browser-use 0.6.0 → 0.7.0

package/dist/agent/system_prompt.md

@@ -14,12 +14,19 @@ You excel at following tasks:
 </language_settings>
 <input>
 At every step, your input will consist of:
-1. <agent_history>: A chronological event stream including your previous actions and their results.
-2. <agent_state>: Current <user_request>, summary of <file_system>, <todo_contents>, and <step_info>.
-3. <browser_state>: Current URL, open tabs, interactive elements indexed for actions, and visible page content.
-4. <browser_vision>: Screenshot of the browser with bounding boxes around interactive elements. If you used screenshot before, this will contain a screenshot.
-5. <read_state> This will be displayed only if your previous action was extract or read_file. This data is only shown in the current step.
+1. <user_request>: Your ultimate objective.
+2. <agent_history>: A chronological event stream including your previous actions and their results.
+3. <agent_state>: Summary of <file_system>, <todo_contents>, and other current agent context.
+4. <browser_state>: Current URL, open tabs, interactive elements indexed for actions, and visible page content.
+5. <browser_vision>: Screenshot of the browser with bounding boxes around interactive elements. If you used screenshot before, this will contain a screenshot.
+6. <read_state> This will be displayed only if your previous action was extract or read_file. This data is only shown in the current step.
 </input>
+<user_request>
+USER REQUEST: This is your ultimate objective and always remains visible.
+- This has the highest priority. Make the user happy.
+- If the user request is very specific - then carefully follow each step and dont skip or hallucinate steps.
+- If the task is open ended you can plan yourself how to get it done.
+</user_request>
 <agent_history>
 Agent history will be given as a list of step information as follows:
 <step_{{step_number}}>:
@@ -30,12 +37,6 @@ Action Results: Your actions and their results
 </step_{{step_number}}>
 and system messages wrapped in <sys> tag.
 </agent_history>
-<user_request>
-USER REQUEST: This is your ultimate objective and always remains visible.
-- This has the highest priority. Make the user happy.
-- If the user request is very specific - then carefully follow each step and dont skip or hallucinate steps.
-- If the task is open ended you can plan yourself how to get it done.
-</user_request>
 <browser_state>
 1. Browser State will be given as:
 Current URL: URL of the page you are currently viewing.

package/dist/agent/system_prompt_anthropic_flash.md

@@ -101,11 +101,12 @@ BEFORE calling `done` with `success=true`, you MUST perform this verification:
 </task_completion_rules>
 <input>
 At every step, your input will consist of:
-1. <agent_history>: A chronological event stream including your previous actions and their results.
-2. <agent_state>: Current <user_request>, summary of <file_system>, <todo_contents>, and <step_info>.
-3. <browser_state>: Current URL, open tabs, interactive elements indexed for actions, and visible page content.
-4. <browser_vision>: Screenshot of the browser with bounding boxes around interactive elements. This is your GROUND TRUTH.
-5. <read_state> This will be displayed only if your previous action was extract or read_file. This data is only shown in the current step.
+1. <user_request>: Your ultimate objective.
+2. <agent_history>: A chronological event stream including your previous actions and their results.
+3. <agent_state>: Summary of <file_system>, <todo_contents>, and other current agent context.
+4. <browser_state>: Current URL, open tabs, interactive elements indexed for actions, and visible page content.
+5. <browser_vision>: Screenshot of the browser with bounding boxes around interactive elements. This is your GROUND TRUTH.
+6. <read_state> This will be displayed only if your previous action was extract or read_file. This data is only shown in the current step.
 </input>
 <agent_history>
 Agent history will be given as a list of step information as follows:

