browserclaw 0.4.2 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +633 -255
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +58 -10
- package/dist/index.d.ts +58 -10
- package/dist/index.js +612 -259
- package/dist/index.js.map +1 -1
- package/package.json +2 -1
package/dist/index.d.cts
CHANGED
|
@@ -1,4 +1,7 @@
|
|
|
1
1
|
import * as playwright_core from 'playwright-core';
|
|
2
|
+
import { BrowserContext } from 'playwright-core';
|
|
3
|
+
import * as node_dns from 'node:dns';
|
|
4
|
+
import { lookup as lookup$1 } from 'node:dns';
|
|
2
5
|
import { lookup } from 'node:dns/promises';
|
|
3
6
|
|
|
4
7
|
interface FrameEvalResult {
|
|
@@ -414,6 +417,16 @@ interface HttpCredentials {
|
|
|
414
417
|
/** Clear HTTP credentials */
|
|
415
418
|
clear?: boolean;
|
|
416
419
|
}
|
|
420
|
+
/** @internal */
|
|
421
|
+
interface ContextState {
|
|
422
|
+
traceActive: boolean;
|
|
423
|
+
}
|
|
424
|
+
/** Result of DNS pinning resolution — hostname locked to resolved addresses. */
|
|
425
|
+
interface PinnedHostname {
|
|
426
|
+
hostname: string;
|
|
427
|
+
addresses: string[];
|
|
428
|
+
lookup: typeof node_dns.lookup;
|
|
429
|
+
}
|
|
417
430
|
|
|
418
431
|
/**
|
|
419
432
|
* Represents a single browser page/tab with ref-based automation.
|
|
@@ -1164,6 +1177,23 @@ type BrowserNavigationRequestLike = {
|
|
|
1164
1177
|
};
|
|
1165
1178
|
/** Build a BrowserNavigationPolicyOptions from an SsrfPolicy. */
|
|
1166
1179
|
declare function withBrowserNavigationPolicy(ssrfPolicy?: SsrfPolicy): BrowserNavigationPolicyOptions;
|
|
1180
|
+
/**
|
|
1181
|
+
* Create a pinned DNS lookup function that always resolves to the pre-resolved
|
|
1182
|
+
* addresses for the given hostname. Falls back to real DNS for other hostnames.
|
|
1183
|
+
*/
|
|
1184
|
+
declare function createPinnedLookup(params: {
|
|
1185
|
+
hostname: string;
|
|
1186
|
+
addresses: string[];
|
|
1187
|
+
fallback?: typeof lookup$1;
|
|
1188
|
+
}): typeof lookup$1;
|
|
1189
|
+
/**
|
|
1190
|
+
* Resolve DNS for a hostname and validate resolved addresses against SSRF policy.
|
|
1191
|
+
* Returns a PinnedHostname with pre-resolved addresses and a pinned lookup function.
|
|
1192
|
+
*/
|
|
1193
|
+
declare function resolvePinnedHostnameWithPolicy(hostname: string, params?: {
|
|
1194
|
+
lookupFn?: LookupFn;
|
|
1195
|
+
policy?: SsrfPolicy;
|
|
1196
|
+
}): Promise<PinnedHostname>;
|
|
1167
1197
|
/**
|
|
1168
1198
|
* Assert that a URL is allowed for browser navigation under the given SSRF policy.
|
|
1169
1199
|
* Throws `InvalidBrowserNavigationUrlError` if the URL is blocked.
|
|
@@ -1172,13 +1202,22 @@ declare function assertBrowserNavigationAllowed(opts: {
|
|
|
1172
1202
|
url: string;
|
|
1173
1203
|
lookupFn?: LookupFn;
|
|
1174
1204
|
} & BrowserNavigationPolicyOptions): Promise<void>;
|
|
1205
|
+
/**
|
|
1206
|
+
* Sanitize an untrusted file name (e.g. from a download) to prevent path traversal.
|
|
1207
|
+
*/
|
|
1208
|
+
declare function sanitizeUntrustedFileName(fileName: string, fallbackName: string): string;
|
|
1209
|
+
/**
|
|
1210
|
+
* Write a file atomically via a sibling temp path.
|
|
1211
|
+
* The writeTemp callback should write the content to tempPath.
|
|
1212
|
+
* After writeTemp completes, the temp file is renamed to the target path.
