Skip to content

Add a way to save screenshots from the browser tool #9963

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mrubens merged 3 commits into from
Dec 10, 2025
Merged

Add a way to save screenshots from the browser tool #9963

mrubens merged 3 commits into from
Dec 10, 2025

Conversation

@mrubens
Copy link
Collaborator

@mrubens mrubens commented Dec 9, 2025
edited by ellipsis-dev bot
Loading

Screenshot 2025-12-09 at 3 05 02 PM

Important

Add support for saving browser screenshots with a new screenshot action, including UI updates and localization.

  • Behavior:
    • Adds screenshot action to BrowserActionParams in tool-params.ts.
    • Updates NativeToolCallParser to handle path parameter for screenshot action.
    • Implements saveScreenshot() in BrowserSession.ts to save screenshots to specified paths.
  • Testing:
    • Adds BrowserActionTool.screenshot.spec.ts to test screenshot functionality.
    • Extends BrowserSession.spec.ts with tests for saveScreenshot().
  • UI and Localization:
    • Updates BrowserActionRow.tsx and BrowserSessionRow.tsx to display screenshot actions.
    • Adds translations for screenshot action in multiple locale files.

This description was created by Ellipsis for 089f2ee. You can customize this summary. It will automatically update as commits are pushed.

@mrubens mrubens requested review from cte and jr as code owners December 9, 2025 23:05
@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. Enhancement New feature or request labels Dec 9, 2025
@roomote
Copy link
Contributor

roomote bot commented Dec 9, 2025
edited
Loading

Rooviewer Clock   See task on Roo Cloud

Reviewed commit 089f2ee which adds path validation to prevent filesystem escape in screenshot saving. The implementation correctly:

  • Uses path.resolve() to handle both relative and absolute paths
  • Validates that resolved paths stay within the workspace directory
  • Prevents directory traversal attacks via .. sequences
  • Handles edge cases like similar directory names (/workspace vs /workspaceevil)
  • Includes comprehensive test coverage for all validation scenarios

No issues found. The security concern from the previous review has been properly addressed.

Previous reviews

Mention @roomote in a comment to request specific changes to this pull request or fix all unresolved issues.

@hannesrudolph hannesrudolph added the Issue/PR - Triage New issue. Needs quick review to confirm validity and assign labels. label Dec 9, 2025
@mrubens
Copy link
Collaborator Author

mrubens commented Dec 9, 2025

@roomote fix the failing tests on windows. https://github.com/RooCodeInc/Roo-Code/actions/runs/20081381923/job/57609091032?pr=9963

@roomote
Copy link
Contributor

roomote bot commented Dec 9, 2025
edited
Loading

Fixaroo Clock   See task on Roo Cloud

Fixed Windows test failures by using path.resolve() and path.join() for cross-platform path handling in screenshot tests. All local checks passed.

View commit | Revert commit

hannesrudolph
hannesrudolph reviewed Dec 9, 2025
View reviewed changes
Copy link
Collaborator

@hannesrudolph hannesrudolph left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found an issue that needs attention.

src/services/browser/BrowserSession.ts Outdated
async saveScreenshot(filePath: string, cwd: string): Promise<BrowserActionResult> {
return this.doAction(async (page) => {
// Resolve the full path
const fullPath = path.isAbsolute(filePath) ? filePath : path.join(cwd, filePath)
Copy link
Collaborator

@hannesrudolph hannesrudolph Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The screenshot path is accepted as-is (absolute or with ..), so an agent can write files anywhere on the filesystem despite the prompt saying paths are relative to the workspace. Please resolve against the workspace root (e.g., path.resolve(cwd, filePath)) and reject paths that escape it before calling page.screenshot.

Copy link
Collaborator Author

@mrubens mrubens Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@roomote pls fix

Copy link
Contributor

@roomote roomote bot Dec 9, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixaroo Clock   See task on Roo Cloud

Fixed the reported issue. All local checks passed.