package/dist/agent/system_prompt_no_thinking.md

@@ -14,12 +14,19 @@ You excel at following tasks:
 </language_settings>
 <input>
 At every step, your input will consist of:
-1. <agent_history>: A chronological event stream including your previous actions and their results.
-2. <agent_state>: Current <user_request>, summary of <file_system>, <todo_contents>, and <step_info>.
-3. <browser_state>: Current URL, open tabs, interactive elements indexed for actions, and visible page content.
-4. <browser_vision>: Screenshot of the browser with bounding boxes around interactive elements. If you used screenshot before, this will contain a screenshot.
-5. <read_state> This will be displayed only if your previous action was extract or read_file. This data is only shown in the current step.
+1. <user_request>: Your ultimate objective.
+2. <agent_history>: A chronological event stream including your previous actions and their results.
+3. <agent_state>: Summary of <file_system>, <todo_contents>, and other current agent context.
+4. <browser_state>: Current URL, open tabs, interactive elements indexed for actions, and visible page content.
+5. <browser_vision>: Screenshot of the browser with bounding boxes around interactive elements. If you used screenshot before, this will contain a screenshot.
+6. <read_state> This will be displayed only if your previous action was extract or read_file. This data is only shown in the current step.
 </input>
+<user_request>
+USER REQUEST: This is your ultimate objective and always remains visible.
+- This has the highest priority. Make the user happy.
+- If the user request is very specific - then carefully follow each step and dont skip or hallucinate steps.
+- If the task is open ended you can plan yourself how to get it done.
+</user_request>
 <agent_history>
 Agent history will be given as a list of step information as follows:
 <step_{{step_number}}>:
@@ -30,12 +37,6 @@ Action Results: Your actions and their results
 </step_{{step_number}}>
 and system messages wrapped in <sys> tag.
 </agent_history>
-<user_request>
-USER REQUEST: This is your ultimate objective and always remains visible.
-- This has the highest priority. Make the user happy.
-- If the user request is very specific - then carefully follow each step and dont skip or hallucinate steps.
-- If the task is open ended you can plan yourself how to get it done.
-</user_request>
 <browser_state>
 1. Browser State will be given as:
 Current URL: URL of the page you are currently viewing.

package/dist/agent/views.d.ts

@@ -13,6 +13,8 @@ export interface StructuredOutputParser<T = unknown> {
     model_json_schema?: () => unknown;
     schema?: unknown;
 }
+type SensitiveDataMap = Record<string, string | Record<string, string>>;
+export declare const redactSensitiveDataFromString: (value: string, sensitive_data: SensitiveDataMap | null) => string;
 export interface ActionResultInit {
     is_done?: boolean | null;
     success?: boolean | null;

package/dist/agent/views.js

@@ -8,6 +8,45 @@ import { DEFAULT_INCLUDE_ATTRIBUTES, } from '../dom/views.js';
 import { MessageManagerState } from './message-manager/views.js';
 // Re-export ActionModel for agent/service.ts
 export { ActionModel };
+export const redactSensitiveDataFromString = (value, sensitive_data) => {
+    if (!sensitive_data) {
+        return value;
+    }
+    const placeholders = {};
+    for (const [keyOrDomain, content] of Object.entries(sensitive_data)) {
+        if (typeof content === 'string' && content) {
+            placeholders[keyOrDomain] = content;
+        }
+        else if (content && typeof content === 'object') {
+            for (const [key, val] of Object.entries(content)) {
+                if (val) {
+                    placeholders[key] = val;
+                }
+            }
+        }
+    }
+    const entries = Object.entries(placeholders).sort(([, left], [, right]) => right.length - left.length);
+    if (!entries.length) {
+        return value;
+    }
+    let filtered = value;
+    for (const [key, secret] of entries) {
+        filtered = filtered.split(secret).join(`<secret>${key}</secret>`);
+    }
+    return filtered;
+};
+const chmodPrivateFile = (filePath) => {
+    if (process.platform !== 'win32') {
+        fs.chmodSync(filePath, 0o600);
+    }
+};
+const ensurePrivateDirectoryIfCreated = (dirPath) => {
+    const existed = fs.existsSync(dirPath);
+    fs.mkdirSync(dirPath, { recursive: true, mode: 0o700 });
+    if (!existed && process.platform !== 'win32') {
+        fs.chmodSync(dirPath, 0o700);
+    }
+};
 const parseStructuredOutput = (schema, value) => {
     if (!schema) {
         return null;
@@ -539,30 +578,7 @@ export class AgentHistory {
         return elements;
     }
     static _filterSensitiveDataFromString(value, sensitive_data) {
-        if (!sensitive_data) {
-            return value;
-        }
-        const placeholders = {};
-        for (const [keyOrDomain, content] of Object.entries(sensitive_data)) {
-            if (typeof content === 'string' && content) {
-                placeholders[keyOrDomain] = content;
-            }
-            else if (content && typeof content === 'object') {
-                for (const [key, val] of Object.entries(content)) {
-                    if (val) {
-                        placeholders[key] = val;
-                    }
-                }
-            }
-        }
-        if (!Object.keys(placeholders).length) {
-            return value;
-        }
-        let filtered = value;
-        for (const [key, secret] of Object.entries(placeholders)) {
-            filtered = filtered.split(secret).join(`<secret>${key}</secret>`);
-        }
-        return filtered;
+        return redactSensitiveDataFromString(value, sensitive_data);
     }
     static _filterSensitiveDataFromDict(data, sensitive_data) {
         if (!sensitive_data) {
@@ -594,16 +610,8 @@ export class AgentHistory {
         return filtered;
     }
     toJSON(sensitive_data = null) {
-        let modelOutput = this.model_output?.toJSON() ?? null;
-        if (modelOutput &&
-            Array.isArray(modelOutput.action) &&
-            sensitive_data) {
-            modelOutput.action = modelOutput.action.map((action) => Object.prototype.hasOwnProperty.call(action, 'input')
-                ? AgentHistory._filterSensitiveDataFromDict(action, sensitive_data)
-                : action);
-        }
-        return {
-            model_output: modelOutput,
+        const payload = {
+            model_output: this.model_output?.toJSON() ?? null,
             result: this.result.map((r) => r.toJSON()),
             state: this.state.to_dict(),
             metadata: this.metadata
@@ -616,6 +624,9 @@ export class AgentHistory {
                 : null,
             state_message: this.state_message,
         };
+        return sensitive_data
+            ? AgentHistory._filterSensitiveDataFromDict(payload, sensitive_data)
+            : payload;
     }
 }
 export class AgentHistoryList {
@@ -863,8 +874,9 @@ export class AgentHistoryList {
     }
     save_to_file(filepath, sensitive_data = null) {
         const dir = path.dirname(filepath);
-        fs.mkdirSync(dir, { recursive: true });
-        fs.writeFileSync(filepath, JSON.stringify(this.toJSON(sensitive_data), null, 2), 'utf-8');
+        ensurePrivateDirectoryIfCreated(dir);
+        fs.writeFileSync(filepath, JSON.stringify(this.toJSON(sensitive_data), null, 2), { encoding: 'utf-8', mode: 0o600 });
+        chmodPrivateFile(filepath);
     }
     static load_from_file(filepath, outputModel) {
         const content = fs.readFileSync(filepath, 'utf-8');

