npm - @empiricalrun/test-gen - Versions diffs - 0.38.15 → 0.38.16 - Mend

@empiricalrun/test-gen 0.38.15 → 0.38.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md +6 -0
package/dist/agent/browsing/utils.d.ts.map +1 -1
package/dist/agent/browsing/utils.js +20 -10
package/package.json +3 -3

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,11 @@
 # @empiricalrun/test-gen
+## 0.38.16
+### Patch Changes
+- 6163918: fix: security policy injection for locators
 ## 0.38.15
 ### Patch Changes

package/dist/agent/browsing/utils.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/agent/browsing/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAK3D,OAAO,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAClC,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAiBvD,OAAO,EAAe,aAAa,EAAE,MAAM,aAAa,CAAC;AAMzD,wBAAgB,QAAQ,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,IAAI,MAAM,CAKhD;AAED,wBAAgB,wBAAwB,CAAC,KAAK,EAAE,MAAM,EAAE,UAIvD;AA6FD;;;;GAIG;AACH,wBAAsB,yBAAyB,CAC7C,SAAS,EAAE,aAAa,EACxB,KAAK,CAAC,EAAE,WAAW,GAClB,OAAO,CAAC,MAAM,CAAC,CA0DjB;AAyBD,wBAAsB,wBAAwB,CAAC,IAAI,EAAE,IAAI,~~iBAuGxD~~;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,QA+BjD;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAM1E;AAWD;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,YAAY,EAAE,MAAM,EACpB,gBAAgB,EAAE,oBAAoB,EACtC,gBAAgB,GAAE,MAAM,EAAU,GACjC,OAAO,CAAC,MAAM,CAAC,CA+CjB;AAED,wBAAsB,sBAAsB,CAAC,EAC3C,YAAiB,EACjB,IAAS,EACT,eAAoB,EACpB,gBAAqB,EACrB,UAAyC,GAC1C,EAAE;IACD,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,8EASA;AAED,qBAAa,eAAe;IACd,OAAO,CAAC,SAAS;gBAAT,SAAS,EAAE,MAAM;IACrC,OAAO,CAAC,aAAa,CAAqB;YAE5B,mBAAmB;YAUnB,gBAAgB;IAsBjB,OAAO;IAuBb,SAAS;CAKjB"}
1	+ {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/agent/browsing/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAK3D,OAAO,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAClC,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAiBvD,OAAO,EAAe,aAAa,EAAE,MAAM,aAAa,CAAC;AAMzD,wBAAgB,QAAQ,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,IAAI,MAAM,CAKhD;AAED,wBAAgB,wBAAwB,CAAC,KAAK,EAAE,MAAM,EAAE,UAIvD;AA6FD;;;;GAIG;AACH,wBAAsB,yBAAyB,CAC7C,SAAS,EAAE,aAAa,EACxB,KAAK,CAAC,EAAE,WAAW,GAClB,OAAO,CAAC,MAAM,CAAC,CA0DjB;AAyBD,wBAAsB,wBAAwB,CAAC,IAAI,EAAE,IAAI,iBAuHxD;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,QA+BjD;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAM1E;AAWD;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,YAAY,EAAE,MAAM,EACpB,gBAAgB,EAAE,oBAAoB,EACtC,gBAAgB,GAAE,MAAM,EAAU,GACjC,OAAO,CAAC,MAAM,CAAC,CA+CjB;AAED,wBAAsB,sBAAsB,CAAC,EAC3C,YAAiB,EACjB,IAAS,EACT,eAAoB,EACpB,gBAAqB,EACrB,UAAyC,GAC1C,EAAE;IACD,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,8EASA;AAED,qBAAa,eAAe;IACd,OAAO,CAAC,SAAS;gBAAT,SAAS,EAAE,MAAM;IACrC,OAAO,CAAC,aAAa,CAAqB;YAE5B,mBAAmB;YAUnB,gBAAgB;IAsBjB,OAAO;IAuBb,SAAS;CAKjB"}