View commit | Revert commit

@mrubens mrubens merged commit 721b02e into main Dec 10, 2025
10 checks passed
@mrubens mrubens deleted the save_browser_screenshot branch December 10, 2025 00:12
@github-project-automation github-project-automation bot moved this from New to Done in Roo Code Roadmap Dec 10, 2025
@github-project-automation github-project-automation bot moved this from Triage to Done in Roo Code Roadmap Dec 10, 2025
mini2s added a commit to zgsm-ai/costrict that referenced this pull request Dec 10, 2025
@mini2s @roomote
@roomote @brunobergher @mrubens @github-actions @daniel-lxs @hannesrudolph @ggoranov-smar @Smartsheet-JB-Brown @ellipsis-dev @github-advanced-security @SilentFlower @FlowerSilent @cte @SannidhyaSah @jr @sebastiand-cerebras @AlexKer @andrewginns @dcbartlett
Roo to main (#776)
57210a8 
* feat(auth): enhance login status logging and use dynamic plugin version

* refactor:  remove disable provider and add client id headers

* test(webview): remove disable  provider tests across multiple test files

* fix: enable caching for Opus 4.5 model (RooCodeInc#9568)

Added claude-opus-4-5-20251101 to the cache control switch statements
to enable prompt caching, matching the behavior of other Claude models.

Fixes RooCodeInc#9567

Co-authored-by: Roo Code <[email protected]>

* feat: Add contact links to About Roo Code settings page (RooCodeInc#9570)

* feat: add contact links to About settings page

* Tweaks

* i18n

* Update webview-ui/src/components/settings/__tests__/About.spec.tsx

Co-authored-by: roomote[bot] <219738659+roomote[bot]@users.noreply.github.com>

---------

Co-authored-by: Roo Code <[email protected]>
Co-authored-by: Bruno Bergher <[email protected]>
Co-authored-by: roomote[bot] <219738659+roomote[bot]@users.noreply.github.com>

* feat: add Claude Opus 4.5 model to Bedrock provider (RooCodeInc#9572)

Co-authored-by: Roo Code <[email protected]>
Co-authored-by: Matt Rubens <[email protected]>

* chore: add changeset for v3.34.3 (RooCodeInc#9578)

* Changeset version bump (RooCodeInc#9579)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Matt Rubens <[email protected]>

* fix: preserve dynamic MCP tool names in native mode API history (RooCodeInc#9559)

* fix: preserve tool_use blocks in summary message during condensing with native tools (RooCodeInc#9582)

* Add support for images api (RooCodeInc#9587)

* Make it clear that BFL Flux 2 is free (RooCodeInc#9588)

* Add BFL models to openrouter (RooCodeInc#9589)

* chore: add changeset for v3.34.4 (RooCodeInc#9590)

* Changeset version bump (RooCodeInc#9591)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Matt Rubens <[email protected]>

* feat: set native tools as default for minimax-m2 and claude-haiku-4.5 (RooCodeInc#9586)

* feat: enable multiple native tool calls per turn with failure guardrails (RooCodeInc#9273)

* feat: add Bedrock Opus 4.5 to global inference model list (RooCodeInc#9595)

Co-authored-by: Roo Code <[email protected]>

* fix: update API handler when toolProtocol changes (RooCodeInc#9599)

* Make single file read only apply to xml tools (RooCodeInc#9600)

* Revert "Add support for Roo Code Cloud as an embeddings provider" (RooCodeInc#9602)

* feat(web-evals): enhance dashboard with dynamic tool columns and UX improvements (RooCodeInc#9592)

Co-authored-by: Roo Code <[email protected]>

* fix(webview): pass taskId to finishSubTask when canceling or deleting tasks

* chore: add changeset for v3.34.5 (RooCodeInc#9603)

* Changeset version bump (RooCodeInc#9604)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Matt Rubens <[email protected]>

* Feature/bedrock embeddings support (RooCodeInc#9475)

* feat: add AWS Bedrock support for codebase indexing

- Add bedrock as a new EmbedderProvider type
- Add AWS Bedrock embedding model profiles (titan-embed-text models)
- Create BedrockEmbedder class with support for Titan and Cohere models
- Add Bedrock configuration support to config manager and interfaces
- Update service factory to create BedrockEmbedder instances
- Add comprehensive tests for BedrockEmbedder
- Add localization strings for Bedrock support

Closes RooCodeInc#8658

* fix: add missing bedrockOptions to loadConfiguration return type

* Fix various issues that the original PR missed.

* Remove debug logs

* Rename AWS Bedrock -> Amazon Bedrock

* Remove some 'as any's

* Revert README changes

* Add t