package/dist/browser/extensions.js

@@ -13,6 +13,22 @@ import { Readable } from 'node:stream';
 import extract from 'extract-zip';
 import { createLogger } from '../logging-config.js';
 const logger = createLogger('browser_use.extensions');
+const chmodPrivatePath = (targetPath, mode) => {
+    if (process.platform === 'win32') {
+        return;
+    }
+    try {
+        fs.chmodSync(targetPath, mode);
+    }
+    catch {
+        /* best effort */
+    }
+};
+const createPrivateDirectory = (dirPath) => {
+    fs.mkdirSync(dirPath, { recursive: true, mode: 0o700 });
+    chmodPrivatePath(dirPath, 0o700);
+};
+const createPrivateWriteStream = (filePath) => createWriteStream(filePath, { mode: 0o600 });
 /**
  * Generate extension ID from unpacked path
  * Chrome uses SHA256 hash of the directory path
@@ -42,14 +58,11 @@ async function downloadCrx(crxUrl, crxPath) {
             logger.warning(`[⚠️] Failed to download extension: ${response.statusText}`);
             return false;
         }
-        // Ensure directory exists
         const dir = path.dirname(crxPath);
-        if (!fs.existsSync(dir)) {
-            fs.mkdirSync(dir, { recursive: true });
-        }
-        // Download file
-        const fileStream = createWriteStream(crxPath);
+        createPrivateDirectory(dir);
+        const fileStream = createPrivateWriteStream(crxPath);
         await pipeline(Readable.fromWeb(response.body), fileStream);
+        chmodPrivatePath(crxPath, 0o600);
         logger.info(`[✅] Downloaded to ${crxPath}`);
         return true;
     }
@@ -63,10 +76,7 @@ async function downloadCrx(crxUrl, crxPath) {
  */
 async function unpackCrx(crxPath, unpackedPath) {
     try {
-        // Ensure unpacked directory exists
-        if (!fs.existsSync(unpackedPath)) {
-            fs.mkdirSync(unpackedPath, { recursive: true });
-        }
+        createPrivateDirectory(unpackedPath);
         // Extract zip file (CRX is essentially a ZIP with extra header)
         await extract(crxPath, { dir: path.resolve(unpackedPath) });
         // Verify manifest exists

