From c9afa483cba93aad4a92d8a43c0598d3d7215ec5 Mon Sep 17 00:00:00 2001 From: Maxim Baz Date: Wed, 26 Aug 2020 16:53:58 +0200 Subject: [PATCH] Remove debugger permissions (#226) --- README.md | 27 +++++++++++++-------------- src/background.js | 28 +--------------------------- src/inject.js | 9 +-------- src/manifest-chromium.json | 1 - 4 files changed, 15 insertions(+), 50 deletions(-) diff --git a/README.md b/README.md index 092fa0d..ad52d7d 100644 --- a/README.md +++ b/README.md @@ -280,20 +280,19 @@ In order to remove all metadata, use the "Clear usage data" button in the extens Browserpass extension requests the following permissions: -| Name | Reason | -| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `debugger` | Only used for "auto-submit" functionality: if all attepts to locate a "Submit" button failed, Browserpass will put focus inside the login form and issue an Enter keypress. This is only available in Chromium-based browsers, and sadly this permission [cannot be specified as optional](https://developer.chrome.com/apps/permissions) | -| `activeTab` | To get URL of the current tab, used for example to determine which passwords to show you by default in the popup | -| `alarms` | To set a timer for clearing the clipboard 60 seconds after credentials are copied | -| `tabs` | To get URL of a given tab, used for example to set count of the matching passwords for a given tab | -| `clipboardRead` | To ensure only copied credentials and not other content is cleared from the clipboard after 60 seconds | -| `clipboardWrite` | For "Copy password" and "Copy username" functionality | -| `nativeMessaging` | To allow communication with the native app | -| `notifications` | To show browser notifications on install or update | -| `webRequest` | For modal HTTP authentication | -| `webRequestBlocking` | For modal HTTP authentication | -| `http://*/*` | To allow using Browserpass on all websites | -| `https://*/*` | To allow using Browserpass on all websites | +| Name | Reason | +| -------------------- | ---------------------------------------------------------------------------------------------------------------- | +| `activeTab` | To get URL of the current tab, used for example to determine which passwords to show you by default in the popup | +| `alarms` | To set a timer for clearing the clipboard 60 seconds after credentials are copied | +| `tabs` | To get URL of a given tab, used for example to set count of the matching passwords for a given tab | +| `clipboardRead` | To ensure only copied credentials and not other content is cleared from the clipboard after 60 seconds | +| `clipboardWrite` | For "Copy password" and "Copy username" functionality | +| `nativeMessaging` | To allow communication with the native app | +| `notifications` | To show browser notifications on install or update | +| `webRequest` | For modal HTTP authentication | +| `webRequestBlocking` | For modal HTTP authentication | +| `http://*/*` | To allow using Browserpass on all websites | +| `https://*/*` | To allow using Browserpass on all websites | ## FAQ diff --git a/src/background.js b/src/background.js index bbd921d..d451eec 100644 --- a/src/background.js +++ b/src/background.js @@ -316,36 +316,10 @@ async function dispatchFocusOrSubmit(settings, request, allFrames, allowForeign) foreignFills: settings.foreignFills[settings.origin] || {}, }); - let perFrameResults = await chrome.tabs.executeScript(settings.tab.id, { + await chrome.tabs.executeScript(settings.tab.id, { allFrames: allFrames, code: `window.browserpass.focusOrSubmit(${JSON.stringify(request)});`, }); - - // if necessary, dispatch Enter keypress to autosubmit the form - // currently only works on Chromium and requires debugger permission - try { - for (let frame of perFrameResults) { - if (frame.needPressEnter) { - chrome.debugger.attach({ tabId: settings.tab.id }, "1.2"); - for (let type of ["keyDown", "char", "keyUp"]) { - chrome.debugger.sendCommand( - { tabId: settings.tab.id }, - "Input.dispatchKeyEvent", - { - type: type, - key: "Enter", - windowsVirtualKeyCode: 13, - nativeVirtualKeyCode: 13, - unmodifiedText: "\r", - text: "\r", - } - ); - } - chrome.debugger.detach({ tabId: settings.tab.id }); - break; - } - } - } catch (e) {} } /** diff --git a/src/inject.js b/src/inject.js index b206ecd..139562d 100644 --- a/src/inject.js +++ b/src/inject.js @@ -220,9 +220,7 @@ * @return object result of focusing or submitting a form */ function focusOrSubmit(request) { - var result = { - needPressEnter: false, - }; + var result = {}; // get the login form let loginForm = undefined; @@ -258,11 +256,6 @@ submit.focus(); } } else { - // There is no submit button. - if (request.autoSubmit) { - // signal background script that we want it to press Enter for us - result.needPressEnter = true; - } // We need to keep focus somewhere within the form, so that Enter hopefully submits the form. for (let selectors of [OPENID_FIELDS, PASSWORD_FIELDS, USERNAME_FIELDS]) { let field = find(selectors, loginForm); diff --git a/src/manifest-chromium.json b/src/manifest-chromium.json index 5419a03..cdc2db9 100644 --- a/src/manifest-chromium.json +++ b/src/manifest-chromium.json @@ -27,7 +27,6 @@ "open_in_tab": false }, "permissions": [ - "debugger", "activeTab", "alarms", "tabs",