Store foreign-origin approvals per frame origin (#36)
This commit is contained in:
Maxim Baz
@@ -110,7 +110,7 @@ async function dispatchFill(
|
|||||||
fillRequest = Object.assign(deepCopy(fillRequest), {
|
fillRequest = Object.assign(deepCopy(fillRequest), {
|
||||||
allowForeign: allowForeign,
|
allowForeign: allowForeign,
|
||||||
allowNoSecret: allowNoSecret,
|
allowNoSecret: allowNoSecret,
|
||||||
approvedForeign: settings.foreignFills[settings.host]
|
foreignFills: settings.foreignFills[settings.host] || {}
|
||||||
});
|
});
|
||||||
|
|
||||||
var perFrameFillResults = await chrome.tabs.executeScript(settings.tab.id, {
|
var perFrameFillResults = await chrome.tabs.executeScript(settings.tab.id, {
|
||||||
@@ -118,30 +118,28 @@ async function dispatchFill(
|
|||||||
code: `window.browserpass.fillLogin(${JSON.stringify(fillRequest)});`
|
code: `window.browserpass.fillLogin(${JSON.stringify(fillRequest)});`
|
||||||
});
|
});
|
||||||
|
|
||||||
// merge fill resutls in a single object
|
// merge filled fields into a single array
|
||||||
var fillResult = perFrameFillResults.reduce(
|
var filledFields = perFrameFillResults
|
||||||
function(merged, frameResult) {
|
.reduce((merged, frameResult) => merged.concat(frameResult.filledFields), [])
|
||||||
if (typeof frameResult.foreignFill !== "undefined") {
|
.filter((val, i, merged) => merged.indexOf(val) === i);
|
||||||
merged.foreignFill = frameResult.foreignFill;
|
|
||||||
}
|
|
||||||
for (var field in frameResult.filledFields) {
|
|
||||||
if (!merged.filledFields.includes(field)) {
|
|
||||||
merged.filledFields.push(field);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return merged;
|
|
||||||
},
|
|
||||||
{ filledFields: [] }
|
|
||||||
);
|
|
||||||
|
|
||||||
// if user answered a foreign-origin confirmation,
|
// if user answered a foreign-origin confirmation,
|
||||||
// store the answer in the settings
|
// store the answers in the settings
|
||||||
if (typeof fillResult.foreignFill !== "undefined") {
|
var needSaveSettings = false;
|
||||||
settings.foreignFills[settings.host] = fillResult.foreignFill;
|
for (var frame of perFrameFillResults) {
|
||||||
|
if (typeof frame.foreignFill !== "undefined") {
|
||||||
|
if (typeof settings.foreignFills[settings.host] === "undefined") {
|
||||||
|
settings.foreignFills[settings.host] = {};
|
||||||
|
}
|
||||||
|
settings.foreignFills[settings.host][frame.foreignOrigin] = frame.foreignFill;
|
||||||
|
needSaveSettings = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (needSaveSettings) {
|
||||||
saveSettings(settings);
|
saveSettings(settings);
|
||||||
}
|
}
|
||||||
|
|
||||||
return fillResult.filledFields;
|
return filledFields;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -93,7 +93,7 @@
|
|||||||
|
|
||||||
// ensure the origin is the same, or ask the user for permissions to continue
|
// ensure the origin is the same, or ask the user for permissions to continue
|
||||||
if (window.location.origin !== request.origin) {
|
if (window.location.origin !== request.origin) {
|
||||||
if (!request.allowForeign) {
|
if (!request.allowForeign || request.foreignFills[window.location.origin] === false) {
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
var message =
|
var message =
|
||||||
@@ -101,7 +101,8 @@
|
|||||||
"different origin than the main document in this tab. Do you wish to proceed?\n\n" +
|
"different origin than the main document in this tab. Do you wish to proceed?\n\n" +
|
||||||
`Tab origin: ${request.origin}\n` +
|
`Tab origin: ${request.origin}\n` +
|
||||||
`Embedded origin: ${window.location.origin}`;
|
`Embedded origin: ${window.location.origin}`;
|
||||||
if (!request.approvedForeign) {
|
if (request.foreignFills[window.location.origin] !== true) {
|
||||||
|
result.foreignOrigin = window.location.origin;
|
||||||
result.foreignFill = confirm(message);
|
result.foreignFill = confirm(message);
|
||||||
if (!result.foreignFill) {
|
if (!result.foreignFill) {
|
||||||
return result;
|
return result;
|
||||||
|
|||||||
Reference in New Issue
Block a user