Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-06-21 09:45:05 +02:00
Code Issues Projects Releases Wiki Activity

[PM-1407] Improve iframe sandbox detection (#5976)

Browse Source 
* improve iframe sandbox detection

* code cleanup

Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>

* update autofill v1 logic as well

---------

Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
This commit is contained in:
Jonathan Prusik 2023-08-29 09:10:16 -04:00 committed by GitHub
parent fd119f08ec
commit 42193aecb8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
apps/browser/src/autofill/content/autofill.js
View File

@ -768,8 +768,16 @@
// Detect if within an iframe, and the iframe is sandboxed
function isSandboxed() {
// self.origin is 'null' if inside a frame with sandboxed csp or iframe tag
return self.origin == null || self.origin === 'null';
// self.origin is 'null' if inside a frame with sandboxed csp or iframe tag
if (String(self.origin).toLowerCase() === "null") {
return true;
}
if (window.frameElement?.hasAttribute("sandbox")) {
return true;
}
return location.hostname === "";
}
function doFill(fillScript) {

10
apps/browser/src/autofill/content/autofillv2.ts
View File

@ -849,7 +849,15 @@ function fill(document: Document, fillScript: AutofillScript) {
// Detect if within an iframe, and the iframe is sandboxed
function isSandboxed() {
// self.origin is 'null' if inside a frame with sandboxed csp or iframe tag
return self.origin == null || self.origin === "null";
if (String(self.origin).toLowerCase() === "null") {
return true;
}
if (window.frameElement?.hasAttribute("sandbox")) {
return true;
}
return location.hostname === "";
}
function doFill(fillScript: AutofillScript) {