Thanks to visit codestin.com
Credit goes to github.com

Skip to content

cross-origin iframes with depth limits #2766

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Sep 8, 2025
Merged

cross-origin iframes with depth limits #2766

merged 12 commits into from
Sep 8, 2025

Conversation

pirate
Copy link
Member

@pirate pirate commented Aug 23, 2025
edited by cubic-dev-ai bot
Loading

Summary by cubic

Enable cross-origin iframe support by default with strict depth and count limits to prevent DOM explosions. Improves embedded content coverage while keeping performance stable and hardening dialog handling.

  • New Features

    • Cross-origin iframes are on by default with safeguards: max depth 1 and up to 3 iframe documents per snapshot.
    • Process cross-origin iframes only if visible and at least 200x200 px.
    • DOM serializer caps recursion at 30 levels and does not traverse iframe contents.
    • Added debug logs for frame counts, per-iframe IDs/URLs, and warnings when limiting frames.

  • Bug Fixes

    • Wrapped DialogOpenedEvent dispatch in try/except to prevent crashes; errors are logged.

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Aug 23, 2025
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 issues found across 4 files

React with 👍 or 👎 to teach cubic. You can also tag @cubic-dev-ai to give feedback, ask questions, or re-run the review.

@MagMueller
Merge commit 'af5b4400cd31644d06590ce5bcd0c19ac4ef35dd' into iframe-l…
66fc319 
…imits
@MagMueller
Update cross-origin iframe support description for clarity in Browser…
595a95f 
…Profile class
@MagMueller
Refactor logging statements in DomService for improved readability
ff27735 
- Updated logging statements to use multi-line formatting for better clarity.
- Ensured consistent spacing and formatting throughout the service to enhance code maintainability.
cursor[bot]

This comment was marked as outdated.

Sign in to view

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 6, 2025
edited
Loading

Agent Task Evaluation Results: 2/4 (50%)

View detailed results
Task Result Reason
amazon_laptop ✅ Pass The agent successfully navigated to amazon.com, performed a search for 'laptop', and returned detailed information about the first laptop result including its title, price, rating, number of reviews, delivery date, stock status, and key specifications. This meets all the criteria for success.
google_maps_3d ❌ Fail The agent successfully performed all steps except enabling the 3D view, which was explicitly required by the task. The 3D icon remained disabled throughout, and thus the agent did not fulfill the criterion of correctly clicking the 3D button to enable 3D mode. Therefore, the task is considered incomplete and unsuccessful.
browser_use_pip ✅ Pass The agent's output includes the pip installation command 'pip install --upgrade browser-use', which contains the required command 'pip install browser-use'. Therefore, it meets the success criteria.
captcha_cloudflare ❌ Fail The agent failed to locate and interact with the Cloudflare Turnstile captcha widget on the specified demo page, resulting in an inability to solve the captcha, click the check button, or extract the required 'hostname' value. Therefore, the task was not completed successfully as per the criteria.

Check the evaluate-tasks job for detailed task execution logs.

@MagMueller
Refactor iframe dimension retrieval in DomService
016a170 
- Updated the method of accessing iframe dimensions from dictionary-style to attribute-style for improved clarity and consistency.
- Ensured that width and height are directly accessed as properties of the bounds object.
cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

@MagMueller MagMueller mentioned this pull request Sep 8, 2025
Closed
5 tasks
@MagMueller MagMueller changed the title cross-origin iframes on by default with depth limits cross-origin iframes with depth limits Sep 8, 2025
@MagMueller MagMueller enabled auto-merge September 8, 2025 03:41
@MagMueller MagMueller merged commit 93da79d into main Sep 8, 2025
54 checks passed
@MagMueller MagMueller deleted the iframe-limits branch September 8, 2025 03:43
cursor[bot]
cursor bot reviewed Sep 8, 2025
View reviewed changes
browser_use/dom/service.py
self.logger.warning(
f'⚠️ Limiting processing of {original_doc_count} iframes on page to only first {MAX_TOTAL_IFRAMES} to prevent crashes!'
)
snapshot['documents'] = snapshot['documents'][:MAX_TOTAL_IFRAMES]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Iframe Limitation Affects Main Frame

The MAX_TOTAL_IFRAMES constant is intended to limit the number of iframe documents, but the current logic applies this limit to the total documents, including the main frame. This means fewer iframes are processed than expected, and the warning message about "iframes" is inaccurate.

Additional Locations (1)

Fix in Cursor Fix in Web

shivamkhatri
shivamkhatri reviewed Sep 8, 2025
View reviewed changes
browser_use/dom/serializer/serializer.py
"""Step 1: Create a simplified tree with enhanced element detection."""

# Prevent infinite recursion by limiting depth to 30 levels
if depth > 30:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @MagMueller, Thanks for making the iframe count and depth configurable(#3026), but since it’s still hardcoded, it caused me some trouble while debugging.

Our webapp is fairly complex with a large hierarchy of elements, so 30 is a bit too low for our needs.

Could you also consider this and the other bugs under #nicehack69 (most bugs found category)?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what depth do you need @shivamkhatri?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

@shivamkhatri shivamkhatri mentioned this pull request Sep 8, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

+1 more reviewer

@shivamkhatri shivamkhatri shivamkhatri left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pirate @shivamkhatri @MagMueller