package/dist/browser/profile.d.ts

@@ -4,6 +4,7 @@ export declare const DOMAIN_OPTIMIZATION_THRESHOLD = 100;
 export declare const CHROME_DISABLED_COMPONENTS: string[];
 export declare const CHROME_HEADLESS_ARGS: string[];
 export declare const CHROME_DOCKER_ARGS: string[];
+export declare const CHROME_PROFILE_TRANSIENT_FILE_PATTERNS: string[];
 export declare const CHROME_DISABLE_SECURITY_ARGS: string[];
 export declare const CHROME_DETERMINISTIC_RENDERING_ARGS: string[];
 export declare const CHROME_DEFAULT_ARGS: string[];
@@ -181,6 +182,9 @@ export declare class BrowserProfile {
     private warnStorageStateUserDataDirConflict;
     private warnUserDataDirNonDefault;
     private warnDeterministicRenderingWeirdness;
+    private copyChromeProfileToTempIfNeeded;
+    private isChromeBackedProfile;
+    private isBrowserUseManagedProfile;
     private ensureDefaultDownloadsPath;
     private getDefaultArgsList;
     private getWindowSizeArgs;

package/dist/browser/profile.js

@@ -12,6 +12,21 @@ import { log_pretty_path, uuid7str } from '../utils.js';
 const logger = createLogger('browser_use.browser.profile');
 export const CHROME_DEBUG_PORT = 9242;
 export const DOMAIN_OPTIMIZATION_THRESHOLD = 100;
+const chmodPrivatePath = (targetPath, mode) => {
+    if (process.platform === 'win32') {
+        return;
+    }
+    try {
+        fs.chmodSync(targetPath, mode);
+    }
+    catch {
+        /* best effort */
+    }
+};
+const createPrivateDirectory = (dirPath) => {
+    fs.mkdirSync(dirPath, { recursive: true, mode: 0o700 });
+    chmodPrivatePath(dirPath, 0o700);
+};
 export const CHROME_DISABLED_COMPONENTS = [
     'AcceptCHFrame',
     'AutoExpandDetailsElement',
@@ -54,6 +69,13 @@ export const CHROME_DOCKER_ARGS = [
     '--no-zygote',
     '--disable-site-isolation-trials',
 ];
+export const CHROME_PROFILE_TRANSIENT_FILE_PATTERNS = [
+    'Singleton*',
+    '*.lock',
+    '*-journal',
+    'LOCK',
+    'LOCKFILE',
+];
 export const CHROME_DISABLE_SECURITY_ARGS = [
     '--disable-site-isolation-trials',
     '--disable-web-security',
@@ -381,6 +403,30 @@ const argsAsList = (args) => Object.entries(args).map(([key, value]) => value
     ? `--${key.replace(/^-+/, '')}=${value}`
     : `--${key.replace(/^-+/, '')}`);
 const cloneDefaultOptions = () => JSON.parse(JSON.stringify(DEFAULT_BROWSER_PROFILE_OPTIONS));
+const isChromeProfileTransientFile = (name) => name.startsWith('Singleton') ||
+    name.endsWith('.lock') ||
+    name.endsWith('-journal') ||
+    name === 'LOCK' ||
+    name === 'LOCKFILE';
+const isChromeProfileLockError = (error) => {
+    if (!(error instanceof Error)) {
+        return false;
+    }
+    const code = String(error.code ?? '');
+    const message = error.message;
+    return (code === 'EACCES' ||
+        code === 'EPERM' ||
+        code === 'EBUSY' ||
+        message.includes('WinError 32') ||
+        message.includes('being used by another process'));
+};
+const pathContains = (candidate, parent) => {
+    const relative = path.relative(path.resolve(parent), path.resolve(candidate));
+    return (relative === '' ||
+        (relative !== '' &&
+            !relative.startsWith('..') &&
+            !path.isAbsolute(relative)));
+};
 const normalizeDomainEntry = (entry) => String(entry ?? '')
     .trim()
     .toLowerCase();
@@ -443,6 +489,7 @@ export class BrowserProfile {
         this.warnStorageStateUserDataDirConflict();
         this.warnUserDataDirNonDefault();
         this.warnDeterministicRenderingWeirdness();
+        this.copyChromeProfileToTempIfNeeded();
     }
     toString() {
         return `BrowserProfile#${this.options.id.slice(-4)}`;
@@ -555,6 +602,59 @@ export class BrowserProfile {
             logger.warning('⚠️ BrowserSession(deterministic_rendering=True) is NOT RECOMMENDED. It breaks many sites and increases chances of getting blocked by anti-bot systems. It hardcodes the JS random seed and forces browsers across Linux/Mac/Windows to use the same font rendering engine so that identical screenshots can be generated.');
         }
     }
+    copyChromeProfileToTempIfNeeded() {
+        const userDataDir = this.options.user_data_dir;
+        if (!userDataDir) {
+            return;
+        }
+        const userDataDirText = String(userDataDir);
