colin/browserpass-extension
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove debugger permissions (#226)

Browse Source
This commit is contained in:
Maxim Baz
2020-08-26 16:53:58 +02:00
committed by GitHub
parent d73f8e55ae
commit c9afa483cb
4 changed files with 15 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
README.md
View File

@@ -280,20 +280,19 @@ In order to remove all metadata, use the "Clear usage data" button in the extens
Browserpass extension requests the following permissions: Browserpass extension requests the following permissions:
| Name | Reason | | Name | Reason |
| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | -------------------- | ---------------------------------------------------------------------------------------------------------------- |
| `debugger` | Only used for "auto-submit" functionality: if all attepts to locate a "Submit" button failed, Browserpass will put focus inside the login form and issue an <kbd>Enter</kbd> keypress. This is only available in Chromium-based browsers, and sadly this permission [cannot be specified as optional](https://developer.chrome.com/apps/permissions) | | `activeTab` | To get URL of the current tab, used for example to determine which passwords to show you by default in the popup |
| `activeTab` | To get URL of the current tab, used for example to determine which passwords to show you by default in the popup | | `alarms` | To set a timer for clearing the clipboard 60 seconds after credentials are copied |
| `alarms` | To set a timer for clearing the clipboard 60 seconds after credentials are copied | | `tabs` | To get URL of a given tab, used for example to set count of the matching passwords for a given tab |
| `tabs` | To get URL of a given tab, used for example to set count of the matching passwords for a given tab | | `clipboardRead` | To ensure only copied credentials and not other content is cleared from the clipboard after 60 seconds |
| `clipboardRead` | To ensure only copied credentials and not other content is cleared from the clipboard after 60 seconds | | `clipboardWrite` | For "Copy password" and "Copy username" functionality |
| `clipboardWrite` | For "Copy password" and "Copy username" functionality | | `nativeMessaging` | To allow communication with the native app |
| `nativeMessaging` | To allow communication with the native app | | `notifications` | To show browser notifications on install or update |
| `notifications` | To show browser notifications on install or update | | `webRequest` | For modal HTTP authentication |
| `webRequest` | For modal HTTP authentication | | `webRequestBlocking` | For modal HTTP authentication |
| `webRequestBlocking` | For modal HTTP authentication | | `http://*/*` | To allow using Browserpass on all websites |
| `http://*/*` | To allow using Browserpass on all websites | | `https://*/*` | To allow using Browserpass on all websites |
| `https://*/*` | To allow using Browserpass on all websites |
## FAQ ## FAQ

28
src/background.js
View File

@@ -316,36 +316,10 @@ async function dispatchFocusOrSubmit(settings, request, allFrames, allowForeign)
foreignFills: settings.foreignFills[settings.origin] || {}, foreignFills: settings.foreignFills[settings.origin] || {},
}); });
let perFrameResults = await chrome.tabs.executeScript(settings.tab.id, { await chrome.tabs.executeScript(settings.tab.id, {
allFrames: allFrames, allFrames: allFrames,
code: `window.browserpass.focusOrSubmit(${JSON.stringify(request)});`, code: `window.browserpass.focusOrSubmit(${JSON.stringify(request)});`,
}); });
// if necessary, dispatch Enter keypress to autosubmit the form
// currently only works on Chromium and requires debugger permission
try {
for (let frame of perFrameResults) {
if (frame.needPressEnter) {
chrome.debugger.attach({ tabId: settings.tab.id }, "1.2");
for (let type of ["keyDown", "char", "keyUp"]) {
chrome.debugger.sendCommand(
{ tabId: settings.tab.id },
"Input.dispatchKeyEvent",
{
type: type,
key: "Enter",
windowsVirtualKeyCode: 13,
nativeVirtualKeyCode: 13,
unmodifiedText: "\r",
text: "\r",
}
);
}
chrome.debugger.detach({ tabId: settings.tab.id });
break;
}
}
} catch (e) {}
} }
/** /**

9
src/inject.js
View File

@@ -220,9 +220,7 @@
* @return object result of focusing or submitting a form * @return object result of focusing or submitting a form
*/ */
function focusOrSubmit(request) { function focusOrSubmit(request) {
var result = { var result = {};
needPressEnter: false,
};
// get the login form // get the login form
let loginForm = undefined; let loginForm = undefined;
@@ -258,11 +256,6 @@
submit.focus(); submit.focus();
} }
} else { } else {
// There is no submit button.
if (request.autoSubmit) {
// signal background script that we want it to press Enter for us
result.needPressEnter = true;
}
// We need to keep focus somewhere within the form, so that Enter hopefully submits the form. // We need to keep focus somewhere within the form, so that Enter hopefully submits the form.
for (let selectors of [OPENID_FIELDS, PASSWORD_FIELDS, USERNAME_FIELDS]) { for (let selectors of [OPENID_FIELDS, PASSWORD_FIELDS, USERNAME_FIELDS]) {
let field = find(selectors, loginForm); let field = find(selectors, loginForm);

1
src/manifest-chromium.json
View File

@@ -27,7 +27,6 @@
"open_in_tab": false "open_in_tab": false
}, },
"permissions": [ "permissions": [
"debugger",
"activeTab", "activeTab",
"alarms", "alarms",
"tabs", "tabs",