eliott/browser-use
1
0
Fork 0
mirror of https://github.com/browser-use/browser-use synced 2026-05-06 17:52:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,130 Commits 515 Branches 132 Tags
e9b2fea57f6de193dfb170e4fb5fe2f2f74fbc98
Commit Graph

240 Commits

Author SHA1 Message Date
Nick Sweeting
d8a9d21b00 Fix critical domain restriction bypass vulnerability (#2006) 2025-06-19 23:01:21 -07:00
Nick Sweeting
c36ca35984 improve logging of errors 2025-06-19 06:40:14 -07:00
Nick Sweeting
60f2abd206 add retry for actions that fail due to page navigation mid-action 2025-06-19 04:15:04 -07:00
Nick Sweeting
9bf0b10b31 throw explicit error for missing page 2025-06-19 02:27:38 -07:00
Your Name
45872c1e45 fix(security): prevent domain restriction bypass in controller actions 
- Add domain validation to controller.click() and controller.type() methods
- Implement comprehensive security checks before executing actions
- Prevent potential prompt injection and unauthorized data access
- Add extensive test coverage for domain validation scenarios
- Update documentation with security considerations

This critical fix prevents complete bypass of domain restrictions that
could enable attackers to perform unauthorized actions on any domain.
 2025-06-19 11:24:50 +02:00
Yasith Jayawardana
e2e11966d3 Merge branch 'main' into typing-improvements 2025-06-18 21:20:47 -04:00
Magnus Müller
1b5593d1aa remove unused success parameter from ActionResult in service.py 2025-06-17 19:15:33 +02:00
yasithdev
8ea4b4c71a centralize playwright/patchwright imports, and update typing/checks to reduce lint errors 2025-06-16 22:57:20 -04:00
Nick Sweeting
582c039c15 make save_context and other file operations async, setup traces and other dirs on startup 2025-06-12 18:38:12 -07:00
Nick Sweeting
688b4768e2 make wait_for_load_state and network errors into AgentState entries instead of hard exceptions 2025-06-12 18:36:09 -07:00
Nick Sweeting
d5d341f229 dont raise exception from click action 2025-06-10 23:57:41 -07:00
Nick Sweeting
fdaafa8afc click by x,y coordinate fallback when main method fails 2025-06-10 06:41:39 -07:00
Nick Sweeting
9eec34f916 fix missing _update_state method 2025-06-10 06:28:18 -07:00
Nick Sweeting
8daaaf665c auto-refresh state when desired element idx is not found 2025-06-10 06:17:52 -07:00
Nick Sweeting
31bd5fdbf2 skip iframes that mightve closed during iteration 2025-06-10 05:16:20 -07:00
Nick Sweeting
56de6cf75c fix markdownify in iframes not having arg bound 2025-06-10 02:21:01 -07:00
Nick Sweeting
3f6de11643 dont steal about:blank thats potentially used by another agent, it invalidates their objects 2025-06-10 02:06:12 -07:00
Nick Sweeting
ccb2af5947 make markdownify non-blocking async 2025-06-10 02:02:33 -07:00
Nick Sweeting
4ffd6bedc0 handle mixed order action params 2025-05-25 06:14:05 -07:00
Nick Sweeting
addeb56f8c add new param optimization test 2025-05-25 03:50:02 -07:00
Nick Sweeting
e9b2462b49 convert actions to take a page when thats all they need 2025-05-25 03:39:53 -07:00
Nick Sweeting
10ec1e8841 fix all actions to use kwargs at callsites 2025-05-25 02:58:17 -07:00
Nick Sweeting
d2ac59e211 refactor action registration to consistently require params or args and kwargs 2025-05-25 01:38:18 -07:00
Nick Sweeting
75f14c4784 checkpoint 2025-05-24 20:41:44 -07:00
Nick Sweeting
3f614ab9df simplify _replace_secrets func to take page obj directly 2025-05-24 02:20:52 -07:00
Nick Sweeting
e0a02faa7f avoid strange hacky check for first param type by variable name prefix 2025-05-24 02:19:44 -07:00
Nick Sweeting
6c05043e10 better comments 2025-05-23 18:23:18 -07:00
Nick Sweeting
6a19f29082 move SpecialActionParameters into views file 2025-05-23 18:21:19 -07:00
Evgeny Kim
5da261310b Improve file upload detection 2025-05-23 13:05:06 +02:00
Nick Sweeting
50ade97062 simplify open_tab action 2025-05-23 00:58:09 -07:00
Nick Sweeting
f6ca4e13a3 massively improve logging experience and add loading animation on browser startup 2025-05-23 00:48:52 -07:00
Nick Sweeting
fbf52be11b improve logging and use scheme matching for google urls 2025-05-22 23:25:17 -07:00
Nick Sweeting
6b8360c475 better logging 2025-05-22 23:17:21 -07:00
Nick Sweeting
38d8b6acec Merge branch 'main' into security-improvements 2025-05-22 17:11:16 -07:00
Nick Sweeting
472d462fa7 minor fixes for proxy models and positional args in google sheets actions 2025-05-22 17:06:22 -07:00
Nick Sweeting
651db76040 fix multiple browser_session arg error 2025-05-22 07:01:51 -07:00
Nick Sweeting
5cbb48a718 tweak controller action param setup to avoid double browser_session arg 2025-05-22 06:55:47 -07:00
Nick Sweeting
643a88b734 Fix async function call in Google Sheets select_cell_or_range 
Made select_cell_or_range an async function and properly await the call to _select_cell_or_range to fix TypeError.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-05-22 05:00:36 -07:00
Nick Sweeting
187641f695 add support for nested sensitive_data 2025-05-22 04:58:23 -07:00
Nick Sweeting
c50b3bd828 fix browser_session decorating 2025-05-22 03:32:05 -07:00
Magnus Müller
4bd407f6c5 Enhance extract_content action to include link retrieval option 
- Updated the `extract_content` action to add an `include_links` parameter, allowing users to specify whether to include links in the extracted content.
- Revised the action's description for clarity, emphasizing the structured format of the output when links are included.
 2025-05-22 12:05:05 +02:00
Magnus Müller
9261112c51 Add new action to retrieve accessibility tree from the current page 
- Introduced a new asynchronous action `get_ax_tree` that extracts the accessibility tree of the current page in a "role name" format.
- Implemented a helper function to flatten the accessibility tree structure and log the results.
- Enhanced logging to provide insights into the accessibility structure of the page for better debugging and analysis.
 2025-05-22 12:03:34 +02:00
Nick Sweeting
b92fffae2e fix google sheets example 2025-05-22 02:30:43 -07:00
Nick Sweeting
cb4a5145f2 fix two bugs in BrowserSession and controller action passing 2025-05-22 02:30:41 -07:00
Nick Sweeting
a84b1c6d6b Merge branch 'main' into browser-session 2025-05-20 03:10:37 -07:00
Nick Sweeting
86ec6a78b0 new BrowserSession and BrowserProfile design, renamed BrowserState to BrowserStateSummary and more 2025-05-20 02:31:54 -07:00
Guido Trevisan
2c7dd75bf0 Apply Ruff formatting 2025-05-17 20:11:05 -05:00
Guido Trevisan
f94d889640 fixed scroll when whole page lives inside a nested container 2025-05-17 19:24:03 -05:00
Nick Sweeting
90dad4a39a refactor to use new BrowserSession model 2025-05-17 04:54:13 -07:00
Nick Sweeting
21cb86e66a Merge branch 'main' into back-to-playwright 2025-05-12 05:31:23 -07:00