mirror of https://github.com/bitwarden/browser synced 2025-12-06 00:13:28 +00:00

Go to file

Daniel Riera 3de3bee08f [PM-27821]Add validation of extension origin for uses of window.postMessage (#17476 )

* PM-27821 - Replace chrome.runtime.getURL() with BrowserApi.getRuntimeURL() for consistency
- Add extension origin validation for all window.postMessage calls
- Implement token-based authentication for inline menu communications
- Add message source validation (event.source === globalThis.parent)
- Add command presence validation (- Update notification bar to validate message origins and commands
- Add extensionOrigin property to services using postMessage
- Generate session tokens for inline menu containers (32-char random)
- Validate tokens in message handlers to prevent unauthorized commands

* Add explicit token validation

* only set when receiving the trusted initNotificationBar message

* await windowmessageorigin before posting to parent

* fix tests

* the parent must include its origin in the message for notification bar race condition

* reduce if statements to one block and comment

* extract parentOrigin from the URL and set windoMessageOrigin accordingly

* consolidate if statements

* add bar.spec file

* fix merge conflict

2025-11-25 13:42:46 -05:00

.checkmarx

Update SAST preset to query set (#8569 )

2024-04-01 16:24:04 -04:00

.claude

Refactor the review code prompt to precisely target our clients repo (#17329 )

2025-11-12 17:05:13 +01:00

.codescene

disable code duplication check in unit tests (#6773 )

2023-11-06 15:48:34 -05:00

.github

Add clap and async-trait as tool owned dependencies (#17579 )

2025-11-21 16:53:44 +01:00

.husky

Update husky hooks (#7738 )

2024-01-30 06:50:54 -08:00

.storybook

[CL-890] fix flakey tests (#17160 )

2025-11-04 15:35:23 -05:00

.vscode

[PM-19731] Refactor encrypt service to expose key wrapping (#14080 )

2025-04-22 13:56:39 +00:00

apps

[PM-27821]Add validation of extension origin for uses of window.postMessage (#17476 )

2025-11-25 13:42:46 -05:00

bitwarden_license

[PM-27564] Self-host configuration is not applied with nx build (#17279 )

2025-11-24 16:36:23 +01:00

docs

refactor(nx): remove unneeded tsconfig.build.json & adjust nx docs (#16864 )

2025-10-14 11:07:23 -04:00

libs

[CL-854] feat: add bit-header component to component library (#17662 )

2025-11-25 13:13:07 -05:00

scripts

[PM-25911] Add commercial sdk internal as dependency (#16883 )

2025-10-27 15:17:20 +01:00

.browserslistrc

[PM-6788][PM-7755] add babel/preset-env and browserslist (#9383 )

2024-05-30 18:42:26 -04:00

.editorconfig

Add support for migrated jslib (#2826 )

2022-06-03 18:01:07 +02:00

.git-blame-ignore-revs

add prettier formatting merge commit to .git-blame-ignore-revs (#7037 )

2023-11-29 17:53:26 -05:00

.gitattributes

Apply Prettier (#2238 )

2021-12-21 15:43:35 +01:00

.gitignore

Implement reusable Claude code review workflow (#16979 )

2025-10-27 16:25:40 +01:00

.npmrc

[PM-25911] Add commercial sdk internal as dependency (#16883 )

2025-10-27 15:17:20 +01:00

.nvmrc

[PM-22343] Bump non-cli to Node 22 (#15058 )

2025-06-26 18:05:37 -04:00

.prettierignore

[PM-5551] Removing Autofill v2 and AutofillOverlay Feature Flags (#7642 )

2024-01-22 17:11:07 +00:00

.prettierrc.json

Update CL documentation (#5379 )

2023-05-08 14:46:59 +02:00

angular.json

Add bit-web to angular.json (#14798 )

2025-05-16 09:14:21 +02:00

babel.config.json

[PM-6788] enable bugfixes in babel/preset-env (#9465 )

2024-05-31 17:59:39 -04:00

clients.code-workspace

[14415] Extend VS Code extensions. (#12604 )

2025-01-07 15:46:03 -05:00

CONTRIBUTING.md

Update README and CONTRIBUTING to point to contributing.bitwarden.com (#2771 )

2022-06-13 17:34:07 +10:00

eslint.config.mjs

Enable directive-class-suffix (#17385 )

2025-11-24 18:03:16 +01:00

jest.config.js

refactor(libs): consolidate messaging-internal into messaging library (#16386 )

2025-09-12 13:04:13 +02:00

jest.preset.js

feat(nx): add basic-lib generator for streamlined library creation (#14992 )

2025-06-05 14:20:23 -04:00

LICENSE_BITWARDEN.txt

Fix some references to master (#14578 )

2025-05-01 07:18:09 -07:00

LICENSE_GPL.txt

Prepare bitwarden_license directory (#2663 )

2022-05-09 17:50:15 +02:00

LICENSE.txt

Fix some references to master (#14578 )

2025-05-01 07:18:09 -07:00

nx.json

feat(nx): add basic-lib generator for streamlined library creation (#14992 )

2025-06-05 14:20:23 -04:00

package-lock.json

[PM-27530] Rename BitwardenClient to PasswordManagerClient (#17578 )

2025-11-25 14:48:25 +01:00

package.json

[PM-27530] Rename BitwardenClient to PasswordManagerClient (#17578 )

2025-11-25 14:48:25 +01:00

README.md

[PM-19046] Update README mobile references (#13990 )

2025-03-26 12:49:53 +00:00

SECURITY.md

Revise language on SECURITY.md

2022-03-15 15:39:14 -04:00

tailwind.config.js

Billing/pm 23385 premium modal in web after registration (#16182 )

2025-09-04 14:44:04 +00:00

tsconfig.base.json

refactor(libs): consolidate messaging-internal into messaging library (#16386 )

2025-09-12 13:04:13 +02:00

tsconfig.eslint.json

fix(eslint): extend tsconfig.base in tsconfig.eslint (#15082 )

2025-06-05 11:08:03 -04:00

tsconfig.json

Implement and extend tsconfig.base across projects (#14554 )

2025-06-02 20:38:17 +00:00

README.md

Bitwarden Client Applications

This repository houses all Bitwarden client applications except the mobile applications (iOS | android).

Please refer to the Clients section of the Contributing Documentation for build instructions, recommended tooling, code style tips, and lots of other great information to get you started.

bitwarden/server: The core infrastructure backend (API, database, Docker, etc).
bitwarden/ios: Bitwarden iOS Password Manager & Authenticator apps.
bitwarden/android: Bitwarden Android Password Manager & Authenticator apps.
bitwarden/directory-connector: A tool for syncing a directory (AD, LDAP, Azure, G Suite, Okta) to an organization.

We're Hiring!

Interested in contributing in a big way? Consider joining our team! We're hiring for many positions. Please take a look at our Careers page to see what opportunities are currently open as well as what it's like to work at Bitwarden.

Contribute

Code contributions are welcome! Please commit any pull requests against the main branch. Learn more about how to contribute by reading the Contributing Guidelines. Check out the Contributing Documentation for how to get started with your first contribution.

Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the SECURITY.md file.

Languages

TypeScript 81.8%

HTML 12.6%

SCSS 2.3%

JavaScript 1.6%

MDX 0.9%

Other 0.7%

README.md

Bitwarden Client Applications

Related projects:

We're Hiring!

Contribute