Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-01-17 20:31:50 +01:00
Code Issues Projects Releases Wiki Activity

[PM-1498] Update the iframe autofill alert text (#5364)

Browse Source 
* update text for iframe autofill warning confirm dialog

* use localized confirmation messages

* rewrite urlNotSecure

Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>

---------

Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
This commit is contained in:
Jonathan Prusik 2023-05-10 11:27:33 -04:00 committed by GitHub
parent 6f34fcb86e
commit a64cecff68
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 93 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
apps/browser/src/_locales/en/messages.json
View File

@ -1461,6 +1461,24 @@
"autoFillSuccess": { "autoFillSuccess": {
"message": "Item auto-filled " "message": "Item auto-filled "
}, },
"insecurePageWarning": {
"message": "Warning: This is an unsecured HTTP page, and any information you submit can potentially be seen and changed by others. This Login was originally saved on a secure (HTTPS) page."
},
"insecurePageWarningFillPrompt": {
"message": "Do you still wish to fill this login?"
},
"autofillIframeWarning": {
"message": "The form is hosted by a different domain than the URI of your saved login. Choose OK to auto-fill anyway, or Cancel to stop."
},
"autofillIframeWarningTip": {
"message": "To prevent this warning in the future, save this URI, $HOSTNAME$, to your Bitwarden login item for this site.",
"placeholders": {
"hostname": {
"content": "$1",
"example": "www.example.com"
}
}
},
"setMasterPassword": { "setMasterPassword": {
"message": "Set master password" "message": "Set master password"
}, },

36
apps/browser/src/autofill/content/autofill.js
View File

@ -741,14 +741,29 @@
// Check if URL is not secure when the original saved one was // Check if URL is not secure when the original saved one was
function urlNotSecure(savedURLs) { function urlNotSecure(savedURLs) {
var passwordInputs = null; if (!savedURLs || !savedURLs.length) {
if (!savedURLs) {
return false; return false;
} }
return savedURLs.some(url => url?.indexOf('https://') === 0) && 'http:' === document.location.protocol && (passwordInputs = document.querySelectorAll('input[type=password]'), const confirmationWarning = [
0 < passwordInputs.length && (confirmResult = confirm('Warning: This is an unsecured HTTP page, and any information you submit can potentially be seen and changed by others. This Login was originally saved on a secure (HTTPS) page.\n\nDo you still wish to fill this login?'), chrome.i18n.getMessage("insecurePageWarning"),
0 == confirmResult)) ? true : false; chrome.i18n.getMessage("insecurePageWarningFillPrompt", [window.location.hostname])
].join('\n\n');
if (
// At least one of the `savedURLs` uses SSL
savedURLs.some(url => url.startsWith('https://')) &&
// The current page is not using SSL
document.location.protocol === 'http:' &&
// There are password inputs on the page
document.querySelectorAll('input[type=password]')?.length
) {
// The user agrees the page is unsafe or not
return !confirm(confirmationWarning);
}
// The page is secure
return false;
} }
// Detect if within an iframe, and the iframe is sandboxed // Detect if within an iframe, and the iframe is sandboxed
@ -777,10 +792,13 @@
// confirm() is blocked by sandboxed iframes, but we don't want to fill sandboxed iframes anyway. // confirm() is blocked by sandboxed iframes, but we don't want to fill sandboxed iframes anyway.
// If this occurs, confirm() returns false without displaying the dialog box, and autofill will be aborted. // If this occurs, confirm() returns false without displaying the dialog box, and autofill will be aborted.
// The browser may print a message to the console, but this is not a standard error that we can handle. // The browser may print a message to the console, but this is not a standard error that we can handle.
var acceptedIframeWarning = confirm("The form is hosted by a different domain than the URI " + const confirmationWarning = [
"of your saved login. Choose OK to auto-fill anyway, or Cancel to stop. " + chrome.i18n.getMessage("autofillIframeWarning"),
"To prevent this warning in the future, save this URI, " + chrome.i18n.getMessage("autofillIframeWarningTip", [window.location.hostname])
window.location.hostname + ", to your login."); ].join('\n\n');
const acceptedIframeWarning = confirm(confirmationWarning);
if (!acceptedIframeWarning) { if (!acceptedIframeWarning) {
return; return;
} }