mirror of
https://github.com/bitwarden/browser.git
synced 2025-01-02 18:17:46 +01:00
[PM-3574] Fix leak of login credentials to foreign origin due to race condition during autofill (#6700)
* [PM-3574] Fix leak of login credentials to foreign origin due to race condition during autofill * [PM-3574] Adding a temporary artificial delay to facilitate QA testing * [PM-3574] Adding a temporary artificial delay to facilitate QA testing * [PM-4590] Cached Page Details of Formless Input Fields Breaks Autofill * [PM-3574] Reworking implementation to take into account the page details url * [PM-3574] Fixing jest tests * [PM-3574] Fixing jest tests * [PM-3574] Removing 5 second delay on autofill
This commit is contained in:
parent
90bad00cb5
commit
8e047f615e
@ -5,6 +5,8 @@ type AutofillExtensionMessage = {
|
||||
tab?: chrome.tabs.Tab;
|
||||
sender?: string;
|
||||
fillScript?: AutofillScript;
|
||||
url?: string;
|
||||
pageDetailsUrl?: string;
|
||||
};
|
||||
|
||||
type AutofillExtensionMessageHandlers = {
|
||||
|
@ -73,13 +73,36 @@ describe("AutofillInit", () => {
|
||||
});
|
||||
|
||||
describe("fillForm", () => {
|
||||
it("will call the InsertAutofillContentService to fill the form", () => {
|
||||
const fillScript = mock<AutofillScript>();
|
||||
beforeEach(() => {
|
||||
jest
|
||||
.spyOn(bitwardenAutofillInit.insertAutofillContentService, "fillForm")
|
||||
.mockImplementation();
|
||||
});
|
||||
|
||||
bitwardenAutofillInit.fillForm(fillScript);
|
||||
it("skips calling the InsertAutofillContentService and does not fill the form if the url to fill is not equal to the current tab url", () => {
|
||||
const fillScript = mock<AutofillScript>();
|
||||
const message = {
|
||||
command: "fillForm",
|
||||
fillScript,
|
||||
pageDetailsUrl: "https://a-different-url.com",
|
||||
};
|
||||
|
||||
bitwardenAutofillInit.fillForm(message);
|
||||
|
||||
expect(bitwardenAutofillInit.insertAutofillContentService.fillForm).not.toHaveBeenCalledWith(
|
||||
fillScript
|
||||
);
|
||||
});
|
||||
|
||||
it("will call the InsertAutofillContentService to fill the form", () => {
|
||||
const fillScript = mock<AutofillScript>();
|
||||
const message = {
|
||||
command: "fillForm",
|
||||
fillScript,
|
||||
pageDetailsUrl: window.location.href,
|
||||
};
|
||||
|
||||
bitwardenAutofillInit.fillForm(message);
|
||||
|
||||
expect(bitwardenAutofillInit.insertAutofillContentService.fillForm).toHaveBeenCalledWith(
|
||||
fillScript
|
||||
|
@ -1,5 +1,4 @@
|
||||
import AutofillPageDetails from "../models/autofill-page-details";
|
||||
import AutofillScript from "../models/autofill-script";
|
||||
import CollectAutofillContentService from "../services/collect-autofill-content.service";
|
||||
import DomElementVisibilityService from "../services/dom-element-visibility.service";
|
||||
import InsertAutofillContentService from "../services/insert-autofill-content.service";
|
||||
@ -17,7 +16,7 @@ class AutofillInit implements AutofillInitInterface {
|
||||
private readonly extensionMessageHandlers: AutofillExtensionMessageHandlers = {
|
||||
collectPageDetails: ({ message }) => this.collectPageDetails(message),
|
||||
collectPageDetailsImmediately: ({ message }) => this.collectPageDetails(message, true),
|
||||
fillForm: ({ message }) => this.fillForm(message.fillScript),
|
||||
fillForm: ({ message }) => this.fillForm(message),
|
||||
};
|
||||
|
||||
/**
|
||||
@ -76,10 +75,14 @@ class AutofillInit implements AutofillInitInterface {
|
||||
|
||||
/**
|
||||
* Fills the form with the given fill script.
|
||||
* @param {AutofillScript} fillScript
|
||||
* @private
|
||||
*
|
||||
* @param {AutofillExtensionMessage} message
|
||||
*/
|
||||
private fillForm(fillScript: AutofillScript) {
|
||||
private fillForm({ fillScript, pageDetailsUrl }: AutofillExtensionMessage) {
|
||||
if ((document.defaultView || window).location.href !== pageDetailsUrl) {
|
||||
return;
|
||||
}
|
||||
|
||||
this.insertAutofillContentService.fillForm(fillScript);
|
||||
}
|
||||
|
||||
|
@ -398,6 +398,7 @@ describe("AutofillService", () => {
|
||||
untrustedIframe: false,
|
||||
},
|
||||
url: currentAutofillPageDetails.tab.url,
|
||||
pageDetailsUrl: "url",
|
||||
},
|
||||
{
|
||||
frameId: currentAutofillPageDetails.frameId,
|
||||
|
@ -208,6 +208,7 @@ export default class AutofillService implements AutofillServiceInterface {
|
||||
command: "fillForm",
|
||||
fillScript: fillScript,
|
||||
url: tab.url,
|
||||
pageDetailsUrl: pd.details.url,
|
||||
},
|
||||
{ frameId: pd.frameId }
|
||||
);
|
||||
|
Loading…
Reference in New Issue
Block a user