Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-25 12:15:18 +01:00
Code Issues Projects Releases Wiki Activity

[PM-4791] Injected content scripts prevent proper XML file display and disrupt XML responses (#8214)

Browse Source 
* [PM-4791] Injected content scripts prevent proper XML file display and disrupt XML responses

* [PM-4791] Adjsuting reference for Fido2 script injection to ensure it only triggers on https protocol types
This commit is contained in:
Cesar Gonzalez 2024-03-22 13:45:33 -05:00 committed by GitHub
parent 7df9c597af
commit 905d177873
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 28 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
apps/browser/src/manifest.json
View File

@ -18,23 +18,24 @@
{ {
"all_frames": false, "all_frames": false,
"js": ["content/content-message-handler.js"], "js": ["content/content-message-handler.js"],
"matches": ["http://*/*", "https://*/*", "file:///*"], "matches": ["*://*/*", "file:///*"],
"exclude_matches": ["*://*/*.xml*", "file:///*.xml*"],
"run_at": "document_start" "run_at": "document_start"
}, },
{ {
"all_frames": true, "all_frames": true,
"js": [ "js": ["content/fido2/trigger-fido2-content-script-injection.js"],
"content/trigger-autofill-script-injection.js", "matches": ["https://*/*"],
"content/fido2/trigger-fido2-content-script-injection.js" "exclude_matches": ["https://*/*.xml*"],
],
"matches": ["http://*/*", "https://*/*", "file:///*"],
"run_at": "document_start" "run_at": "document_start"
}, },
{ {
"all_frames": true, "all_frames": true,
"css": ["content/autofill.css"], "css": ["content/autofill.css"],
"matches": ["http://*/*", "https://*/*", "file:///*"], "js": ["content/trigger-autofill-script-injection.js"],
"run_at": "document_end" "matches": ["*://*/*", "file:///*"],
"exclude_matches": ["*://*/*.xml*", "file:///*.xml*"],
"run_at": "document_start"
}, },
{ {
"all_frames": false, "all_frames": false,
@ -57,6 +58,7 @@
}, },
"permissions": [ "permissions": [
"<all_urls>", "<all_urls>",
"*://*/*",
"tabs", "tabs",
"contextMenus", "contextMenus",
"storage", "storage",
@ -64,8 +66,6 @@
"clipboardRead", "clipboardRead",
"clipboardWrite", "clipboardWrite",
"idle", "idle",
"http://*/*",
"https://*/*",
"webRequest", "webRequest",
"webRequestBlocking" "webRequestBlocking"
], ],

33
apps/browser/src/manifest.v3.json
View File

@ -19,16 +19,23 @@
{ {
"all_frames": false, "all_frames": false,
"js": ["content/content-message-handler.js"], "js": ["content/content-message-handler.js"],
"matches": ["http://*/*", "https://*/*", "file:///*"], "matches": ["*://*/*", "file:///*"],
"exclude_matches": ["*://*/*.xml*", "file:///*.xml*"],
"run_at": "document_start" "run_at": "document_start"
}, },
{ {
"all_frames": true, "all_frames": true,
"js": [ "js": ["content/fido2/trigger-fido2-content-script-injection.js"],
"content/trigger-autofill-script-injection.js", "matches": ["https://*/*"],
"content/fido2/trigger-fido2-content-script-injection.js" "exclude_matches": ["https://*/*.xml*"],
], "run_at": "document_start"
"matches": ["http://*/*", "https://*/*", "file:///*"], },
{
"all_frames": true,
"css": ["content/autofill.css"],
"js": ["content/trigger-autofill-script-injection.js", "content/misc-utils.js"],
"matches": ["*://*/*", "file:///*"],
"exclude_matches": ["*://*/*.xml*", "file:///*.xml*"],
"run_at": "document_start" "run_at": "document_start"
}, },
{ {
@ -36,18 +43,6 @@
"js": ["content/lp-fileless-importer.js"], "js": ["content/lp-fileless-importer.js"],
"matches": ["https://lastpass.com/export.php"], "matches": ["https://lastpass.com/export.php"],
"run_at": "document_start" "run_at": "document_start"
},
{
"all_frames": true,
"css": ["content/autofill.css"],
"matches": ["http://*/*", "https://*/*", "file:///*"],
"run_at": "document_end"
},
{
"all_frames": true,
"js": ["content/misc-utils.js"],
"matches": ["http://*/*", "https://*/*", "file:///*"],
"run_at": "document_end"
} }
], ],
"background": { "background": {
@ -76,7 +71,7 @@
"offscreen" "offscreen"
], ],
"optional_permissions": ["nativeMessaging", "privacy"], "optional_permissions": ["nativeMessaging", "privacy"],
"host_permissions": ["http://*/*", "https://*/*"], "host_permissions": ["*://*/*"],
"content_security_policy": { "content_security_policy": {
"extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'", "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'",
"sandbox": "sandbox allow-scripts; script-src 'self'" "sandbox": "sandbox allow-scripts; script-src 'self'"

7
apps/browser/src/vault/fido2/content/content-script.ts
View File

@ -138,6 +138,7 @@ async function run() {
}); });
} }
// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling. // Only run the script if the document is an HTML document
// eslint-disable-next-line @typescript-eslint/no-floating-promises if (document.contentType === "text/html") {
run(); void run();
}