent 2025-04-18 10:34:32 +08:00
shivam
1a6516677a Fix: Ensure first element is correctly indexed in sibling list 2025-04-14 16:17:37 +05:30
Gregor Žunič
34abda2733 typo fix 2025-04-14 10:38:04 +02:00
Gregor Žunič
4891513f4d added event listeners to build dom tree 2025-04-07 22:27:26 +02:00
Gregor Žunič
ee0f961429 switched to better representations 2025-04-07 21:52:13 +02:00
Gregor Žunič
bb4e5734db wip 2025-04-07 15:38:50 +02:00
Gregor Žunič
f33beaf800 removed unnecesary code 2025-04-06 13:26:53 +02:00
Gregor Žunič
753651f793 fixed inline flex elements (multiline text) clickability, highlights 2025-04-06 12:10:04 +02:00
Gregor Žunič
ca0c6fdd0d wip 2025-03-31 16:57:17 -07:00
Gregor Žunič
ba73c748e4 wip 2025-03-31 15:23:04 -07:00
Gregor Žunič
e9824060bd wip 2025-03-30 16:19:09 -07:00
Nick Sweeting
8317eddab1 Merge pull request #953 from Zhen3r/fix/viewport 
Fix special case for viewport expansion in visibility check
 2025-03-25 18:02:17 -07:00
Nick Sweeting
dfa0f30d64 Merge pull request #933 from SmartManoj/dropdown 
Enhance dropdown
 2025-03-25 18:01:37 -07:00
Nick Sweeting
14c4a7a293 Merge branch 'main' into nick/tri-4-make-cross-site-iframes-work-without-disabling-chrome 2025-03-25 13:25:26 -07:00
Nick Sweeting
1cbe93f8a3 Merge pull request #998 from cheewba/bugfix/empty-dir 
Bugfix: error when trying to create empty dir.
 2025-03-25 12:52:55 -07:00
Nick Sweeting
d51f43f0b0 Merge pull request #1031 from Rahul-Sharma-1729/improve_interactive_element_detection 
Performance Improvement: Efficient Detection of Interactive Elements
 2025-03-25 12:50:09 -07:00
Nick Sweeting
b68a5882fd fix removing contenteditable check by accident 2025-03-24 17:05:31 -07:00
Nick Sweeting
73369f910c fix discovery of elements that have both shadow and non shadow child nodes 2025-03-24 14:28:00 -07:00
Nick Sweeting
21dec0dc7f skip iframes that already have tabs open 2025-03-24 10:59:48 -07:00
Nick Sweeting
421ecd597f Merge branch 'main' into nick/tri-4-make-cross-site-iframes-work-without-disabling-chrome 2025-03-23 00:52:33 -07:00
Nick Sweeting
78ade39821 wip trying different approaches, not final 2025-03-23 00:20:12 -07:00
Magnus Müller
8239b68e53 Merge pull request #1043 from prompted365/fix-dom-detection 
Fixed missing text input detection in DOM parsing
 2025-03-22 18:53:44 -07:00
Nick Sweeting
2232da65ac record when JS has run in a given target 2025-03-22 14:38:03 -07:00