Skip to content

fix: remove leaked filesystem paths from browser-use print statements#1424

Open
Esc1200 wants to merge 1 commit into
vibeforge1111:masterfrom
Esc1200:esc1200/fix/status-path-leak
Open

fix: remove leaked filesystem paths from browser-use print statements#1424
Esc1200 wants to merge 1 commit into
vibeforge1111:masterfrom
Esc1200:esc1200/fix/status-path-leak

Conversation

@Esc1200

@Esc1200 Esc1200 commented Jun 7, 2026

Copy link
Copy Markdown

Summary

Replace hardcoded filesystem paths in browser-use CLI print statements with generic descriptions to prevent internal path disclosure.

Changes

  • Line 6712: Status file path in probe success output → generic message
  • Line 6716: Status file path in probe failure output → generic message
  • Line 6735: Screenshot file path in open/screenshot output → generic message
  • Line 6759: Receipt file path in task output → generic message

Why

These print statements exposed internal filesystem paths (e.g., /home/user/.spark/status.json) which could reveal directory structure information to users or in logs.

Severity

MEDIUM — Information disclosure of internal filesystem layout.

Testing

  • Verified all 4 locations replaced with descriptive, non-leaking messages
  • No functional changes to CLI behavior
  • Lint passes clean

@Esc1200
fix: remove leaked filesystem paths from browser-use print statements
50f525a 
Replace hardcoded status file paths, screenshot paths, and receipt
paths with generic descriptions to prevent internal filesystem layout
disclosure in CLI output.

Fixes 4 locations in browser-use probe/open/screenshot/task handlers.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Esc1200