[PM-1397] Display a warning when a user attempts to auto-fill an iframe (#4994)

* add settingsService.getEquivalentDomains * check that an iframe URL matches cipher.login.uris before autofilling * disable autofill on page load if it doesn't match * show a warning to the user on regular autofill if it doesn't match --------- Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2025-12-16 16:23:44 +00:00 · 2023-03-15 11:19:16 +10:00
parent 6cbfdcf90a
commit 0d85bdc931
13 changed files with 188 additions and 17 deletions
--- a/libs/common/src/vault/services/cipher.service.ts
+++ b/libs/common/src/vault/services/cipher.service.ts
@@ -49,10 +49,6 @@ import { CipherView } from "../models/view/cipher.view";
 import { FieldView } from "../models/view/field.view";
 import { PasswordHistoryView } from "../models/view/password-history.view";

-const DomainMatchBlacklist = new Map<string, Set<string>>([
-  ["google.com", new Set(["script.google.com"])],
-]);
-
 export class CipherService implements CipherServiceAbstraction {
  private sortedCiphersCache: SortedCiphersCache = new SortedCiphersCache(
    this.sortCiphersByLastUsed
@@ -456,9 +452,9 @@ export class CipherService implements CipherServiceAbstraction {
          switch (match) {
            case UriMatchType.Domain:
              if (domain != null && u.domain != null && matchingDomains.indexOf(u.domain) > -1) {
-                if (DomainMatchBlacklist.has(u.domain)) {
+                if (Utils.DomainMatchBlacklist.has(u.domain)) {
                  const domainUrlHost = Utils.getHost(url);
-                  if (!DomainMatchBlacklist.get(u.domain).has(domainUrlHost)) {
+                  if (!Utils.DomainMatchBlacklist.get(u.domain).has(domainUrlHost)) {
                    return true;
                  }
                } else {