1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-25 12:15:18 +01:00

[PM-4791] Injected content scripts prevent proper XML file display and disrupt XML responses (#8214)

* [PM-4791] Injected content scripts prevent proper XML file display and disrupt XML responses

* [PM-4791] Adjsuting reference for Fido2 script injection to ensure it only triggers on https protocol types
This commit is contained in:
Cesar Gonzalez 2024-03-22 13:45:33 -05:00 committed by GitHub
parent 7df9c597af
commit 905d177873
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 28 additions and 32 deletions

View File

@ -18,23 +18,24 @@
{
"all_frames": false,
"js": ["content/content-message-handler.js"],
"matches": ["http://*/*", "https://*/*", "file:///*"],
"matches": ["*://*/*", "file:///*"],
"exclude_matches": ["*://*/*.xml*", "file:///*.xml*"],
"run_at": "document_start"
},
{
"all_frames": true,
"js": [
"content/trigger-autofill-script-injection.js",
"content/fido2/trigger-fido2-content-script-injection.js"
],
"matches": ["http://*/*", "https://*/*", "file:///*"],
"js": ["content/fido2/trigger-fido2-content-script-injection.js"],
"matches": ["https://*/*"],
"exclude_matches": ["https://*/*.xml*"],
"run_at": "document_start"
},
{
"all_frames": true,
"css": ["content/autofill.css"],
"matches": ["http://*/*", "https://*/*", "file:///*"],
"run_at": "document_end"
"js": ["content/trigger-autofill-script-injection.js"],
"matches": ["*://*/*", "file:///*"],
"exclude_matches": ["*://*/*.xml*", "file:///*.xml*"],
"run_at": "document_start"
},
{
"all_frames": false,
@ -57,6 +58,7 @@
},
"permissions": [
"<all_urls>",
"*://*/*",
"tabs",
"contextMenus",
"storage",
@ -64,8 +66,6 @@
"clipboardRead",
"clipboardWrite",
"idle",
"http://*/*",
"https://*/*",
"webRequest",
"webRequestBlocking"
],

View File

@ -19,16 +19,23 @@
{
"all_frames": false,
"js": ["content/content-message-handler.js"],
"matches": ["http://*/*", "https://*/*", "file:///*"],
"matches": ["*://*/*", "file:///*"],
"exclude_matches": ["*://*/*.xml*", "file:///*.xml*"],
"run_at": "document_start"
},
{
"all_frames": true,
"js": [
"content/trigger-autofill-script-injection.js",
"content/fido2/trigger-fido2-content-script-injection.js"
],
"matches": ["http://*/*", "https://*/*", "file:///*"],
"js": ["content/fido2/trigger-fido2-content-script-injection.js"],
"matches": ["https://*/*"],
"exclude_matches": ["https://*/*.xml*"],
"run_at": "document_start"
},
{
"all_frames": true,
"css": ["content/autofill.css"],
"js": ["content/trigger-autofill-script-injection.js", "content/misc-utils.js"],
"matches": ["*://*/*", "file:///*"],
"exclude_matches": ["*://*/*.xml*", "file:///*.xml*"],
"run_at": "document_start"
},
{
@ -36,18 +43,6 @@
"js": ["content/lp-fileless-importer.js"],
"matches": ["https://lastpass.com/export.php"],
"run_at": "document_start"
},
{
"all_frames": true,
"css": ["content/autofill.css"],
"matches": ["http://*/*", "https://*/*", "file:///*"],
"run_at": "document_end"
},
{
"all_frames": true,
"js": ["content/misc-utils.js"],
"matches": ["http://*/*", "https://*/*", "file:///*"],
"run_at": "document_end"
}
],
"background": {
@ -76,7 +71,7 @@
"offscreen"
],
"optional_permissions": ["nativeMessaging", "privacy"],
"host_permissions": ["http://*/*", "https://*/*"],
"host_permissions": ["*://*/*"],
"content_security_policy": {
"extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'",
"sandbox": "sandbox allow-scripts; script-src 'self'"

View File

@ -138,6 +138,7 @@ async function run() {
});
}
// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
// eslint-disable-next-line @typescript-eslint/no-floating-promises
run();
// Only run the script if the document is an HTML document
if (document.contentType === "text/html") {
void run();
}