

























@@ -1,4 +1,9 @@
11import { vi } from "vitest";
2+import {
3+assertBrowserNavigationResultAllowed,
4+withBrowserNavigationPolicy,
5+} from "../navigation-guard.js";
6+import type { BrowserRouteContext } from "../server-context.js";
27import type { BrowserRequest } from "./types.js";
3849export const existingSessionRouteState = {
@@ -37,14 +42,33 @@ export function createExistingSessionAgentSharedModule() {
3742typeof body.targetId === "string" ? body.targetId : undefined,
3843),
3944withPlaywrightRouteContext: vi.fn(),
40-withRouteTabContext: vi.fn(async ({ run }: { run: (args: unknown) => Promise<void> }) => {
41-await run({
42-profileCtx: existingSessionRouteState.profileCtx,
43-cdpUrl: "http://127.0.0.1:18800",
44-tab: existingSessionRouteState.tab,
45-resolveTabUrl: vi.fn(async (fallbackUrl?: string) => fallbackUrl ?? routeStateUrl()),
46-});
47-}),
45+withRouteTabContext: vi.fn(
46+async ({
47+ ctx,
48+ enforceCurrentUrlAllowed,
49+ run,
50+}: {
51+ctx: BrowserRouteContext;
52+enforceCurrentUrlAllowed?: boolean;
53+run: (args: unknown) => Promise<void>;
54+}) => {
55+if (enforceCurrentUrlAllowed) {
56+const ssrfPolicyOpts = withBrowserNavigationPolicy(ctx.state().resolved.ssrfPolicy);
57+if (ssrfPolicyOpts.ssrfPolicy) {
58+await assertBrowserNavigationResultAllowed({
59+url: existingSessionRouteState.tab.url,
60+ ...ssrfPolicyOpts,
61+});
62+}
63+}
64+await run({
65+profileCtx: existingSessionRouteState.profileCtx,
66+cdpUrl: "http://127.0.0.1:18800",
67+tab: existingSessionRouteState.tab,
68+resolveTabUrl: vi.fn(async (fallbackUrl?: string) => fallbackUrl ?? routeStateUrl()),
69+});
70+},
71+),
4872};
4973}
5074此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。