Skip to content

Commit c9afa48

Browse files
maximbazmaximbaz
authored
Remove debugger permissions (#226)
1 parent d73f8e5 commit c9afa48

File tree

4 files changed

+15
-50
lines changed

4 files changed

+15
-50
lines changed

README.md

Lines changed: 13 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -280,20 +280,19 @@ In order to remove all metadata, use the "Clear usage data" button in the extens
280280
281281
Browserpass extension requests the following permissions:
282282
283-
| Name | Reason |
284-
| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
285-
| `debugger` | Only used for "auto-submit" functionality: if all attepts to locate a "Submit" button failed, Browserpass will put focus inside the login form and issue an <kbd>Enter</kbd> keypress. This is only available in Chromium-based browsers, and sadly this permission [cannot be specified as optional](https://developer.chrome.com/apps/permissions) |
286-
| `activeTab` | To get URL of the current tab, used for example to determine which passwords to show you by default in the popup |
287-
| `alarms` | To set a timer for clearing the clipboard 60 seconds after credentials are copied |
288-
| `tabs` | To get URL of a given tab, used for example to set count of the matching passwords for a given tab |
289-
| `clipboardRead` | To ensure only copied credentials and not other content is cleared from the clipboard after 60 seconds |
290-
| `clipboardWrite` | For "Copy password" and "Copy username" functionality |
291-
| `nativeMessaging` | To allow communication with the native app |
292-
| `notifications` | To show browser notifications on install or update |
293-
| `webRequest` | For modal HTTP authentication |
294-
| `webRequestBlocking` | For modal HTTP authentication |
295-
| `http://*/*` | To allow using Browserpass on all websites |
296-
| `https://*/*` | To allow using Browserpass on all websites |
283+
| Name | Reason |
284+
| -------------------- | ---------------------------------------------------------------------------------------------------------------- |
285+
| `activeTab` | To get URL of the current tab, used for example to determine which passwords to show you by default in the popup |
286+
| `alarms` | To set a timer for clearing the clipboard 60 seconds after credentials are copied |
287+
| `tabs` | To get URL of a given tab, used for example to set count of the matching passwords for a given tab |
288+
| `clipboardRead` | To ensure only copied credentials and not other content is cleared from the clipboard after 60 seconds |
289+
| `clipboardWrite` | For "Copy password" and "Copy username" functionality |
290+
| `nativeMessaging` | To allow communication with the native app |
291+
| `notifications` | To show browser notifications on install or update |
292+
| `webRequest` | For modal HTTP authentication |
293+
| `webRequestBlocking` | For modal HTTP authentication |
294+
| `http://*/*` | To allow using Browserpass on all websites |
295+
| `https://*/*` | To allow using Browserpass on all websites |
297296
298297
## FAQ
299298

src/background.js

Lines changed: 1 addition & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -316,36 +316,10 @@ async function dispatchFocusOrSubmit(settings, request, allFrames, allowForeign)
316316
foreignFills: settings.foreignFills[settings.origin] || {},
317317
});
318318

319-
let perFrameResults = await chrome.tabs.executeScript(settings.tab.id, {
319+
await chrome.tabs.executeScript(settings.tab.id, {
320320
allFrames: allFrames,
321321
code: `window.browserpass.focusOrSubmit(${JSON.stringify(request)});`,
322322
});
323-
324-
// if necessary, dispatch Enter keypress to autosubmit the form
325-
// currently only works on Chromium and requires debugger permission
326-
try {
327-
for (let frame of perFrameResults) {
328-
if (frame.needPressEnter) {
329-
chrome.debugger.attach({ tabId: settings.tab.id }, "1.2");
330-
for (let type of ["keyDown", "char", "keyUp"]) {
331-
chrome.debugger.sendCommand(
332-
{ tabId: settings.tab.id },
333-
"Input.dispatchKeyEvent",
334-
{
335-
type: type,
336-
key: "Enter",
337-
windowsVirtualKeyCode: 13,
338-
nativeVirtualKeyCode: 13,
339-
unmodifiedText: "\r",
340-
text: "\r",
341-
}
342-
);
343-
}
344-
chrome.debugger.detach({ tabId: settings.tab.id });
345-
break;
346-
}
347-
}
348-
} catch (e) {}
349323
}
350324

351325
/**

src/inject.js

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -220,9 +220,7 @@
220220
* @return object result of focusing or submitting a form
221221
*/
222222
function focusOrSubmit(request) {
223-
var result = {
224-
needPressEnter: false,
225-
};
223+
var result = {};
226224

227225
// get the login form
228226
let loginForm = undefined;
@@ -258,11 +256,6 @@
258256
submit.focus();
259257
}
260258
} else {
261-
// There is no submit button.
262-
if (request.autoSubmit) {
263-
// signal background script that we want it to press Enter for us
264-
result.needPressEnter = true;
265-
}
266259
// We need to keep focus somewhere within the form, so that Enter hopefully submits the form.
267260
for (let selectors of [OPENID_FIELDS, PASSWORD_FIELDS, USERNAME_FIELDS]) {
268261
let field = find(selectors, loginForm);

src/manifest-chromium.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,6 @@
2727
"open_in_tab": false
2828
},
2929
"permissions": [
30-
"debugger",
3130
"activeTab",
3231
"alarms",
3332
"tabs",

0 commit comments

Comments
 (0)