+        if (userDataDirText.toLowerCase().includes('browser-use-user-data-dir-')) {
+            return;
+        }
+        if (this.isBrowserUseManagedProfile(userDataDirText)) {
+            return;
+        }
+        if (!this.isChromeBackedProfile(userDataDirText)) {
+            return;
+        }
+        const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'browser-use-user-data-dir-'));
+        const originalProfileDir = path.join(userDataDirText, this.options.profile_directory);
+        const tempProfileDir = path.join(tempDir, this.options.profile_directory);
+        try {
+            if (fs.existsSync(originalProfileDir)) {
+                fs.cpSync(originalProfileDir, tempProfileDir, {
+                    recursive: true,
+                    filter: (source) => !isChromeProfileTransientFile(path.basename(source)),
+                });
+                const localStateSource = path.join(userDataDirText, 'Local State');
+                if (fs.existsSync(localStateSource)) {
+                    fs.copyFileSync(localStateSource, path.join(tempDir, 'Local State'));
+                }
+                logger.info(`Copied profile (${this.options.profile_directory}) and Local State to temp directory: ${tempDir}`);
+            }
+            else {
+                fs.mkdirSync(tempProfileDir, { recursive: true });
+                logger.info(`Created new profile (${this.options.profile_directory}) in temp directory: ${tempDir}`);
+            }
+            this.options.user_data_dir = tempDir;
+        }
+        catch (error) {
+            fs.rmSync(tempDir, { recursive: true, force: true });
+            if (isChromeProfileLockError(error)) {
+                throw new Error(`Unable to copy Chrome profile "${this.options.profile_directory}" because one or more files are locked. ` +
+                    'Close any Chrome windows using this profile, or start browser-use with --cdp-url to connect to an already-running browser instead of copying the profile.');
+            }
+            throw error;
+        }
+    }
+    isChromeBackedProfile(userDataDirText) {
+        const normalized = userDataDirText.toLowerCase();
+        return normalized.includes('chrome') || normalized.includes('chromium');
+    }
+    isBrowserUseManagedProfile(userDataDirText) {
+        const profilesDir = path.dirname(CONFIG.BROWSER_USE_DEFAULT_USER_DATA_DIR);
+        return pathContains(userDataDirText, profilesDir);
+    }
     ensureDefaultDownloadsPath() {
         if (this.options.downloads_path) {
             return;
@@ -563,7 +663,7 @@ export class BrowserProfile {
         while (fs.existsSync(downloadsPath)) {
             downloadsPath = path.join(os.tmpdir(), `browser-use-downloads-${randomUUID().slice(0, 8)}`);
         }
-        fs.mkdirSync(downloadsPath, { recursive: true });
+        createPrivateDirectory(downloadsPath);
         this.options.downloads_path = downloadsPath;
     }
     getDefaultArgsList() {
@@ -613,7 +713,7 @@ export class BrowserProfile {
     }
     async ensureDefaultExtensionsDownloaded() {
         const cacheDir = CONFIG.BROWSER_USE_EXTENSIONS_DIR;
-        await fsp.mkdir(cacheDir, { recursive: true });
+        createPrivateDirectory(cacheDir);
         const extensionPaths = [];
         const loadedNames = [];
         for (const ext of DEFAULT_EXTENSIONS) {
@@ -674,7 +774,10 @@ export class BrowserProfile {
                 response.on('data', (chunk) => chunks.push(chunk));
                 response.on('end', async () => {
                     try {
-                        await fsp.writeFile(outputPath, Buffer.concat(chunks));
+                        await fsp.writeFile(outputPath, Buffer.concat(chunks), {
+                            mode: 0o600,
+                        });
+                        chmodPrivatePath(outputPath, 0o600);
                         resolve();
                     }
                     catch (error) {
@@ -689,7 +792,7 @@ export class BrowserProfile {
         if (fs.existsSync(extractDir)) {
             await fsp.rm(extractDir, { recursive: true, force: true });
         }
-        await fsp.mkdir(extractDir, { recursive: true });
+        createPrivateDirectory(extractDir);
         const buffer = await fsp.readFile(crxPath);
         try {
             const zip = new AdmZip(buffer);

