eliott/browser-use
1
0
Fork 0
mirror of https://github.com/browser-use/browser-use synced 2026-05-06 17:52:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
4e1386fe3c5ba4c53efd38b19dfa2467a1bc7499
browser-use/docs/customize/examples/sensitive-data.mdx
Magnus Müller 719761313c Refactor sensitive data handling across examples 
- Updated sensitive_data definitions to remove type annotations for clarity.
- Simplified the structure of sensitive_data in multiple files, ensuring consistency in credential representation.
- Enhanced comments to guide users on the proper use of sensitive data in the context of 2FA and domain-specific credentials.

These changes improve the readability and maintainability of the code while ensuring secure handling of sensitive information.
2025-09-06 07:51:52 -07:00

47 lines
1.5 KiB
Plaintext
Raw Blame History

---
title: "Sensitive Data"
description: "Handle secret information securely and avoid sending PII & passwords to the LLM."
icon: "shield"
mode: "wide"
---
```python
import os
from browser_use import Agent, Browser, ChatOpenAI
os.environ['ANONYMIZED_TELEMETRY'] = "false"
company_credentials = {'x_user': 'your-real-username@email.com', 'x_pass': 'your-real-password123'}
# Option 1: Secrets available for all websites
sensitive_data = company_credentials
# Option 2: Secrets per domain with regex
# sensitive_data = {
# 'https://*.example-staging.com': company_credentials,
# 'http*://test.example.com': company_credentials,
# 'https://example.com': company_credentials,
# 'https://google.com': {'g_email': 'user@gmail.com', 'g_pass': 'google_password'},
# }
agent = Agent(
task='Log into example.com with username x_user and password x_pass',
sensitive_data=sensitive_data,
use_vision=False, # Disable vision to prevent LLM seeing sensitive data in screenshots
llm=ChatOpenAI(model='gpt-4.1-mini'),
)
async def main():
await agent.run()
```
## How it Works
1. **Text Filtering**: The LLM only sees placeholders (`x_user`, `x_pass`), we filter your sensitive data from the input text.
2. **DOM Actions**: Real values are injected directly into form fields after the LLM call
## Best Practices
- Use `Browser(allowed_domains=[...])` to restrict navigation
- Set `use_vision=False` to prevent screenshot leaks
- Use `storage_state='./auth.json'` for login cookies instead of passwords when possible
Reference in New Issue View Git Blame Copy Permalink