* Change domain terminology to web addresses
* Added phishing resource file
* Finish renaming and adding runtime configuration for domains vs links setting
* Update reference
* Add matching functions per resource
* correct URL matching logic for links-based detection
Problem:
The phishing link matcher was failing to detect known phishing URLs due to
two issues:
1. Protocol mismatch: Entries in the phishing list use `http://` but users
typically visit `https://` versions. The matcher was comparing full URLs
including protocol, causing legitimate matches to fail.
- List entry: `http://smartdapptradxx.pages.dev`
- User visits: `https://smartdapptradxx.pages.dev/`
- Result: No match (incorrect)
2. Hostname-only matching would have caused false positives: An earlier
attempt to fix#1 included hostname-only comparison, which defeats the
purpose of links-based detection. The goal of PM-28548 is precise URL
matching to avoid blocking entire domains (like pages.dev, github.io)
when only specific paths are malicious.
Solution:
- Always strip protocol (http:// or https://) from both entry and URL
before comparison, treating them as equivalent
- Remove hostname-only matching to maintain precision
- Keep prefix matching for subpaths, query strings, and fragments
---------
Co-authored-by: Alex <adewitt@bitwarden.com>
* [pm-28077] Add input types to ignoredInputTypes
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-28077-more-ignoredInputTypes-in-CollectAutofillContentService
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* [pm-28077] Remove month input type from ignored types
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* [pm-28077] Remove month radio and checkbox types from ignored types
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-28077-more-ignoredInputTypes-in-CollectAutofillContentService
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* [pm-28077] Fix prettier issues/conflicts
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* [pm-28077] Add comment regarding datetime depcrecation
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
---------
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* use optional chaining and make portkey optional to match the AutofillInlineMenuIframeExtensionMessage
* make ariaAlertElement optional
* tiemouts are set to null for clearing, updated type to match this
* border color is conditionally applied, undefined is acceptable here
* check if aria alerts exist before calling
* return early if no styles exist for updateElementStyles or no position for updateIframePosition
* initilaize timers to null
* non null assert iframe since it is initialized in initMenuIframe which makes it safe to assert non null by lifecycle
* remove optional chainning
* [PM-29209] Introduce new autofill nudge service specific to the Browser client
* [PM-29209] Cleanup redundant browser setting checks
* [PM-29209] Ensure nudge is dismissed on nudge button click
* [PM-29209] Add spec file for browser autofill nudge service
* [PM-29209] Cleanup settings-v2 spec file
* Introduce bitwarden-encrypted-json-importer
An effort to introduce type guards and split the logic between the differently protected bitwarden-json import-formats
* Improved stricter types, but not quite ts-strict yet
* Add guard to prevent passing password-protected exports to the wrong importer.
* Only create one return object instead of multiple
* Updated changes afer npm ci and npm run prettier
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* early return on typedata if it is not present
* use optional chaining on null checks
* nullish coallescing operator on potentially undefined type
* optional chaining to check both that the element exists and that contentWindow is not null before calling postMessage
* add null check for this.currentNotificationBarType before calling
* add a null check before appending notificationBarRootElement, ts cant track we set the iframe across method calls
* added null checks before calling setElementStyles
The Exposed Passwords and Weak Passwords reports were using an incorrect
rowSize value (53px instead of 75px) for their virtual scroll tables.
This caused the \"Back to reports\" button to collide with table entries.
The issue was cumulative - more items meant more visible collision. This
fix aligns both reports with the Reused Passwords report which correctly
uses 75px for identical row structures.
* add new color palette to theme and tailwind config
* updated docs color names
* remove safelist changes
* add missing accent colors to docs
* updated color mappings
* combined docs in colors.mdx and reference in Claude.md
* add variables for white and black
* updated docs
* updated list rendering style
* more specific docs instructions
* revert to simpler colors docs reference
* remove changes to claude.md
* use rgb color variables to compose semantic
* Add creationDate of account to AccountInfo
* Added initialization of creationDate.
* Removed extra changes.
* Fixed tests to initialize creation date
* Added helper method to abstract account initialization in tests.
* More test updates.
* Linting
* Additional test fixes.
* Fixed spec reference
* Fixed imports
* Linting.
* Fixed browser test.
* Modified tsconfig to reference spec file.
* Fixed import.
* Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node.
* Revert "Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node."
This reverts commit 669f6557b6.
* Updated stories to hard-code new field.
* Removed changes to tsconfig
* Revert "Removed changes to tsconfig"
This reverts commit b7d916e8dc.
* Updated to use Date
* Updated to use Date on sync.
* Changes to tests that can't use mock function
* Prettier updates
* Update equality to handle Date type.
* Change to type comparison.
* Simplified equality comparison to just use properties.
* Added comment.
* Updated comment to reference Date.
* Added back in internal method tests.
These packages are build/tooling dependencies and should not be in
production dependencies.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* [deps] Platform: Update electron to v39
* Update and change builder
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* fix(set-initial-password-service) [PM-28494]: Update MP data and decryption property sets to accommodate legacy and new paths for service.
* fix(set-initial-password-component) [PM-28494]: Add salt and mp data to credentials object.
* refactor(set-initial-password-service) [PM-28494]: Additional comments.
* test(set-initial-password-service) [PM-28494]: Update tests for added credential members.
