mirror of https://github.com/bitwarden/browser synced 2026-02-01 01:03:39 +00:00

Go to file

Leslie Tilton ad4b01f315 [PM-28548] Phishing Blocker support links (#18070 )

* Change domain terminology to web addresses

* Added phishing resource file

* Finish renaming and adding runtime configuration for domains vs links setting

* Update reference

* Add matching functions per resource

* correct URL matching logic for links-based detection

Problem:
The phishing link matcher was failing to detect known phishing URLs due to
two issues:

1. Protocol mismatch: Entries in the phishing list use `http://` but users
   typically visit `https://` versions. The matcher was comparing full URLs
   including protocol, causing legitimate matches to fail.
   - List entry: `http://smartdapptradxx.pages.dev`
   - User visits: `https://smartdapptradxx.pages.dev/`
   - Result: No match (incorrect)

2. Hostname-only matching would have caused false positives: An earlier
   attempt to fix #1 included hostname-only comparison, which defeats the
   purpose of links-based detection. The goal of PM-28548 is precise URL
   matching to avoid blocking entire domains (like pages.dev, github.io)
   when only specific paths are malicious.

Solution:
- Always strip protocol (http:// or https://) from both entry and URL
  before comparison, treating them as equivalent
- Remove hostname-only matching to maintain precision
- Keep prefix matching for subpaths, query strings, and fragments

---------

Co-authored-by: Alex <adewitt@bitwarden.com>
(cherry picked from commit 800a21d8a3)

2025-12-30 12:15:35 -05:00

.checkmarx

Update SAST preset to query set (#8569 )

2024-04-01 16:24:04 -04:00

.claude

Remove review-prompt and migrate the only unique BW instruction to the CLAUDE.md (#18049 )

2025-12-18 19:19:09 +01:00

.codescene

disable code duplication check in unit tests (#6773 )

2023-11-06 15:48:34 -05:00

.github

bumped cargo deny version to fix CVSS error (#18091 )

2025-12-22 15:19:08 -05:00

.husky

Update husky hooks (#7738 )

2024-01-30 06:50:54 -08:00

.storybook

add back the aria-label when using the a11y title directive (#17776 )

2025-12-02 14:35:02 -05:00

.vscode

[PM-19731] Refactor encrypt service to expose key wrapping (#14080 )

2025-04-22 13:56:39 +00:00

apps

[PM-28548] Phishing Blocker support links (#18070 )

2025-12-30 12:15:35 -05:00

bitwarden_license

Remove FF: pm-22415-tax-id-warnings (#17871 )

2025-12-22 14:14:23 -06:00

docs

refactor(nx): remove unneeded tsconfig.build.json & adjust nx docs (#16864 )

2025-10-14 11:07:23 -04:00

libs

[CL-913] add new color palette to theme and tailwind config (#17998 )

2025-12-26 16:18:31 -05:00

scripts

[PM-25911] Add commercial sdk internal as dependency (#16883 )

2025-10-27 15:17:20 +01:00

.browserslistrc

[PM-6788][PM-7755] add babel/preset-env and browserslist (#9383 )

2024-05-30 18:42:26 -04:00

.editorconfig

Add support for migrated jslib (#2826 )

2022-06-03 18:01:07 +02:00

.git-blame-ignore-revs

add prettier formatting merge commit to .git-blame-ignore-revs (#7037 )

2023-11-29 17:53:26 -05:00

.gitattributes

Apply Prettier (#2238 )

2021-12-21 15:43:35 +01:00

.gitignore

Implement reusable Claude code review workflow (#16979 )

2025-10-27 16:25:40 +01:00

.npmrc

[PM-25911] Add commercial sdk internal as dependency (#16883 )

2025-10-27 15:17:20 +01:00

.nvmrc

[PM-22343] Bump non-cli to Node 22 (#15058 )

2025-06-26 18:05:37 -04:00

.prettierignore

[PM-5551] Removing Autofill v2 and AutofillOverlay Feature Flags (#7642 )

