mirror of
https://github.com/bitwarden/browser.git
synced 2024-09-28 04:08:47 +02:00
[PS-1734] Send saved urls to autofill script (#3861)
* Send all saved url to autofill script * Handle array of matched urls in content script * Prompt at most once to override insecure autofill * Do not send never match URIs to content script We know these URIs did not cause the autofill match, so we can safely remove these from the list of potential matches.
This commit is contained in:
parent
1cd62db1c0
commit
337e406e88
@ -41,6 +41,7 @@
|
|||||||
8. Add ability to autofill span[data-bwautofill] elements
|
8. Add ability to autofill span[data-bwautofill] elements
|
||||||
9. Add new handler, for new command that responds with page details in response callback
|
9. Add new handler, for new command that responds with page details in response callback
|
||||||
10. Handle sandbox iframe and sandbox rule in CSP
|
10. Handle sandbox iframe and sandbox rule in CSP
|
||||||
|
11. Work on array of saved urls instead of just one to determine if we should autofill non-https sites
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function collect(document, undefined) {
|
function collect(document, undefined) {
|
||||||
@ -631,14 +632,14 @@
|
|||||||
animateTheFilling = true;
|
animateTheFilling = true;
|
||||||
|
|
||||||
// Check if URL is not secure when the original saved one was
|
// Check if URL is not secure when the original saved one was
|
||||||
function urlNotSecure(savedURL) {
|
function urlNotSecure(savedURLs) {
|
||||||
var passwordInputs = null;
|
var passwordInputs = null;
|
||||||
if (!savedURL) {
|
if (!savedURLs) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0 === savedURL.indexOf('https://') && 'http:' === document.location.protocol && (passwordInputs = document.querySelectorAll('input[type=password]'),
|
return savedURLs.some(url => url.indexOf('https://') === 0) && 'http:' === document.location.protocol && (passwordInputs = document.querySelectorAll('input[type=password]'),
|
||||||
0 < passwordInputs.length && (confirmResult = confirm('Warning: This is an unsecured HTTP page, and any information you submit can potentially be seen and changed by others. This Login was originally saved on a secure (HTTPS) page.\\n\\nDo you still wish to fill this login?'),
|
0 < passwordInputs.length && (confirmResult = confirm('Warning: This is an unsecured HTTP page, and any information you submit can potentially be seen and changed by others. This Login was originally saved on a secure (HTTPS) page.\n\nDo you still wish to fill this login?'),
|
||||||
0 == confirmResult)) ? true : false;
|
0 == confirmResult)) ? true : false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -660,7 +661,7 @@
|
|||||||
fillScriptProperties.delay_between_operations &&
|
fillScriptProperties.delay_between_operations &&
|
||||||
(operationDelayMs = fillScriptProperties.delay_between_operations);
|
(operationDelayMs = fillScriptProperties.delay_between_operations);
|
||||||
|
|
||||||
if (isSandboxed() || urlNotSecure(fillScript.savedURL)) {
|
if (isSandboxed() || urlNotSecure(fillScript.savedUrls)) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -5,6 +5,7 @@ export default class AutofillScript {
|
|||||||
options: any = {};
|
options: any = {};
|
||||||
metadata: any = {};
|
metadata: any = {};
|
||||||
autosubmit: any = null;
|
autosubmit: any = null;
|
||||||
|
savedUrls: string[];
|
||||||
|
|
||||||
constructor(documentUUID: string) {
|
constructor(documentUUID: string) {
|
||||||
this.documentUUID = documentUUID;
|
this.documentUUID = documentUUID;
|
||||||
|
@ -6,6 +6,7 @@ import { CipherRepromptType } from "@bitwarden/common/enums/cipherRepromptType";
|
|||||||
import { CipherType } from "@bitwarden/common/enums/cipherType";
|
import { CipherType } from "@bitwarden/common/enums/cipherType";
|
||||||
import { EventType } from "@bitwarden/common/enums/eventType";
|
import { EventType } from "@bitwarden/common/enums/eventType";
|
||||||
import { FieldType } from "@bitwarden/common/enums/fieldType";
|
import { FieldType } from "@bitwarden/common/enums/fieldType";
|
||||||
|
import { UriMatchType } from "@bitwarden/common/enums/uriMatchType";
|
||||||
import { CipherView } from "@bitwarden/common/models/view/cipher.view";
|
import { CipherView } from "@bitwarden/common/models/view/cipher.view";
|
||||||
import { FieldView } from "@bitwarden/common/models/view/field.view";
|
import { FieldView } from "@bitwarden/common/models/view/field.view";
|
||||||
|
|
||||||
@ -305,6 +306,8 @@ export default class AutofillService implements AutofillServiceInterface {
|
|||||||
let pf: AutofillField = null;
|
let pf: AutofillField = null;
|
||||||
let username: AutofillField = null;
|
let username: AutofillField = null;
|
||||||
const login = options.cipher.login;
|
const login = options.cipher.login;
|
||||||
|
fillScript.savedUrls =
|
||||||
|
login?.uris?.filter((u) => u.match != UriMatchType.Never).map((u) => u.uri) ?? [];
|
||||||
|
|
||||||
if (!login.password || login.password === "") {
|
if (!login.password || login.password === "") {
|
||||||
// No password for this login. Maybe they just wanted to auto-fill some custom fields?
|
// No password for this login. Maybe they just wanted to auto-fill some custom fields?
|
||||||
|
Loading…
Reference in New Issue
Block a user