package/dist/agent/browsing/utils.js CHANGED Viewed

@@ -182,6 +182,11 @@ async function injectPwLocatorGenerator(page) {
         try {
             await Promise.all(scripts.map((s) => page.addScriptTag({ content: s })));
             await page.evaluate(async () => {
+                //@ts-ignore
+                //https://developer.mozilla.org/en-US/docs/Web/API/TrustedScriptURL
+                const trustedPolicy = window.trustedTypes?.createPolicy(crypto.randomUUID(), {
+                    createScriptURL: (url) => url,
+                });
                 //@ts-ignore
                 const injectScriptInIframe = (iframeDoc) => {
                     try {
@@ -189,10 +194,9 @@ async function injectPwLocatorGenerator(page) {
                             "https://assets-test.empirical.run/pw-selector.js",
                             "https://code.jquery.com/jquery-3.7.1.min.js",
                         ].forEach((url) => {
-                            const scr = iframeDoc.createElement("script");
-                            scr.src = url;
-                            console.log("Injecting script in iframe", scr);
-                            iframeDoc.head.appendChild(scr);
+                            const script = iframeDoc.createElement("script");
+                            script.src = trustedPolicy.createScriptURL(url);
+                            iframeDoc.head.appendChild(script);
                         });
                     }
                     catch (e) {
@@ -207,7 +211,8 @@ async function injectPwLocatorGenerator(page) {
                     if (isVisible) {
                         //@ts-ignore
                         const iframeContent = iframe.contentDocument || iframe.contentWindow?.document;
-                        if (iframeContent) {
+                        const isScriptInjected = !!iframe.contentWindow?.playwright;
+                        if (iframeContent && !isScriptInjected) {
                             injectScriptInIframe(iframeContent);
                         }
                     }
@@ -224,18 +229,22 @@ async function injectPwLocatorGenerator(page) {
             //@ts-ignore
             const injectScriptInIframe = (iframeDoc) => {
                 try {
+                    //@ts-ignore
+                    //https://developer.mozilla.org/en-US/docs/Web/API/TrustedScriptURL
+                    const trustedPolicy = window.trustedTypes.createPolicy(crypto.randomUUID(), {
+                        createScriptURL: (url) => url,
+                    });
                     [
                         "https://assets-test.empirical.run/pw-selector.js",
                         "https://code.jquery.com/jquery-3.7.1.min.js",
                     ].forEach((url) => {
                         const scr = iframeDoc.createElement("script");
-                        scr.src = url;
-                        console.log("Injecting script in iframe", scr);
+                        scr.src = trustedPolicy.createScriptURL(url);
                         iframeDoc.head.appendChild(scr);
                     });
                 }
                 catch (e) {
-                    console.warn("Error injecting script in iframe:");
+                    console.warn("Error injecting script in iframe.");
                 }
             };
             const iframes = document.getElementsByTagName("iframe");
@@ -246,7 +255,8 @@ async function injectPwLocatorGenerator(page) {
                 if (isVisible) {
                     //@ts-ignore
                     const iframeContent = iframe.contentDocument || iframe.contentWindow?.document;
-                    if (iframeContent) {
+                    const isScriptInjected = !!iframe.contentWindow?.playwright;
+                    if (iframeContent && !isScriptInjected) {
                         injectScriptInIframe(iframeContent);
                     }
                 }
@@ -254,7 +264,7 @@ async function injectPwLocatorGenerator(page) {
         });
     }
     catch (e) {
-        console.warn("Error injecting script in iframe:");
+        console.warn("Error injecting script in iframe.");
     }
 }
 exports.injectPwLocatorGenerator = injectPwLocatorGenerator;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@empiricalrun/test-gen",
-  "version": "0.38.15",
+  "version": "0.38.16",
   "publishConfig": {
     "registry": "https://registry.npmjs.org/",
     "access": "public"
@@ -59,8 +59,8 @@
     "tsx": "^4.16.2",
     "typescript": "^5.3.3",
     "@empiricalrun/llm": "^0.9.26",
-    "@empiricalrun/r2-uploader": "^0.3.6",
-    "@empiricalrun/reporter": "^0.21.3"
+    "@empiricalrun/reporter": "^0.21.3",
+    "@empiricalrun/r2-uploader": "^0.3.6"
   },
   "devDependencies": {
     "@types/detect-port": "^1.3.5",