Remove debugger permissions (#226)
This commit is contained in:
Maxim Baz
27
README.md
27
README.md
@@ -280,20 +280,19 @@ In order to remove all metadata, use the "Clear usage data" button in the extens
|
||||
|
||||
Browserpass extension requests the following permissions:
|
||||
|
||||
| Name | Reason |
|
||||
| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `debugger` | Only used for "auto-submit" functionality: if all attepts to locate a "Submit" button failed, Browserpass will put focus inside the login form and issue an <kbd>Enter</kbd> keypress. This is only available in Chromium-based browsers, and sadly this permission [cannot be specified as optional](https://developer.chrome.com/apps/permissions) |
|
||||
| `activeTab` | To get URL of the current tab, used for example to determine which passwords to show you by default in the popup |
|
||||
| `alarms` | To set a timer for clearing the clipboard 60 seconds after credentials are copied |
|
||||
| `tabs` | To get URL of a given tab, used for example to set count of the matching passwords for a given tab |
|
||||
| `clipboardRead` | To ensure only copied credentials and not other content is cleared from the clipboard after 60 seconds |
|
||||
| `clipboardWrite` | For "Copy password" and "Copy username" functionality |
|
||||
| `nativeMessaging` | To allow communication with the native app |
|
||||
| `notifications` | To show browser notifications on install or update |
|
||||
| `webRequest` | For modal HTTP authentication |
|
||||
| `webRequestBlocking` | For modal HTTP authentication |
|
||||
| `http://*/*` | To allow using Browserpass on all websites |
|
||||
| `https://*/*` | To allow using Browserpass on all websites |
|
||||
| Name | Reason |
|
||||
| -------------------- | ---------------------------------------------------------------------------------------------------------------- |
|
||||
| `activeTab` | To get URL of the current tab, used for example to determine which passwords to show you by default in the popup |
|
||||
| `alarms` | To set a timer for clearing the clipboard 60 seconds after credentials are copied |
|
||||
| `tabs` | To get URL of a given tab, used for example to set count of the matching passwords for a given tab |
|
||||
| `clipboardRead` | To ensure only copied credentials and not other content is cleared from the clipboard after 60 seconds |
|
||||
| `clipboardWrite` | For "Copy password" and "Copy username" functionality |
|
||||
| `nativeMessaging` | To allow communication with the native app |
|
||||
| `notifications` | To show browser notifications on install or update |
|
||||
| `webRequest` | For modal HTTP authentication |
|
||||
| `webRequestBlocking` | For modal HTTP authentication |
|
||||
| `http://*/*` | To allow using Browserpass on all websites |
|
||||
| `https://*/*` | To allow using Browserpass on all websites |
|
||||
|
||||
## FAQ
|
||||
|
||||
|
||||
@@ -316,36 +316,10 @@ async function dispatchFocusOrSubmit(settings, request, allFrames, allowForeign)
|
||||
foreignFills: settings.foreignFills[settings.origin] || {},
|
||||
});
|
||||
|
||||
let perFrameResults = await chrome.tabs.executeScript(settings.tab.id, {
|
||||
await chrome.tabs.executeScript(settings.tab.id, {
|
||||
allFrames: allFrames,
|
||||
code: `window.browserpass.focusOrSubmit(${JSON.stringify(request)});`,
|
||||
});
|
||||
|
||||
// if necessary, dispatch Enter keypress to autosubmit the form
|
||||
// currently only works on Chromium and requires debugger permission
|
||||
try {
|
||||
for (let frame of perFrameResults) {
|
||||
if (frame.needPressEnter) {
|
||||
chrome.debugger.attach({ tabId: settings.tab.id }, "1.2");
|
||||
for (let type of ["keyDown", "char", "keyUp"]) {
|
||||
chrome.debugger.sendCommand(
|
||||
{ tabId: settings.tab.id },
|
||||
"Input.dispatchKeyEvent",
|
||||
{
|
||||
type: type,
|
||||
key: "Enter",
|
||||
windowsVirtualKeyCode: 13,
|
||||
nativeVirtualKeyCode: 13,
|
||||
unmodifiedText: "\r",
|
||||
text: "\r",
|
||||
}
|
||||
);
|
||||
}
|
||||
chrome.debugger.detach({ tabId: settings.tab.id });
|
||||
break;
|
||||
}
|
||||
}
|
||||
} catch (e) {}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -220,9 +220,7 @@
|
||||
* @return object result of focusing or submitting a form
|
||||
*/
|
||||
function focusOrSubmit(request) {
|
||||
var result = {
|
||||
needPressEnter: false,
|
||||
};
|
||||
var result = {};
|
||||
|
||||
// get the login form
|
||||
let loginForm = undefined;
|
||||
@@ -258,11 +256,6 @@
|
||||
submit.focus();
|
||||
}
|
||||
} else {
|
||||
// There is no submit button.
|
||||
if (request.autoSubmit) {
|
||||
// signal background script that we want it to press Enter for us
|
||||
result.needPressEnter = true;
|
||||
}
|
||||
// We need to keep focus somewhere within the form, so that Enter hopefully submits the form.
|
||||
for (let selectors of [OPENID_FIELDS, PASSWORD_FIELDS, USERNAME_FIELDS]) {
|
||||
let field = find(selectors, loginForm);
|
||||
|
||||
@@ -27,7 +27,6 @@
|
||||
"open_in_tab": false
|
||||
},
|
||||
"permissions": [
|
||||
"debugger",
|
||||
"activeTab",
|
||||
"alarms",
|
||||
"tabs",
|
||||
|
||||
Reference in New Issue
Block a user