* add feature flag
* temp
* add ping animation with filled info icon
* add ping animation to stop after 4 goes around
* add local state for autofill-icon
* add logic to avoid new accounts
* fix closing of popover
* fix strict typings
* remove `creationDate` logic from being considered for autofill notification
* remove "now," from the autofill description
* remove height and width in the svg
* PM-31804 - WIP
* PM-31804 - Profile Component - fix missing translation
* PM-31804 - Web - Emergency Access Takeover Dialog Comp - remove screen reader only span as arialabel on spinner should be sufficient
* PM-31804 - Web - EmergencyAccessViewComp - remove redundant span as aria label handles accessibility.
* PM-31804 - Web - EmergencyAccessViewComp - Remove redundant sr only span - replaced w/ aria label
* PM-31804 - Web - EmergencyAccessViewComp - Remove redundant sr only span - replaced w/ aria label
* PM-31804 - EmergencyAccessComp - Replace redundant sr only span with aria label
* PM-31804 - two-factor-setup.component.html - Replace redundant sr only spans with aria labels
* PM-31804 - WebauthnLoginSettingsModule - remove unnecessary IconModule - it's imported via SharedModule
* PM-31804 - web - emergency-access.component.html - Replace redundant sr only span with aria label
* PM-31804 - LoginDecryptionOptionsComponent - Replace redundant sr only span with aria label
* PM-31804 - ChangePasswordComp - Replace redundant sr only span with aria label
* PM-31804 - AccountComponent - add BitwardenIcon type to satisfy template type requirements for name property.
* PM-31804 - Browser Account Security Component - replace nonexistent chevron icon with existing angle right icon.
* PM-31804 - Fix A11y issues with missing aria labels
* PM-31804 - Remove remaining redundant sr only spans since we now have aria labels
* adds autofill button for cipher view
* adds tests
* changes autofill function for non login types
* adds top margin to autofill button
* adds more top margin to autofill button
* only shows autofill button when autofill is allowed (not in a popout)
* add button type
* updates _domainMatched to take a tab param, updates how the component is passed through to slot
* fixes tests from rename
* adds comment about autofill tab checking behavior
* removes diff markers
* add notification handler for auto confirm
* add missing state check
* fix test
* isolate angular specific code from shared lib code
* clean up
* use autoconfirm method
* add event logging for auto confirm
* update copy
Adds urlOriginsMatch to @bitwarden/platform, which compares two URLs by
scheme, host, and port. Uses `protocol + "//" + host` rather than
`URL.origin` because non-special schemes (e.g. chrome-extension://)
return the opaque string "null" from .origin, making equality comparison
unreliable. URLs without a host (file:, data:) are explicitly rejected
to prevent hostless schemes from comparing equal.
Refactors senderIsInternal to delegate to urlOriginsMatch and to derive
the extension URL via BrowserApi.getRuntimeURL("") rather than inline
chrome/browser API detection. Adds full test coverage for
senderIsInternal.
The previous string-based comparison used startsWith after stripping
trailing slashes, which was safe in senderIsInternal where inputs are
tightly constrained. As a general utility accepting arbitrary URLs,
startsWith can produce false positives (e.g. "https://example.com"
matching "https://example.com.evil.com"). Structural host comparison
is the correct contract for unrestricted input.
* shows all/filtered ciphers in allItems instead of the ones that haven't been bubbled up into autofill or favorites
* removes remainingCiphers$ remnants
* updates loading$ observable logic
* updates loading$ test
* add notification handler for auto confirm
* add missing state check
* fix test
* isolate angular specific code from shared lib code
* clean up
* use autoconfirm method
* fix test
* Changes on browser
* Changes on desktop
* Changes on web
* Fix chromatic story
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* enforce strict types on folders
* fix folder api service
* fix tests
* fix test
* fix type issue
* fix test
* add extra checks for folders. add specs
* fix folder.id checks
* fix id logic
* remove unecessary check
* name name and id optional in folder model
* fix tests
* Update folder and folderview
* fix folder with id export
* fix tests
* fix tests
* more defensive typing
* fix tests
* no need to check for presence
* check for empty name in folder toDomain
* fixes to folder
* initialize id in folder constructor. fix failing tests
* remove optional param to folder constructor
* fix folder
* fix test
* remove remaining checks for null folder id
* fix logic
* pass null for empty folder ids
* make id more explicit
* fix failing test
* fix failing test
* fix "No Folder" filter
* Switch phishing data source to GitHub and remove fallback mechanism
The phish.co.za mirror is down, causing every update cycle to timeout on
the primary fetch before falling back to the GitHub raw URL. This removes
phish.co.za entirely and uses GitHub as the sole data source, which was
the original source before the mirror was introduced.
- Rename `remoteUrl`/`fallbackUrl` to `ghSourceUrl` on PhishingResource type
- Remove phish.co.za URLs from both Domains and Links resources
- Remove catchError fallback block in `_updateFullDataSet()`
- Errors now propagate to `_backgroundUpdate()` which already handles
retries (3 attempts with 5-minute delays) and graceful degradation
* revert the fallback logic removal, change prop name, add use fallback flag
* Update Links primaryUrl to Bitwarden-hosted blocklist
* remove all fallback logic
Changed event parameter type from MouseEvent to Event in handleFillCipherClickEvent and handleViewCipherClickEvent to match the EventListener interface expected by useEventHandlersMemo.
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* ignore events that do not originate from the user agent
* [pm-28831] Add isTrusted checks and update tests
* [pm-28831] Add isTrusted check to click events
* [pm-28831] Replace in-code jest exceptions with new utils
* [pm-28831] Move isTrusted checks to testable util
* [pm-28831] Remove redundant check in cipher-action.ts
* [pm-28831] Add isTrusted checks to click events in autofill-inine-menu-list
---------
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
Co-authored-by: Jonathan Prusik <jprusik@classynemesis.com>
* created 'berry' component
* added 'bit-berry' to 'popup-tab-navigation'
* simplified - removed null checks
* changed 'effectiveSize' to 'computedSize'
* fixed 'accentPrimary' color
* updated to not render berry if 'count' is 0 or negative number
* simplified checking count undefined
* updated computed padding
* switched from `[ngClass]` to `[class]`
* updated 'popup-tab-navigation' berry to use 'danger' variant
* fixed berry positioning in popup-tab-navigation
* updated content logic
* cleanup unused 'ngClass'
* updated conditional rendering of berry
* updated story 'Usage'
* updates with adding berry 'type'
* added type "status" to popup-tab-navigation
* fixed type error
* updated 'Count Behavior' description
* display translated content for attachments that cannot be downloaded
* consume decryption failure from the sdk for attachments
* add decryption errors from sdk
* only show fix attachment issues for when key is null and it does not have a decryption failure
* separate decryption failure state in view
* fix(autofill): type throttle to preserve handler this/args and return void
* fix(autofill): strict TS and defaults for inline menu list, throttle typing, TOTP interval
* update snapshots
* swap mouse event for event
* prevent default does nothing on event
* [PM-31685] Removing email hashes
* [PM-31685] fixing tests, which are now passing
* [PM-31685] removing anon access emails field and reusing emails field
* [PM-31685] fixing missed tests
* [PM-31685] fixing missed tests
* [PM-31685] code review changes
* [PM-31685] do not encrypt emails by use of domain functionality
* [PM-31685] test fixes
* Remove inividual user key states and migrate to account cryptographic state
* Fix browser
* Fix tests
* Clean up migration
* Remove key-pair creation from login strategy
* Add clearing for the account cryptographic state
* Add migration
* Cleanup
* Fix linting
