bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-02-13 23:13:36 +00:00
Code Issues Releases Wiki Activity

add alert message for top-layer hijack scenarios

Browse Source
This commit is contained in:
Jonathan Prusik
2025-09-26 13:18:12 -04:00
parent 3ac7a1a659
commit 50b9bb4da6
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apps/browser/src/_locales/en/messages.json
View File

@@ -2391,6 +2391,9 @@
}
}
},
"topLayerHijackWarning": {
"message": "This page is interferring with the Bitwarden experience. The Bitwarden inline menu has been temporarily disabled as a safety measure."
},
"setMasterPassword": {
"message": "Set master password"
},

9
apps/browser/src/autofill/overlay/inline-menu/content/autofill-inline-menu-content.service.ts
View File

@@ -39,8 +39,10 @@ export class AutofillInlineMenuContentService implements AutofillInlineMenuConte
private containerElementMutationObserver: MutationObserver;
private topLayerRefreshCountWithinTimeThreshold: number = 0;
private lastTrackedTopLayerRefreshTimestamp = Date.now();
// Distinct from preventing inline menu script injection, this is for cases where the page
// is subsequently determined to be risky.
/**
* Distinct from preventing inline menu script injection, this is for cases
* where the page is subsequently determined to be risky.
*/
private inlineMenuEnabled = true;
private mutationObserverIterations = 0;
private mutationObserverIterationsResetTimeout: number | NodeJS.Timeout;
@@ -530,6 +532,9 @@ export class AutofillInlineMenuContentService implements AutofillInlineMenuConte
// Set inline menu to be off; page is aggressively trying to take top position of top layer
this.inlineMenuEnabled = false;
void this.checkPageRisks();
const warningMessage = chrome.i18n.getMessage("topLayerHijackWarning");
globalThis.window.alert(warningMessage);
}
} else {
this.lastTrackedTopLayerRefreshTimestamp = now;