[PS-1734] Send saved urls to autofill script (#3861)

* Send all saved url to autofill script

* Handle array of matched urls in content script

* Prompt at most once to override insecure autofill

* Do not send never match URIs to content script

We know these URIs did not cause the autofill match, so we
can safely remove these from the list of potential matches.

apps/browser/src/content/autofill.js

@@ -41,6 +41,7 @@
   8. Add ability to autofill span[data-bwautofill] elements
   9. Add new handler, for new command that responds with page details in response callback
   10. Handle sandbox iframe and sandbox rule in CSP
+  11. Work on array of saved urls instead of just one to determine if we should autofill non-https sites
   */
 
   function collect(document, undefined) {
@@ -631,14 +632,14 @@
           animateTheFilling = true;
 
       // Check if URL is not secure when the original saved one was
-      function urlNotSecure(savedURL) {
+      function urlNotSecure(savedURLs) {
           var passwordInputs = null;
-          if (!savedURL) {
+          if (!savedURLs) {
               return false;
           }
 
-          return 0 === savedURL.indexOf('https://') && 'http:' === document.location.protocol && (passwordInputs = document.querySelectorAll('input[type=password]'),
-              0 < passwordInputs.length && (confirmResult = confirm('Warning: This is an unsecured HTTP page, and any information you submit can potentially be seen and changed by others. This Login was originally saved on a secure (HTTPS) page.\\n\\nDo you still wish to fill this login?'),
+          return savedURLs.some(url => url.indexOf('https://') === 0) && 'http:' === document.location.protocol && (passwordInputs = document.querySelectorAll('input[type=password]'),
+              0 < passwordInputs.length && (confirmResult = confirm('Warning: This is an unsecured HTTP page, and any information you submit can potentially be seen and changed by others. This Login was originally saved on a secure (HTTPS) page.\n\nDo you still wish to fill this login?'),
                   0 == confirmResult)) ? true : false;
       }
 
@@ -660,7 +661,7 @@
               fillScriptProperties.delay_between_operations &&
               (operationDelayMs = fillScriptProperties.delay_between_operations);
 
-          if (isSandboxed() || urlNotSecure(fillScript.savedURL)) {
+          if (isSandboxed() || urlNotSecure(fillScript.savedUrls)) {
               return;
           }
 

apps/browser/src/models/autofillScript.ts

@@ -5,6 +5,7 @@ export default class AutofillScript {
   options: any = {};
   metadata: any = {};
   autosubmit: any = null;
+  savedUrls: string[];
 
   constructor(documentUUID: string) {
     this.documentUUID = documentUUID;

apps/browser/src/services/autofill.service.ts

@@ -6,6 +6,7 @@ import { CipherRepromptType } from "@bitwarden/common/enums/cipherRepromptType";
 import { CipherType } from "@bitwarden/common/enums/cipherType";
 import { EventType } from "@bitwarden/common/enums/eventType";
 import { FieldType } from "@bitwarden/common/enums/fieldType";
+import { UriMatchType } from "@bitwarden/common/enums/uriMatchType";
 import { CipherView } from "@bitwarden/common/models/view/cipher.view";
 import { FieldView } from "@bitwarden/common/models/view/field.view";
 
@@ -305,6 +306,8 @@ export default class AutofillService implements AutofillServiceInterface {
     let pf: AutofillField = null;
     let username: AutofillField = null;
     const login = options.cipher.login;
+    fillScript.savedUrls =
+      login?.uris?.filter((u) => u.match != UriMatchType.Never).map((u) => u.uri) ?? [];
 
     if (!login.password || login.password === "") {
       // No password for this login. Maybe they just wanted to auto-fill some custom fields?