|
|
1213
|
+
*/
|
|
1214
|
+
declare function writeViaSiblingTempPath(params: {
|
|
1215
|
+
rootDir: string;
|
|
1216
|
+
targetPath: string;
|
|
1217
|
+
writeTemp: (tempPath: string) => Promise<void>;
|
|
1218
|
+
}): Promise<void>;
|
|
1175
1219
|
/**
|
|
1176
1220
|
* Best-effort post-navigation guard for the final page URL.
|
|
1177
|
-
* Only validates http/https URLs and about:blank — swallows errors on
|
|
1178
|
-
* unparseable URLs and non-network protocols (e.g. chrome-error://) to avoid
|
|
1179
|
-
* false positives on browser-internal error pages.
|
|
1180
|
-
*
|
|
1181
|
-
* Call this after `page.goto()` to catch redirect-based SSRF bypasses.
|
|
1182
1221
|
*/
|
|
1183
1222
|
declare function assertBrowserNavigationResultAllowed(opts: {
|
|
1184
1223
|
url: string;
|
|
@@ -1186,17 +1225,26 @@ declare function assertBrowserNavigationResultAllowed(opts: {
|
|
|
1186
1225
|
} & BrowserNavigationPolicyOptions): Promise<void>;
|
|
1187
1226
|
/**
|
|
1188
1227
|
* Walk the full redirect chain and validate each hop against the SSRF policy.
|
|
1189
|
-
* Call this after `page.goto()` with `response?.request()` to catch intermediate
|
|
1190
|
-
* redirects that resolve to private/internal addresses.
|
|
1191
1228
|
*/
|
|
1192
1229
|
declare function assertBrowserNavigationRedirectChainAllowed(opts: {
|
|
1193
1230
|
request?: BrowserNavigationRequestLike | null;
|
|
1194
1231
|
lookupFn?: LookupFn;
|
|
1195
1232
|
} & BrowserNavigationPolicyOptions): Promise<void>;
|
|
1196
1233
|
/**
|
|
1197
|
-
* Returns true if the SSRF policy requires redirect chain inspection
|
|
1198
|
-
* (i.e. strict mode where private network is blocked).
|
|
1234
|
+
* Returns true if the SSRF policy requires redirect chain inspection.
|
|
1199
1235
|
*/
|
|
1200
1236
|
declare function requiresInspectableBrowserNavigationRedirects(ssrfPolicy?: SsrfPolicy): boolean;
|
|
1201
1237
|
|
|
1202
|
-
|
|
1238
|
+
declare function ensureContextState(context: BrowserContext): ContextState;
|
|
1239
|
+
/**
|
|
1240
|
+
* Force-disconnect a Playwright browser connection for a given CDP target.
|
|
1241
|
+
* Clears the connection cache, sends Runtime.terminateExecution via CDP
|
|
1242
|
+
* session to kill stuck evals, and closes the browser.
|
|
1243
|
+
*/
|
|
1244
|
+
declare function forceDisconnectPlaywrightForTarget(opts: {
|
|
1245
|
+
cdpUrl: string;
|
|
1246
|
+
targetId?: string;
|
|
1247
|
+
reason?: string;
|
|
1248
|
+
}): Promise<void>;
|
|
1249
|
+
|
|
1250
|
+
export { type AriaNode, type AriaSnapshotResult, BrowserClaw, type BrowserNavigationPolicyOptions, type BrowserNavigationRequestLike, type BrowserTab, type ChromeExecutable, type ChromeKind, type ClickOptions, type ColorScheme, type ConnectOptions, type ConsoleMessage, type ContextState, type CookieData, CrawlPage, type DialogOptions, type DownloadResult, type FormField, type FrameEvalResult, type GeolocationOptions, type HttpCredentials, InvalidBrowserNavigationUrlError, type LaunchOptions, type LookupFn, type NetworkRequest, type PageError, type PinnedHostname, type ResponseBodyResult, type RoleRefInfo, type RoleRefs, type ScreenshotOptions, type SnapshotOptions, type SnapshotResult, type SnapshotStats, type SsrfPolicy, type StorageKind, type TraceStartOptions, type TypeOptions, type UntrustedContentMeta, type WaitOptions, assertBrowserNavigationAllowed, assertBrowserNavigationRedirectChainAllowed, assertBrowserNavigationResultAllowed, createPinnedLookup, ensureContextState, forceDisconnectPlaywrightForTarget, getChromeWebSocketUrl, isChromeCdpReady, isChromeReachable, normalizeCdpHttpBaseForJsonEndpoints, requiresInspectableBrowserNavigationRedirects, resolvePinnedHostnameWithPolicy, sanitizeUntrustedFileName, withBrowserNavigationPolicy, writeViaSiblingTempPath };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,4 +1,7 @@
