Skip to content
/ secure-puppeteer Public

๐Ÿ” Tooling to access Puppeteer's internal Isolated World.

License

MIT license
18 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

prescience-data/secure-puppeteer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

6 Commits
examples
examples
ย 
ย 
src
src
ย 
ย 
.eslintignore
.eslintignore
ย 
ย 
.eslintrc.js
.eslintrc.js
ย 
ย 
.gitattributes
.gitattributes
ย 
ย 
.gitignore
.gitignore
ย 
ย 
.npmrc
.npmrc
ย 
ย 
.prettierignore
.prettierignore
ย 
ย 
.prettierrc.js
.prettierrc.js
ย 
ย 
LICENSE
LICENSE
ย 
ย 
README.md
README.md
ย 
ย 
package-lock.json
package-lock.json
ย 
ย 
package.json
package.json
ย 
ย 
tsconfig.json
tsconfig.json
ย 
ย 

Repository files navigation

Isolated World Accessor for Puppeteer

image

Abstract

The goal is to provided clean, optional access to Puppeteer's internal _secondaryWorld.

My prior solution to this was fully isolating all execution by patching the concrete Puppeteer library, which you can find here: Harden Puppeteer

A full global patch remains my preferred method as it catch anything Puppeteer may execute in the background, but there are many scenarios where a full patch isn't viable or required.

This package provides a way to access the internal _secondaryWorld which Puppeteer automatically isolates each context change.

Installation

Install the secure-puppeteer package with npm, yarn, or pnpm.

$ npm install secure-puppeteer

Option 1 - Inject isolation into a new page:

import { secure, SecurePage } from "secure-puppeteer"

const page: SecurePage = secure(await browser.newPage())

Option 2 - Access the isolation manager directly.

import { isolate, IsolationManager } from "secure-puppeteer"

const iso: IsolationManager = isolate(await browser.newPage())
// Option 2(b) - Fully extract isolated world:
const { world } = iso.modules()

Example

This example can be found in the ./examples directory.

import puppeteer from "puppeteer"

import { secure, Browser, ElementHandle, SecurePage } from "secure-puppeteer"
  ;(async () => {
  const browser: Browser = await puppeteer.launch()
  const page: SecurePage = secure(await browser.newPage())
  await page.goto("https://prescience-data.github.io/execution-monitor.html")
  const element: ElementHandle | null = await page.secure.$(".example-input")
  if (element) {
    await element.type("This is a test...", { delay: 8 })
  } else {
    throw new Error(`Could not find element ".example-input"`)
  }
})()

Limitations

As mentioned above, this will not necessarily catch everything. For full isolation, my current recommendation is patching the base files as I develop this out over time.

Which is to say; make sure you test this fully before using it, and don't get overconfident:

image

Verifying Isolation

You can run a test against a basic execution monitor page set up here: https://prescience-data.github.io/execution-monitor.html (or use that as a base to design your own!).

If working correctly, there should be no visibility of whatever you execute via the page.secure.<method> tools.

image

Community Support

Please only use the issue tracker for bugs, rather than questions.

For any questions or support you can check out the community Discord channel here: https://scraping-chat.cf

About

๐Ÿ” Tooling to access Puppeteer's internal Isolated World.

Topics

execution-context puppeteer isolated-worlds secure-puppeteer

Resources

Readme

License

MIT license
Activity

Stars

18 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages