vaultwarden
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

[PS-1735] Do not autofill if sandboxed (#3860) 

* Do not autofill if sandboxed

`self.origin` is 'null' if inside a frame with sandboxed csp or iframe tag

* Update apps/browser/src/content/autofill.js

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* Record changes in autofill.js

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
This commit is contained in:
Matt Gibson 2022-10-21 12:55:20 -04:00 committed by GitHub
parent e45f4fd7e5
commit d49b5e0647
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
apps/browser/src/content/autofill.js
View File

@ -40,6 +40,7 @@
7. Remove "some useful globals" on window
8. Add ability to autofill span[data-bwautofill] elements
9. Add new handler, for new command that responds with page details in response callback
10. Handle sandbox iframe and sandbox rule in CSP
*/
function collect(document, undefined) {
@ -641,6 +642,12 @@
0 == confirmResult)) ? true : false;
}
// Detect if within an iframe, and the iframe is sandboxed
function isSandboxed() {
// self.origin is 'null' if inside a frame with sandboxed csp or iframe tag
return self.origin == null || self.origin === 'null';
}
function doFill(fillScript) {
var fillScriptOps,
theOpIds = [],
@ -653,7 +660,7 @@
fillScriptProperties.delay_between_operations &&
(operationDelayMs = fillScriptProperties.delay_between_operations);
if (urlNotSecure(fillScript.savedURL)) {
if (isSandboxed() || urlNotSecure(fillScript.savedURL)) {
return;
}