package/dist/browser/session.d.ts

@@ -95,6 +95,8 @@ export declare class BrowserSession {
     private _watchdogs;
     private _defaultWatchdogsAttached;
     private _captchaWatchdog;
+    private _scopedExtraHeadersRouteContext;
+    private _scopedExtraHeadersRouteHandler;
     readonly RECONNECT_WAIT_TIMEOUT = 54;
     private _reconnecting;
     private _reconnectTask;
@@ -157,7 +159,10 @@ export declare class BrowserSession {
     private _waitWithAbort;
     private _withAbort;
     private _toPlaywrightOptions;
+    private _assertHttpCredentialsScoped;
     set_extra_headers(headers: Record<string, string>): Promise<void>;
+    private _removeScopedExtraHeadersRoute;
+    private _installScopedExtraHeaders;
     private _applyConfiguredExtraHttpHeaders;
     private _usesRemoteBrowserConnection;
     private _connectToConfiguredBrowser;
@@ -244,6 +249,12 @@ export declare class BrowserSession {
     set_auto_download_pdfs(enabled: boolean): void;
     auto_download_pdfs(): boolean;
     static get_unique_filename(directory: string, filename: string): Promise<string>;
+    private _cancel_download_best_effort;
+    private _assert_download_url_allowed;
+    private static _sanitize_download_filename;
+    private static _redact_url_for_logging;
+    private static _redact_urls_in_text;
+    private static _same_origin;
     get_selector_map(options?: BrowserActionOptions): Promise<SelectorMap>;
     static is_file_input(node: DOMElementNode | null): boolean;
     is_file_input(node: DOMElementNode | null): boolean;
@@ -255,7 +266,9 @@ export declare class BrowserSession {
     /**
      * Get all cookies from the current browser context
      */
-    get_cookies(): Promise<Array<Record<string, any>>>;
+    get_cookies(options?: {
+        include_blocked?: boolean;
+    }): Promise<Array<Record<string, any>>>;
     /**
      * Save cookies to a file (deprecated, use save_storage_state instead)
      * @deprecated Use save_storage_state() instead
@@ -274,10 +287,17 @@ export declare class BrowserSession {
      * Load storage state (cookies, localStorage, sessionStorage) from a file
      */
     load_storage_state(filePath?: string): Promise<void>;
+    private _apply_storage_state_origins;
+    private _normalize_storage_entries;
+    private _sanitize_storage_state_for_save;
+    private _filter_storage_state_cookies;
+    private _filter_cookies_for_exposure;
+    private _get_cookie_access_denial_reason;
     /**
      * Execute JavaScript in the current page context
      */
     execute_javascript(script: string): Promise<any>;
+    validate_page_after_action(page: Page | null, signal?: AbortSignal | null): Promise<void>;
     /**
      * Get comprehensive page information (size, scroll position, etc.)
      */
@@ -384,6 +404,7 @@ export declare class BrowserSession {
     private _is_ip_address_host;
     private _get_domain_variants;
     private _setEntryMatchesUrl;
+    private _domainCollectionHasEntries;
     /**
      * Check if page is displaying a PDF
      */
@@ -423,7 +444,13 @@ export declare class BrowserSession {
     private _get_url_access_denial_reason;
     private _is_url_allowed;
     private _formatDomainCollection;
+    private _has_url_access_restrictions;
+    private _sanitize_tab_for_exposure;
     private _assert_url_allowed;
+    private _rollback_disallowed_navigation;
+    private _replace_disallowed_current_page;
+    private _assert_page_url_allowed_or_rollback;
+    private _get_disallowed_page_error_after_navigation_error;
     /**
      * Navigate helper with URL validation
      */