* Change domain terminology to web addresses
* Added phishing resource file
* Finish renaming and adding runtime configuration for domains vs links setting
* Update reference
* Add matching functions per resource
* correct URL matching logic for links-based detection
Problem:
The phishing link matcher was failing to detect known phishing URLs due to
two issues:
1. Protocol mismatch: Entries in the phishing list use `http://` but users
typically visit `https://` versions. The matcher was comparing full URLs
including protocol, causing legitimate matches to fail.
- List entry: `http://smartdapptradxx.pages.dev`
- User visits: `https://smartdapptradxx.pages.dev/`
- Result: No match (incorrect)
2. Hostname-only matching would have caused false positives: An earlier
attempt to fix#1 included hostname-only comparison, which defeats the
purpose of links-based detection. The goal of PM-28548 is precise URL
matching to avoid blocking entire domains (like pages.dev, github.io)
when only specific paths are malicious.
Solution:
- Always strip protocol (http:// or https://) from both entry and URL
before comparison, treating them as equivalent
- Remove hostname-only matching to maintain precision
- Keep prefix matching for subpaths, query strings, and fragments
---------
Co-authored-by: Alex <adewitt@bitwarden.com>
* [pm-28077] Add input types to ignoredInputTypes
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-28077-more-ignoredInputTypes-in-CollectAutofillContentService
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* [pm-28077] Remove month input type from ignored types
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* [pm-28077] Remove month radio and checkbox types from ignored types
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-28077-more-ignoredInputTypes-in-CollectAutofillContentService
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* [pm-28077] Fix prettier issues/conflicts
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* [pm-28077] Add comment regarding datetime depcrecation
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
---------
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* use optional chaining and make portkey optional to match the AutofillInlineMenuIframeExtensionMessage
* make ariaAlertElement optional
* tiemouts are set to null for clearing, updated type to match this
* border color is conditionally applied, undefined is acceptable here
* check if aria alerts exist before calling
* return early if no styles exist for updateElementStyles or no position for updateIframePosition
* initilaize timers to null
* non null assert iframe since it is initialized in initMenuIframe which makes it safe to assert non null by lifecycle
* remove optional chainning
* [PM-29209] Introduce new autofill nudge service specific to the Browser client
* [PM-29209] Cleanup redundant browser setting checks
* [PM-29209] Ensure nudge is dismissed on nudge button click
* [PM-29209] Add spec file for browser autofill nudge service
* [PM-29209] Cleanup settings-v2 spec file
* early return on typedata if it is not present
* use optional chaining on null checks
* nullish coallescing operator on potentially undefined type
* optional chaining to check both that the element exists and that contentWindow is not null before calling postMessage
* add null check for this.currentNotificationBarType before calling
* add a null check before appending notificationBarRootElement, ts cant track we set the iframe across method calls
* added null checks before calling setElementStyles
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
* follow existing popout guard pattern to force popout on firefox when filepicker is exposed
* move firefox guard to tools ownership & revert changes to auth owned file
* removed redundant test case
* Disable phishing detection if safari is detected
* Apply suggestion from @claude[bot]
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Move order of safari vs account checks
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* [PM-27675] Integrate dialogs into VaultItemTransferService
* [PM-27675] Update tests for new dialogs
* [PM-27675] Center dialogs and prevent closing with escape or pointer events
* [PM-27675] Add transferInProgress$ observable to VaultItemsTransferService
* [PM-27675] Hook vault item transfer service into browser vault component
* [PM-27675] Move defaultUserCollection$ to collection service
* [PM-27675] Cleanup dialog styles
* [PM-27675] Introduce readySubject to popup vault component to keep prevent flashing content while item transfer is in progress
* [PM-27675] Fix vault-v2 tests
* added phishing blocker toggle
* design improvements
* Fix TypeScript strict mode errors in PhishingDetectionSettingsServiceAbstraction
* Camel case messages
* Update PhishingDetectionService.initialize parameter ordering
* Add comments to PhishingDetectionSettingsServiceAbstraction
* Change state from global to user settings
* Remove clear on logout phishing-detection-settings
* PM-28536 making a change from getActive to getUser because of method being deprecated
* Moved phishing detection services to own file
* Added new phishing detection availability service to expose complex enable logic
* Add test cases for PhishingDetectionAvailabilityService
* Remove phishing detection availability in favor of one settings service
* Extract phishing detection settings service abstraction to own file
* Update phishing detection-settings service to include availability logic. Updated dependencies
* Add test cases for phishing detection element. Added missing dependencies in testbed setup
* Update services in extension
* Switch checkbox to bit-switch component
* Remove comment
* Remove comment
* Fix prettier vs lint spacing
* Replace deprecated active user state. Updated test cases
* Fix account-security test failing
* Update comments
* Renamed variable
* Removed obsolete message
* Remove unused variable
* Removed unused import
---------
Co-authored-by: Leslie Tilton <23057410+Banrion@users.noreply.github.com>
Co-authored-by: Graham Walker <gwalker@bitwarden.com>
Co-authored-by: Tom <144813356+ttalty@users.noreply.github.com>
* [PM-23258] changing verbiage from import data to import items
* [PM-23258] Removing vault and data from import and export titles, navs, and buttons
* [PM-23258] more verbiage changes
* [PM-23258] reverting unnecessary change
* [PM-23258] removing unused text from messages json files
* [PM-23258] small text changes from design
* [PM-23258] including secrets manager changes
* Add creationDate of account to AccountInfo
* Added initialization of creationDate.
* Removed extra changes.
* Fixed tests to initialize creation date
* Added helper method to abstract account initialization in tests.
* More test updates.
* Linting
* Additional test fixes.
* Fixed spec reference
* Fixed imports
* Linting.
* Fixed browser test.
* Modified tsconfig to reference spec file.
* Fixed import.
* Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node.
* Revert "Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node."
This reverts commit 669f6557b6.
* Updated stories to hard-code new field.
* Removed changes to tsconfig
* Revert "Removed changes to tsconfig"
This reverts commit b7d916e8dc.
* add a slot for consumers to show user actions in anon layout header
* remove commented code
* ensure logo stays top aligned
* switch to dashed naming
* fix ngif statements
* remove empty selector
* remove unnecessary containers
* use smaller logo on smaller screens
* remove commented code from extension layout
* remove dupe slot
* only take extension screenshots on small screens
* take screenshot at 380
* take large and small screenshot
* update story to use new control flow
* feat: add Identity Sso Required Response type as possible response from token endpoint.
* feat: consume sso organization identifier to redirect user
* feat: add get requiresSso to AuthResult for more ergonomic code.
* feat: sso-redirect on sso-required for CLI and Desktop
* chore: fixing type errors
* test: fix and add tests for new sso method
* docs: fix misspelling
* fix: get email from AuthResult instead of the FormGroup
* fix:claude: when email is not available for SSO login show error toast.
* fix:claude: add null safety check