clients/apps/browser
Leslie Tilton 800a21d8a3
[PM-28548] Phishing Blocker support links (#18070)
* Change domain terminology to web addresses

* Added phishing resource file

* Finish renaming and adding runtime configuration for domains vs links setting

* Update reference

* Add matching functions per resource

* correct URL matching logic for links-based detection

Problem:
The phishing link matcher was failing to detect known phishing URLs due to
two issues:

1. Protocol mismatch: Entries in the phishing list use `http://` but users
   typically visit `https://` versions. The matcher was comparing full URLs
   including protocol, causing legitimate matches to fail.
   - List entry: `http://smartdapptradxx.pages.dev`
   - User visits: `https://smartdapptradxx.pages.dev/`
   - Result: No match (incorrect)

2. Hostname-only matching would have caused false positives: An earlier
   attempt to fix #1 included hostname-only comparison, which defeats the
   purpose of links-based detection. The goal of PM-28548 is precise URL
   matching to avoid blocking entire domains (like pages.dev, github.io)
   when only specific paths are malicious.

Solution:
- Always strip protocol (http:// or https://) from both entry and URL
  before comparison, treating them as equivalent
- Remove hostname-only matching to maintain precision
- Keep prefix matching for subpaths, query strings, and fragments

---------

Co-authored-by: Alex <adewitt@bitwarden.com>
2025-12-30 09:06:30 -08:00
..
.vscode Multi root workspace tweaks (#2858) 2022-06-13 21:39:36 -05:00
config Remove showPasswordless conditionals (#11928) 2024-11-15 12:34:02 -05:00
scripts [BRE-1303] Providing method for pinning Chrome extension ID for dev (#17432) 2025-11-19 16:11:51 -05:00
spec PM-27820 (#17245) 2025-11-05 20:22:34 -05:00
src [PM-28548] Phishing Blocker support links (#18070) 2025-12-30 09:06:30 -08:00
store Autosync the updated translations (#18026) 2025-12-19 12:18:02 +01:00
webpack [PM-22629] Forbid importing popup outside (#15168) 2025-06-13 08:54:49 -05:00
.gitignore Ps/pm 2910/browser header component (#6641) 2023-10-25 18:27:32 +00:00
CLAUDE.md [PM-26337] Create a Claude markdown file (#16676) 2025-10-03 16:48:01 +02:00
crowdin.yml
jest.config.js Implement and extend tsconfig.base across projects (#14554) 2025-06-02 20:38:17 +00:00
package.json Bumped client version(s) 2025-12-29 14:59:06 +00:00
postcss.config.js eslint: report unused disable directives (#13463) 2025-03-10 09:33:08 -04:00
project.json build(nx): fix serve browser (#16972) 2025-10-22 06:21:25 -04:00
README.md Fix some references to master (#14578) 2025-05-01 07:18:09 -07:00
tailwind.config.js [CL-434] Swap extension to use tailwind preflight (#17054) 2025-12-09 15:40:00 -05:00
test.setup.ts [deps] Platform: Update @types/chrome to v0.1.0 (#15697) 2025-09-26 17:02:39 +02:00
tsconfig.json [CL-761] Enable strict template typechecking (#17334) 2025-11-25 11:04:37 -05:00
tsconfig.spec.json [CL-525] Upgrade angular to v19 (#14815) 2025-06-02 13:13:31 -04:00
webpack.base.js [PM-25911] Add commercial sdk internal as dependency (#16883) 2025-10-27 15:17:20 +01:00
webpack.config.js refactor(nx): remove unneeded tsconfig.build.json & adjust nx docs (#16864) 2025-10-14 11:07:23 -04:00

Github Workflow build browser on main Crowdin Join the chat at https://gitter.im/bitwarden/Lobby

Bitwarden Browser Extension

The Bitwarden browser extension is written using the Web Extension API and Angular.

My Vault

Documentation

Please refer to the Browser section of the Contributing Documentation for build instructions, recommended tooling, code style tips, and lots of other great information to get you started.