1
0
mirror of https://github.com/bitwarden/browser synced 2024-12-23 08:30:14 +01:00

Merge pull request #1407 from bitwarden/tighten-autofill-non-password

beefed up restrictions on what is considered isLikePassword
This commit is contained in:
Addison Beck 2020-09-28 18:19:59 -04:00 committed by GitHub
commit 1375b422c7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -903,16 +903,18 @@ export default class AutofillService implements AutofillServiceInterface {
if (value == null) {
return false;
}
const lowerValue = value.toLowerCase();
if (lowerValue.indexOf('onetimepassword') >= 0) {
// Removes all whitespace, _ and - characters
const cleanedValue = value.toLowerCase().replace(/[\s_\-]/g, '');
if (cleanedValue.indexOf('password') < 0) {
return false;
}
if (lowerValue.indexOf('password') < 0) {
return false;
}
if (lowerValue.indexOf('captcha') >= 0) {
const ignoreList = ['onetimepassword', 'captcha', 'findanything'];
if (ignoreList.some((i) => cleanedValue.indexOf(i) > -1)) {
return false;
}
return true;
};
const isLikePassword = () => {