|
|
|
1
1
|
import * as playwright_core from 'playwright-core';
|
|
2
|
+
import { BrowserContext } from 'playwright-core';
|
|
3
|
+
import * as node_dns from 'node:dns';
|
|
4
|
+
import { lookup as lookup$1 } from 'node:dns';
|
|
2
5
|
import { lookup } from 'node:dns/promises';
|
|
3
6
|
|
|
4
7
|
interface FrameEvalResult {
|
|
@@ -414,6 +417,16 @@ interface HttpCredentials {
|
|
|
414
417
|
/** Clear HTTP credentials */
|
|
415
418
|
clear?: boolean;
|
|
416
419
|
}
|
|
420
|
+
/** @internal */
|
|
421
|
+
interface ContextState {
|
|
422
|
+
traceActive: boolean;
|
|
423
|
+
}
|
|
424
|
+
/** Result of DNS pinning resolution — hostname locked to resolved addresses. */
|
|
425
|
+
interface PinnedHostname {
|
|
426
|
+
hostname: string;
|
|
427
|
+
addresses: string[];
|
|
428
|
+
lookup: typeof node_dns.lookup;
|
|
429
|
+
}
|
|
417
430
|
|
|
418
431
|
/**
|
|
419
432
|
* Represents a single browser page/tab with ref-based automation.
|
|
@@ -1164,6 +1177,23 @@ type BrowserNavigationRequestLike = {
|
|
|
1164
1177
|
};
|
|
1165
1178
|
/** Build a BrowserNavigationPolicyOptions from an SsrfPolicy. */
|
|
1166
1179
|
declare function withBrowserNavigationPolicy(ssrfPolicy?: SsrfPolicy): BrowserNavigationPolicyOptions;
|
|
1180
|
+
/**
|
|
1181
|
+
* Create a pinned DNS lookup function that always resolves to the pre-resolved
|
|
1182
|
+
* addresses for the given hostname. Falls back to real DNS for other hostnames.
|
|
1183
|
+
*/
|
|
1184
|
+
declare function createPinnedLookup(params: {
|
|
1185
|
+
hostname: string;
|
|
1186
|
+
addresses: string[];
|
|
1187
|
+
fallback?: typeof lookup$1;
|
|
1188
|
+
}): typeof lookup$1;
|
|
1189
|
+
/**
|
|
1190
|
+
* Resolve DNS for a hostname and validate resolved addresses against SSRF policy.
|
|
1191
|
+
* Returns a PinnedHostname with pre-resolved addresses and a pinned lookup function.
|
|
1192
|
+
*/
|
|
1193
|
+
declare function resolvePinnedHostnameWithPolicy(hostname: string, params?: {
|
|
1194
|
+
lookupFn?: LookupFn;
|
|
1195
|
+
policy?: SsrfPolicy;
|
|
1196
|
+
}): Promise<PinnedHostname>;
|
|
1167
1197
|
/**
|
|
1168
1198
|
* Assert that a URL is allowed for browser navigation under the given SSRF policy.
|
|
1169
1199
|
* Throws `InvalidBrowserNavigationUrlError` if the URL is blocked.
|
|
@@ -1172,13 +1202,22 @@ declare function assertBrowserNavigationAllowed(opts: {
|
|
|
1172
1202
|
url: string;
|
|
1173
1203
|
lookupFn?: LookupFn;
|
|
1174
1204
|
} & BrowserNavigationPolicyOptions): Promise<void>;
|
|
1205
|
+
/**
|
|
1206
|
+
* Sanitize an untrusted file name (e.g. from a download) to prevent path traversal.
|
|
1207
|
+
*/
|
|
1208
|
+
declare function sanitizeUntrustedFileName(fileName: string, fallbackName: string): string;
|
|
1209
|
+
/**
|
|
1210
|
+
* Write a file atomically via a sibling temp path.
|
|
1211
|
+
* The writeTemp callback should write the content to tempPath.
|
|
1212
|
+
* After writeTemp completes, the temp file is renamed to the target path.
|
|
1213
|
+
*/
|
|
1214
|
+
declare function writeViaSiblingTempPath(params: {
|
|
1215
|
+
rootDir: string;
|
|
1216
|
+
targetPath: string;
|
|
1217
|
+
writeTemp: (tempPath: string) => Promise<void>;
|
|
1218
|
+
}): Promise<void>;
|
|
1175
1219
|
/**
|
|
1176
1220
|
* Best-effort post-navigation guard for the final page URL.
|
|
1177
|
-
* Only validates http/https URLs and about:blank — swallows errors on
|
|
1178
|
-
* unparseable URLs and non-network protocols (e.g. chrome-error://) to avoid
|
|
1179
|
-
* false positives on browser-internal error pages.
|
|
1180
|
-
*
|
|
1181
|
-
* Call this after `page.goto()` to catch redirect-based SSRF bypasses.
|
|
1182
1221
|
*/
|
|
1183
1222
|
declare function assertBrowserNavigationResultAllowed(opts: {
|
|
1184
1223
|
url: string;
|
|
@@ -1186,17 +1225,26 @@ declare function assertBrowserNavigationResultAllowed(opts: {
|
|
|
1186
1225
|
} & BrowserNavigationPolicyOptions): Promise<void>;
|
|
1187
1226
|
/**
|
|
1188
1227
|
* Walk the full redirect chain and validate each hop against the SSRF policy.
|
|
1189
|
-
* Call this after `page.goto()` with `response?.request()` to catch intermediate
|
|
1190
|
-
* redirects that resolve to private/internal addresses.
|
|
1191
1228
|
*/
|
|
1192
1229
|
declare function assertBrowserNavigationRedirectChainAllowed(opts: {
|
|
1193
1230
|
request?: BrowserNavigationRequestLike | null;
|
|
1194
1231
|
lookupFn?: LookupFn;
|
|
1195
1232
|
} & BrowserNavigationPolicyOptions): Promise<void>;
|
|
1196
1233
|
/**
|
|
1197
|
-
* Returns true if the SSRF policy requires redirect chain inspection
|
|
1198
|
-
* (i.e. strict mode where private network is blocked).
|
|
1234
|
+
* Returns true if the SSRF policy requires redirect chain inspection.
|
|
1199
1235
|
*/
|
|
1200
1236
|
declare function requiresInspectableBrowserNavigationRedirects(ssrfPolicy?: SsrfPolicy): boolean;
|
|
1201
1237
|
|
|
1202
|
-
|
|
1238
|
+
declare function ensureContextState(context: BrowserContext): ContextState;
|
|
1239
|
+
/**
|
|
1240
|
+
* Force-disconnect a Playwright browser connection for a given CDP target.
|
|
1241
|
+
* Clears the connection cache, sends Runtime.terminateExecution via CDP
|
|
1242
|
+
* session to kill stuck evals, and closes the browser.
|
|
1243
|
+
*/
|
|
1244
|
+
declare function forceDisconnectPlaywrightForTarget(opts: {
|
|
1245
|
+
cdpUrl: string;
|
|
1246
|
+
targetId?: string;
|
|
1247
|
+
reason?: string;
|
|
1248
|
+
}): Promise<void>;
|
|
1249
|
+
|
|
1250
|
+
export { type AriaNode, type AriaSnapshotResult, BrowserClaw, type BrowserNavigationPolicyOptions, type BrowserNavigationRequestLike, type BrowserTab, type ChromeExecutable, type ChromeKind, type ClickOptions, type ColorScheme, type ConnectOptions, type ConsoleMessage, type ContextState, type CookieData, CrawlPage, type DialogOptions, type DownloadResult, type FormField, type FrameEvalResult, type GeolocationOptions, type HttpCredentials, InvalidBrowserNavigationUrlError, type LaunchOptions, type LookupFn, type NetworkRequest, type PageError, type PinnedHostname, type ResponseBodyResult, type RoleRefInfo, type RoleRefs, type ScreenshotOptions, type SnapshotOptions, type SnapshotResult, type SnapshotStats, type SsrfPolicy, type StorageKind, type TraceStartOptions, type TypeOptions, type UntrustedContentMeta, type WaitOptions, assertBrowserNavigationAllowed, assertBrowserNavigationRedirectChainAllowed, assertBrowserNavigationResultAllowed, createPinnedLookup, ensureContextState, forceDisconnectPlaywrightForTarget, getChromeWebSocketUrl, isChromeCdpReady, isChromeReachable, normalizeCdpHttpBaseForJsonEndpoints, requiresInspectableBrowserNavigationRedirects, resolvePinnedHostnameWithPolicy, sanitizeUntrustedFileName, withBrowserNavigationPolicy, writeViaSiblingTempPath };
|