2024-01-22 17:11:07 +00:00

.prettierrc.json

Update CL documentation (#5379 )

2023-05-08 14:46:59 +02:00

angular.json

[CL-717][PM-27966] Update to Angular 20 and Storybook 9 (#17638 )

2025-12-01 14:15:58 -05:00

babel.config.json

[PM-6788] enable bugfixes in babel/preset-env (#9465 )

2024-05-31 17:59:39 -04:00

clients.code-workspace

Add Nx Console to vscode recommended extension list (#17683 )

2025-11-27 07:47:01 +01:00

CONTRIBUTING.md

Update README and CONTRIBUTING to point to contributing.bitwarden.com (#2771 )

2022-06-13 17:34:07 +10:00

eslint.config.mjs

PM-8353 MacOS passkey provider (#13963 )

2025-12-05 12:58:20 -05:00

jest.config.js

[PM-29607] Create @bitwarden/subscription (#17997 )

2025-12-16 10:13:18 -06:00

jest.preset.js

feat(nx): add basic-lib generator for streamlined library creation (#14992 )

2025-06-05 14:20:23 -04:00

LICENSE_BITWARDEN.txt

Fix some references to master (#14578 )

2025-05-01 07:18:09 -07:00

LICENSE_GPL.txt

Prepare bitwarden_license directory (#2663 )

2022-05-09 17:50:15 +02:00

LICENSE.txt

Fix some references to master (#14578 )

2025-05-01 07:18:09 -07:00

nx.json

feat(nx): add basic-lib generator for streamlined library creation (#14992 )

2025-06-05 14:20:23 -04:00

package-lock.json

Bumped client version(s)

2025-12-29 14:59:06 +00:00

package.json

[PM-27239] Tde registration encryption v2 (#17831 )

2025-12-23 16:27:25 +01:00

README.md

[PM-19046] Update README mobile references (#13990 )

2025-03-26 12:49:53 +00:00

SECURITY.md

Revise language on SECURITY.md

2022-03-15 15:39:14 -04:00

tailwind.config.js

Billing/pm 23385 premium modal in web after registration (#16182 )

2025-09-04 14:44:04 +00:00

tsconfig.base.json

[PM-29607] Create @bitwarden/subscription (#17997 )

2025-12-16 10:13:18 -06:00

tsconfig.eslint.json

fix(eslint): extend tsconfig.base in tsconfig.eslint (#15082 )

2025-06-05 11:08:03 -04:00

tsconfig.json

Implement and extend tsconfig.base across projects (#14554 )

2025-06-02 20:38:17 +00:00

README.md

Bitwarden Client Applications

This repository houses all Bitwarden client applications except the mobile applications (iOS | android).

Please refer to the Clients section of the Contributing Documentation for build instructions, recommended tooling, code style tips, and lots of other great information to get you started.

bitwarden/server: The core infrastructure backend (API, database, Docker, etc).
bitwarden/ios: Bitwarden iOS Password Manager & Authenticator apps.
bitwarden/android: Bitwarden Android Password Manager & Authenticator apps.
bitwarden/directory-connector: A tool for syncing a directory (AD, LDAP, Azure, G Suite, Okta) to an organization.

We're Hiring!

Interested in contributing in a big way? Consider joining our team! We're hiring for many positions. Please take a look at our Careers page to see what opportunities are currently open as well as what it's like to work at Bitwarden.

Contribute

Code contributions are welcome! Please commit any pull requests against the main branch. Learn more about how to contribute by reading the Contributing Guidelines. Check out the Contributing Documentation for how to get started with your first contribution.

Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the SECURITY.md file.

Languages

TypeScript 81.8%

HTML 12.6%

SCSS 2.3%

JavaScript 1.6%

MDX 0.9%

Other 0.7%

README.md

Bitwarden Client Applications

Related projects:

We're Hiring!

Contribute