bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-06 00:13:28 +00:00
Code Issues Releases Wiki Activity

Arch/pm 27820 (#17241)

Browse Source 
* add storage port validation

* remove unused method

* Prefer property presence over truthyness

(cherry picked from commit cbf380e023)
(cherry picked from commit 33149f79cb)
This commit is contained in:
Matt Gibson
2025-11-05 23:09:15 +00:00
parent 4463ae2d9f
commit 00c27dc8c8
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
apps/browser/src/platform/browser/browser-api.ts
View File

@@ -32,6 +32,36 @@ export class BrowserApi {
return BrowserApi.manifestVersion === expectedVersion; return BrowserApi.manifestVersion === expectedVersion;
} }
static senderIsInternal(sender: chrome.runtime.MessageSender | null): boolean {
if (!sender?.url) {
return false;
}
const extensionUrl =
(typeof chrome !== "undefined" && chrome.runtime?.getURL("")) ||
(typeof browser !== "undefined" && browser.runtime?.getURL("")) ||
"";
if (!extensionUrl) {
return false;
}
if (!sender.url.startsWith(extensionUrl)) {
return false;
}
// these are all properties on externally initiated messages, not internal ones
if (
"tab" in sender ||
"documentId" in sender ||
"documentLifecycle" in sender ||
"frameId" in sender
) {
return false;
}
return true;
}
/** /**
* Gets all open browser windows, including their tabs. * Gets all open browser windows, including their tabs.
* *

3
apps/browser/src/platform/services/local-backed-session-storage.service.ts
View File

@@ -43,6 +43,9 @@ export class LocalBackedSessionStorageService
if (port.name !== portName(chrome.storage.session)) { if (port.name !== portName(chrome.storage.session)) {
return; return;
} }
if (!BrowserApi.senderIsInternal(port.sender)) {
return;
}
this.ports.add(port); this.ports.add(port);