do no run fido2 content scripts on browser settings or extension background pages

2024-04-22 14:07:40 -04:00 · 2024-04-22 14:07:40 -04:00 · 1f6840f5dc
parent d8749a0c56
commit 1f6840f5dc
4 changed files with 20 additions and 7 deletions
--- a/apps/browser/src/vault/fido2/background/fido2.background.ts
+++ b/apps/browser/src/vault/fido2/background/fido2.background.ts
@ -70,13 +70,13 @@ export class Fido2Background implements Fido2BackgroundInterface {
   */
  async injectFido2ContentScriptsInAllTabs() {
    const tabs = await BrowserApi.tabsQuery({});
+
    for (let index = 0; index < tabs.length; index++) {
      const tab = tabs[index];
-      if (!tab.url?.startsWith("https")) {
-        continue;
-      }

-      void this.injectFido2ContentScripts(tab);
+      if (tab.url?.startsWith("https")) {
+        void this.injectFido2ContentScripts(tab);
+      }
    }
  }

--- a/apps/browser/src/vault/fido2/content/content-script.ts
+++ b/apps/browser/src/vault/fido2/content/content-script.ts
@ -15,7 +15,11 @@ import {
 import { MessageWithMetadata, Messenger } from "./messaging/messenger";

 (function (globalContext) {
-  if (globalContext.document.contentType !== "text/html") {
+  const shouldExecuteContentScript =
+    globalContext.document.contentType === "text/html" &&
+    globalContext.document.location.protocol === "https:";
+
+  if (!shouldExecuteContentScript) {
    return;
  }

--- a/apps/browser/src/vault/fido2/content/page-script-append.mv2.ts
+++ b/apps/browser/src/vault/fido2/content/page-script-append.mv2.ts
@ -5,7 +5,11 @@
 import { Fido2ContentScript } from "../enums/fido2-content-script.enum";

 (function (globalContext) {
-  if (globalContext.document.contentType !== "text/html") {
+  const shouldExecuteContentScript =
+    globalContext.document.contentType === "text/html" &&
+    globalContext.document.location.protocol === "https:";
+
+  if (!shouldExecuteContentScript) {
    return;
  }

--- a/apps/browser/src/vault/fido2/content/page-script.ts
+++ b/apps/browser/src/vault/fido2/content/page-script.ts
@ -6,9 +6,14 @@ import { MessageType } from "./messaging/message";
 import { Messenger } from "./messaging/messenger";

 (function (globalContext) {
-  if (globalContext.document.contentType !== "text/html") {
+  const shouldExecuteContentScript =
+    globalContext.document.contentType === "text/html" &&
+    globalContext.document.location.protocol === "https:";
+
+  if (!shouldExecuteContentScript) {
    return;
  }
+
  const BrowserPublicKeyCredential = globalContext.PublicKeyCredential;
  const BrowserNavigatorCredentials = navigator.credentials;
  const BrowserAuthenticatorAttestationResponse = globalContext.AuthenticatorAttestationResponse;