Skip to content

prescience-data/secure-puppeteer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

6 Commits
examples
examples
Β 
Β 
src
src
Β 
Β 
.eslintignore
.eslintignore
Β 
Β 
.eslintrc.js
.eslintrc.js
Β 
Β 
.gitattributes
.gitattributes
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.npmrc
.npmrc
Β 
Β 
.prettierignore
.prettierignore
Β 
Β 
.prettierrc.js
.prettierrc.js
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
package-lock.json
package-lock.json
Β 
Β 
package.json
package.json
Β 
Β 
tsconfig.json
tsconfig.json
Β 
Β 

Repository files navigation

Isolated World Accessor for Puppeteer

image

Abstract

The goal is to provided clean, optional access to Puppeteer's internal _secondaryWorld.

My prior solution to this was fully isolating all execution by patching the concrete Puppeteer library, which you can find here: Harden Puppeteer

A full global patch remains my preferred method as it catch anything Puppeteer may execute in the background, but there are many scenarios where a full patch isn't viable or required.

This package provides a way to access the internal _secondaryWorld which Puppeteer automatically isolates each context change.

Installation

Install the secure-puppeteer package with npm, yarn, or pnpm.

$ npm install secure-puppeteer

Option 1 - Inject isolation into a new page:

import { secure, SecurePage } from "secure-puppeteer" const page: SecurePage = secure(await browser.newPage())

Option 2 - Access the isolation manager directly.

import { isolate, IsolationManager } from "secure-puppeteer" const iso: IsolationManager = isolate(await browser.newPage()) // Option 2(b) - Fully extract isolated world: const { world } = iso.modules()

Example

This example can be found in the ./examples directory.

import puppeteer from "puppeteer" import { secure, Browser, ElementHandle, SecurePage } from "secure-puppeteer" ;(async () => { const browser: Browser = await puppeteer.launch() const page: SecurePage = secure(await browser.newPage()) await page.goto("https://prescience-data.github.io/execution-monitor.html") const element: ElementHandle | null = await page.secure.$(".example-input") if (element) { await element.type("This is a test...", { delay: 8 }) } else { throw new Error(`Could not find element ".example-input"`) } })()

Limitations

As mentioned above, this will not necessarily catch everything. For full isolation, my current recommendation is patching the base files as I develop this out over time.

Which is to say; make sure you test this fully before using it, and don't get overconfident:

image

Verifying Isolation

You can run a test against a basic execution monitor page set up here: https://prescience-data.github.io/execution-monitor.html (or use that as a base to design your own!).

If working correctly, there should be no visibility of whatever you execute via the page.secure.<method> tools.

image

Community Support

Please only use the issue tracker for bugs, rather than questions.

For any questions or support you can check out the community Discord channel here: https://scraping-chat.cf

About

πŸ” Tooling to access Puppeteer's internal Isolated World.

Topics

execution-context puppeteer isolated-worlds secure-puppeteer

Resources

Readme

License

MIT license
Activity

Stars

22 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages