Commit a3e654d (https://github.com/bitwarden/clients/pull/16053) removed explicit --target flags from the Linux desktop build workflow when removing musl support. This change inadvertently broke the build.js binary distribution logic, which only copies the desktop_proxy binary to the dist directory when an explicit target is specified. Without this binary in the expected location (/opt/Bitwarden/desktop_proxy), browser integration fails on Linux.
This fix restores explicit --target flags using gnu triplets instead of the previously removed musl triplets. The x64 build now uses --target=x86_64-unknown-linux-gnu and the arm64 build uses --target=aarch64-unknown-linux-gnu, ensuring build.js properly distributes the desktop_proxy binary and restoring browser integration functionality on Linux desktop.
* Change domain terminology to web addresses
* Added phishing resource file
* Finish renaming and adding runtime configuration for domains vs links setting
* Update reference
* Add matching functions per resource
* correct URL matching logic for links-based detection
Problem:
The phishing link matcher was failing to detect known phishing URLs due to
two issues:
1. Protocol mismatch: Entries in the phishing list use `http://` but users
typically visit `https://` versions. The matcher was comparing full URLs
including protocol, causing legitimate matches to fail.
- List entry: `http://smartdapptradxx.pages.dev`
- User visits: `https://smartdapptradxx.pages.dev/`
- Result: No match (incorrect)
2. Hostname-only matching would have caused false positives: An earlier
attempt to fix#1 included hostname-only comparison, which defeats the
purpose of links-based detection. The goal of PM-28548 is precise URL
matching to avoid blocking entire domains (like pages.dev, github.io)
when only specific paths are malicious.
Solution:
- Always strip protocol (http:// or https://) from both entry and URL
before comparison, treating them as equivalent
- Remove hostname-only matching to maintain precision
- Keep prefix matching for subpaths, query strings, and fragments
---------
Co-authored-by: Alex <adewitt@bitwarden.com>
* [pm-28077] Add input types to ignoredInputTypes
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-28077-more-ignoredInputTypes-in-CollectAutofillContentService
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* [pm-28077] Remove month input type from ignored types
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* [pm-28077] Remove month radio and checkbox types from ignored types
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-28077-more-ignoredInputTypes-in-CollectAutofillContentService
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* [pm-28077] Fix prettier issues/conflicts
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* [pm-28077] Add comment regarding datetime depcrecation
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
---------
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* use optional chaining and make portkey optional to match the AutofillInlineMenuIframeExtensionMessage
* make ariaAlertElement optional
* tiemouts are set to null for clearing, updated type to match this
* border color is conditionally applied, undefined is acceptable here
* check if aria alerts exist before calling
* return early if no styles exist for updateElementStyles or no position for updateIframePosition
* initilaize timers to null
* non null assert iframe since it is initialized in initMenuIframe which makes it safe to assert non null by lifecycle
* remove optional chainning
* [PM-29209] Introduce new autofill nudge service specific to the Browser client
* [PM-29209] Cleanup redundant browser setting checks
* [PM-29209] Ensure nudge is dismissed on nudge button click
* [PM-29209] Add spec file for browser autofill nudge service
* [PM-29209] Cleanup settings-v2 spec file
* Introduce bitwarden-encrypted-json-importer
An effort to introduce type guards and split the logic between the differently protected bitwarden-json import-formats
* Improved stricter types, but not quite ts-strict yet
* Add guard to prevent passing password-protected exports to the wrong importer.
* Only create one return object instead of multiple
* Updated changes afer npm ci and npm run prettier
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* early return on typedata if it is not present
* use optional chaining on null checks
* nullish coallescing operator on potentially undefined type
* optional chaining to check both that the element exists and that contentWindow is not null before calling postMessage
* add null check for this.currentNotificationBarType before calling
* add a null check before appending notificationBarRootElement, ts cant track we set the iframe across method calls
* added null checks before calling setElementStyles
The Exposed Passwords and Weak Passwords reports were using an incorrect
rowSize value (53px instead of 75px) for their virtual scroll tables.
This caused the \"Back to reports\" button to collide with table entries.
The issue was cumulative - more items meant more visible collision. This
fix aligns both reports with the Reused Passwords report which correctly
uses 75px for identical row structures.
* add new color palette to theme and tailwind config
* updated docs color names
* remove safelist changes
* add missing accent colors to docs
* updated color mappings
* combined docs in colors.mdx and reference in Claude.md
* add variables for white and black
* updated docs
* updated list rendering style
* more specific docs instructions
* revert to simpler colors docs reference
* remove changes to claude.md
* use rgb color variables to compose semantic
