[PS-1735] Do not autofill if sandboxed (#3860)
* Do not autofill if sandboxed `self.origin` is 'null' if inside a frame with sandboxed csp or iframe tag * Update apps/browser/src/content/autofill.js Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Record changes in autofill.js Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
This commit is contained in:
parent
e45f4fd7e5
commit
d49b5e0647
|
@ -40,6 +40,7 @@
|
||||||
7. Remove "some useful globals" on window
|
7. Remove "some useful globals" on window
|
||||||
8. Add ability to autofill span[data-bwautofill] elements
|
8. Add ability to autofill span[data-bwautofill] elements
|
||||||
9. Add new handler, for new command that responds with page details in response callback
|
9. Add new handler, for new command that responds with page details in response callback
|
||||||
|
10. Handle sandbox iframe and sandbox rule in CSP
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function collect(document, undefined) {
|
function collect(document, undefined) {
|
||||||
|
@ -641,6 +642,12 @@
|
||||||
0 == confirmResult)) ? true : false;
|
0 == confirmResult)) ? true : false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Detect if within an iframe, and the iframe is sandboxed
|
||||||
|
function isSandboxed() {
|
||||||
|
// self.origin is 'null' if inside a frame with sandboxed csp or iframe tag
|
||||||
|
return self.origin == null || self.origin === 'null';
|
||||||
|
}
|
||||||
|
|
||||||
function doFill(fillScript) {
|
function doFill(fillScript) {
|
||||||
var fillScriptOps,
|
var fillScriptOps,
|
||||||
theOpIds = [],
|
theOpIds = [],
|
||||||
|
@ -653,7 +660,7 @@
|
||||||
fillScriptProperties.delay_between_operations &&
|
fillScriptProperties.delay_between_operations &&
|
||||||
(operationDelayMs = fillScriptProperties.delay_between_operations);
|
(operationDelayMs = fillScriptProperties.delay_between_operations);
|
||||||
|
|
||||||
if (urlNotSecure(fillScript.savedURL)) {
|
if (isSandboxed() || urlNotSecure(fillScript.savedURL)) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue