From 3d26e8fdb74bfac7f42e4e091f9a938e6605b8e2 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Thu, 27 Sep 2018 11:07:17 -0400 Subject: [PATCH] add bitwardenFrameId checks to all content scripts --- src/browser/browserApi.ts | 2 +- src/content/autofill.js | 2 +- src/content/autofiller.ts | 10 +++++++++- src/content/notificationBar.ts | 8 ++++++++ src/content/shortcuts.ts | 7 ++++++- 5 files changed, 25 insertions(+), 4 deletions(-) diff --git a/src/browser/browserApi.ts b/src/browser/browserApi.ts index 316107599c..eebfb80857 100644 --- a/src/browser/browserApi.ts +++ b/src/browser/browserApi.ts @@ -216,7 +216,7 @@ export class BrowserApi { // condition is only called if the popup wasn't already dismissed (future proofing). // ref: https://bugzilla.mozilla.org/show_bug.cgi?id=1433604 browser.tabs.update({ active: true }).finally(win.close); - }  else if (BrowserApi.isWebExtensionsApi || BrowserApi.isChromeApi) { + } else if (BrowserApi.isWebExtensionsApi || BrowserApi.isChromeApi) { win.close(); } else if (BrowserApi.isSafariApi && safari.extension.popovers && safari.extension.popovers.length > 0) { safari.extension.popovers[0].hide(); diff --git a/src/content/autofill.js b/src/content/autofill.js index 4041dfcc7f..4aff4dea81 100644 --- a/src/content/autofill.js +++ b/src/content/autofill.js @@ -991,7 +991,7 @@ } safari.self.addEventListener('message', function (msgEvent) { var msg = msgEvent.message; - if(msg.bitwardenFrameId != null && window.__bitwardenFrameId !== msg.bitwardenFrameId) { + if (msg.bitwardenFrameId != null && window.__bitwardenFrameId !== msg.bitwardenFrameId) { return; } diff --git a/src/content/autofiller.ts b/src/content/autofiller.ts index d242735801..fcad52d0b1 100644 --- a/src/content/autofiller.ts +++ b/src/content/autofiller.ts @@ -7,13 +7,20 @@ document.addEventListener('DOMContentLoaded', (event) => { navigator.userAgent.indexOf('Chrome') === -1; if (isSafari) { + if ((window as any).__bitwardenFrameId == null) { + (window as any).__bitwardenFrameId = Math.floor(Math.random() * Math.floor(99999999)); + } const responseCommand = 'autofillerAutofillOnPageLoadEnabledResponse'; safari.self.tab.dispatchMessage('bitwarden', { command: 'bgGetDataForTab', responseCommand: responseCommand, + bitwardenFrameId: (window as any).__bitwardenFrameId, }); safari.self.addEventListener('message', (msgEvent: any) => { const msg = msgEvent.message; + if (msg.bitwardenFrameId != null && (window as any).__bitwardenFrameId !== msg.bitwardenFrameId) { + return; + } if (msg.command === responseCommand && msg.data.autofillEnabled === true) { setInterval(() => doFillIfNeeded(), 500); } else if (msg.command === 'fillForm' && pageHref === msg.url) { @@ -52,12 +59,13 @@ document.addEventListener('DOMContentLoaded', (event) => { } pageHref = window.location.href; - const msg = { + const msg: any = { command: 'bgCollectPageDetails', sender: 'autofiller', }; if (isSafari) { + msg.bitwardenFrameId = (window as any).__bitwardenFrameId; safari.self.tab.dispatchMessage('bitwarden', msg); } else { chrome.runtime.sendMessage(msg); diff --git a/src/content/notificationBar.ts b/src/content/notificationBar.ts index 3efa7164ef..164aed36f1 100644 --- a/src/content/notificationBar.ts +++ b/src/content/notificationBar.ts @@ -24,6 +24,9 @@ document.addEventListener('DOMContentLoaded', (event) => { let disabledChangedPasswordNotification = false; if (isSafari) { + if ((window as any).__bitwardenFrameId == null) { + (window as any).__bitwardenFrameId = Math.floor(Math.random() * Math.floor(99999999)); + } if (inIframe) { return; } @@ -32,9 +35,13 @@ document.addEventListener('DOMContentLoaded', (event) => { safari.self.tab.dispatchMessage('bitwarden', { command: 'bgGetDataForTab', responseCommand: responseCommand, + bitwardenFrameId: (window as any).__bitwardenFrameId, }); safari.self.addEventListener('message', (msgEvent: any) => { const msg = msgEvent.message; + if (msg.bitwardenFrameId != null && (window as any).__bitwardenFrameId !== msg.bitwardenFrameId) { + return; + } if (msg.command === responseCommand && msg.data) { notificationBarData = msg.data; if (notificationBarData.neverDomains && @@ -562,6 +569,7 @@ document.addEventListener('DOMContentLoaded', (event) => { function sendPlatformMessage(msg: any) { if (isSafari) { + msg.bitwardenFrameId = (window as any).__bitwardenFrameId; safari.self.tab.dispatchMessage('bitwarden', msg); } else { chrome.runtime.sendMessage(msg); diff --git a/src/content/shortcuts.ts b/src/content/shortcuts.ts index 631ee80495..e5ff695508 100644 --- a/src/content/shortcuts.ts +++ b/src/content/shortcuts.ts @@ -10,6 +10,10 @@ document.addEventListener('DOMContentLoaded', (event) => { return; } + if (isSafari && (window as any).__bitwardenFrameId == null) { + (window as any).__bitwardenFrameId = Math.floor(Math.random() * Math.floor(99999999)); + } + Mousetrap.prototype.stopCallback = () => { return false; }; @@ -30,12 +34,13 @@ document.addEventListener('DOMContentLoaded', (event) => { } function sendMessage(shortcut: string) { - const msg = { + const msg: any = { command: 'keyboardShortcutTriggered', shortcut: shortcut, }; if (isSafari) { + msg.bitwardenFrameId = (window as any).__bitwardenFrameId; safari.self.tab.dispatchMessage('bitwarden', msg); } else { chrome.runtime.sendMessage(msg);