Skip to content

Latest commit

 

History

History
89 lines (52 loc) · 2.93 KB

README.md

File metadata and controls

89 lines (52 loc) · 2.93 KB

Isolated World Accessor for Puppeteer

image

Abstract

The goal is to provided clean, optional access to Puppeteer's internal _secondaryWorld.

My prior solution to this was fully isolating all execution by patching the concrete Puppeteer library, which you can find here: Harden Puppeteer

A full global patch remains my preferred method as it catch anything Puppeteer may execute in the background, but there are many scenarios where a full patch isn't viable or required.

This package provides a way to access the internal _secondaryWorld which Puppeteer automatically isolates each context change.

Installation

Install the secure-puppeteer package with npm, yarn, or pnpm.

$ npm install secure-puppeteer

Option 1 - Inject isolation into a new page:

import { secure, SecurePage } from "secure-puppeteer"

const page: SecurePage = secure(await browser.newPage())

Option 2 - Access the isolation manager directly.

import { isolate, IsolationManager } from "secure-puppeteer"

const iso: IsolationManager = isolate(await browser.newPage())
// Option 2(b) - Fully extract isolated world:
const { world } = iso.modules()

Example

This example can be found in the ./examples directory.

import puppeteer from "puppeteer"

import { secure, Browser, ElementHandle, SecurePage } from "secure-puppeteer"
  ;(async () => {
  const browser: Browser = await puppeteer.launch()
  const page: SecurePage = secure(await browser.newPage())
  await page.goto("https://prescience-data.github.io/execution-monitor.html")
  const element: ElementHandle | null = await page.secure.$(".example-input")
  if (element) {
    await element.type("This is a test...", { delay: 8 })
  } else {
    throw new Error(`Could not find element ".example-input"`)
  }
})()

Limitations

As mentioned above, this will not necessarily catch everything. For full isolation, my current recommendation is patching the base files as I develop this out over time.

Which is to say; make sure you test this fully before using it, and don't get overconfident:

image

Verifying Isolation

You can run a test against a basic execution monitor page set up here: https://prescience-data.github.io/execution-monitor.html (or use that as a base to design your own!).

If working correctly, there should be no visibility of whatever you execute via the page.secure.<method> tools.

image

Community Support

Please only use the issue tracker for bugs, rather than questions.

For any questions or support you can check out the community Discord channel here: https://scraping-chat.cf