clients
clients copied to clipboard
bitwarden
Firefox extension prevents proper XML file display
Steps To Reproduce
- Go to 'this XML file'
Expected Result
In Firefox, this should display a navigable XML document tree.
Actual Result
In Firefox, this renders the text in the nodes found in the XML document, rather than the XML tree itself.
Screenshots or Videos
Additional Context
This seems to have started with version 2023.10.x. I currently have Firefox 119.0.1 and Bitwarden extension version 2023.10.2. The behavior of XML documents definitely changed within the past two weeks, as XML previously displayed fine.
You can restore the correct browser XML document behavior by either disabling the extension or going to Settings > Excluded domains within the extension and adding the domain of the page.
I have not tested on other browsers.
Operating System
Windows
Operating System Version
Windows 11 23H2
Web Browser
Firefox
Browser Version
119.0.1
Build Version
2023.10.2
Issue Tracking Info
- [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
I'm having the same issue on Firefox on Linux. I tried downgrading the Bitwarden addon - version 2023.10.1 still has the same issue, but version 2023.9.2 doesn't, so presumably the bug was introduced in release 2023.10.1.
OS: Debian 12 Browser: Firefox 119.0.1 (64-bit) Addon Version: 2023.10.2
Hi @hrunting,
Thank you for your report. I was able to reproduce this behaviour and I have flagged it to our Engineering team.
If you wish to add any further information, such as screenshots or screen recordings, please feel free to do so at any time - our Engineering team will be happy to review them.
Thank you again,
Same exact issue. The ability to look at XML files directly for ServiceNow development is critical. I have to turn off the plugin to do my daily work.
OS: Windows 10.0.19044 Build 19044 Browser: Firefox 119.0.1 Addon Version: 2023.10.2
Same issue with viewing XML files. @ChristopherCarver Downgrading the plugin to version 2023.9.2 is working as a workaround.
OS: Windows 11 22H2 Browser: Firefox 119.0.1 Addon Version: 2023.10.2
Same issue.
OS: macOS Sonoma Browser: Firefox 119.0.1 Addon Version: 2023.10.2
Experiencing the same issue.
OS: macOS Sonoma 14.1.2 Browser: Firefox Version 120.0.1 Addon: 2023.10.2
Now with version 2023.12.0, it also seems to be ignoring the excluded domain list. The site that I was having this problem with was in my excluded domain list, and now Bitwarden is injecting a script into it.,
It's getting worse, guys. Any update?
Same OS: Windows10.0.19045 Build 19045 Browser: Firefox 120.0.1 Addon: 2023.12.0
I started noticing this issue a couple of months ago, and was working around this issue using the excluded domain list, but this is also no longer working for me
A Firefox issue regarding a different extension: Bug 1605657 provides some technical information about why this happens:
FWIW, this looks to me like a compat issue between the react devtools and our XML pretty printer. The pretty printer turns itself off if anything modifies the DOM ( https://searchfox.org/mozilla-central/rev/8f7b017a31326515cb467e69eef1f6c965b4f00e/dom/xml/nsXMLPrettyPrinter.cpp#147 ), which the react devtools do because they insert a
The simplest fix here would be the react/redux devtools not doing that (ie don't inject
The same issue and fix applies here - the Bitwarden extension should check that the content-type of the document is text/html before injecting a <script> tag. The cause in Bitwarden's case is the recently added injected script which overrides the browser's FIDO2 implementation, here:
https://github.com/bitwarden/clients/blob/bf60711efec33fd3b07227a58856dec6396e8e18/apps/browser/src/vault/fido2/content/content-script.ts#L66-L82
I'm not going to submit a PR for this, since I don't want to sign a copyright-assignment CLA, but I've fixed this locally. The fix I ended up doing was to add an early return in the run() function at the bottom of content-script.ts when the document.contentType is anything other than "text/html".
Nice - makes sense.
Joseph Gabriel Norima Consulting 828-455-0672
From: Calvin Walton @.> Sent: Wednesday, December 13, 2023 11:48:22 AM To: bitwarden/clients @.> Cc: Joseph Gabriel @.>; Manual @.> Subject: Re: [bitwarden/clients] Firefox extension prevents proper XML file display (Issue #6865)
A Firefox issue regarding a different extension: Bug 1605657https://bugzilla.mozilla.org/show_bug.cgi?id=1605657#c4 provides some technical information about why this happens:
FWIW, this looks to me like a compat issue between the react devtools and our XML pretty printer. The pretty printer turns itself off if anything modifies the DOM ( https://searchfox.org/mozilla-central/rev/8f7b017a31326515cb467e69eef1f6c965b4f00e/dom/xml/nsXMLPrettyPrinter.cpp#147 ), which the react devtools do because they insert a
The simplest fix here would be the react/redux devtools not doing that (ie don't inject
A similar issue and fix likely applies here - the Bitwarden extension should check that the content-type of the document is text/html before injecting a
Given that this only started with a recent update, I suspect it's related to the script injected to override the browser's FIDO2 implementation, which appears to be this code:
https://github.com/bitwarden/clients/blob/bf60711efec33fd3b07227a58856dec6396e8e18/apps/browser/src/vault/fido2/content/content-script.ts#L66-L82
— Reply to this email directly, view it on GitHubhttps://github.com/bitwarden/clients/issues/6865#issuecomment-1854321285, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAZDDKI2DYVCDD6FYTFACDLYJHL5NAVCNFSM6AAAAAA7GYYPA6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNJUGMZDCMRYGU. You are receiving this because you are subscribed to this thread.Message ID: @.***>
This communication may contain privileged or confidential information intended only for the persons to whom it is addressed. Any unauthorized distribution, copying, disclosure or dissemination is strictly prohibited. If you have received this communication in error, please notify the sender and delete this e-mail message immediately.
Note that if you're not actually using the Bitwarden extension's Passkey support, a workaround is available. You can turn off "Settings → Options → Ask to save and use passkeys" and the script injection will be disabled, so XML files will display correctly.
Genius. Thank you for taking time to investigate and provide this information. Your idea solved my problem immediately. I use xml viewer many times per day so this is a big help
Joseph Gabriel Norima Consulting 828-455-0672
From: Calvin Walton @.> Sent: Wednesday, December 13, 2023 12:35:16 PM To: bitwarden/clients @.> Cc: Joseph Gabriel @.>; Manual @.> Subject: Re: [bitwarden/clients] Firefox extension prevents proper XML file display (Issue #6865)
Note that if you're not actually using the Bitwarden extension's Passkey support, a workaround is available. You can turn off "Settings → Options → Ask to save and use passkeys" and the script injection will be disabled, so XML files will display correctly.
— Reply to this email directly, view it on GitHubhttps://github.com/bitwarden/clients/issues/6865#issuecomment-1854424750, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAZDDKJ3JFDEGT5C562BKTDYJHRNJAVCNFSM6AAAAAA7GYYPA6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNJUGQZDINZVGA. You are receiving this because you are subscribed to this thread.Message ID: @.***>
This communication may contain privileged or confidential information intended only for the persons to whom it is addressed. Any unauthorized distribution, copying, disclosure or dissemination is strictly prohibited. If you have received this communication in error, please notify the sender and delete this e-mail message immediately.
Note that if you're not actually using the Bitwarden extension's Passkey support, a workaround is available. You can turn off "Settings → Options → Ask to save and use passkeys" and the script injection will be disabled, so XML files will display correctly.
Thank you for the workaround! Resolved the issue immediately
You can turn off "Settings → Options → Ask to save and use passkeys" and the script injection will be disabled, so XML files will display correctly.
This workaround does not work for me in 2024.1.1. I disabled the option and still XML files such as https://tiles.maps.eox.at/wms?service=wms&request=getcapabilities display unformatted.
I have contacted Bitwarden support and this is the response I received a couple hours later:
Thank you for reaching out!
Our engineering team is aware of this issue and is working on a solution. I apologise for the inconvenience in the meantime.
On the GitHub issue you sent a link to one user(https://github.com/bitwarden/clients/issues/6865#issuecomment-1854321285) seems to have found a possible workaround for the solution.
Another thing you could do is side loading the extension(this is not recommended but an option): https://extensionworkshop.com/documentation/publish/distribute-sideloading/ If there's anything else we can help with, please let us know!
This workaround does not work for me in 2024.1.1. I disabled the option and still XML files such as https://tiles.maps.eox.at/wms?service=wms&request=getcapabilities display unformatted.
I just double checked with extension version 2024.1.1 by opening the link you provided - the workaround of turning off "Ask to save and use passkeys" still works.
Double-check that the setting got disabled, and make sure that it's actually the Bitwarden extension that's causing the problem by disabling all extensions and turning them on one by one until you find the one that's causing the issue.
and make sure that it's actually the Bitwarden extension that's causing the problem by disabling all extensions and turning them on one by one until you find the one that's causing the issue.
Turns out that I had yet another extension that meddled with XML: https://addons.mozilla.org/en-US/firefox/addon/web-scraper/
After disabling that, Firefox can pretty-print XML again.
Thank you for the feedback everyone.
A fix for this issue is now in review, and should be available within the v2024.3.1 extension release. The workaround for this problem, until this fix goes into production, will be to turn off saving of passkeys within your extension. This can be done by going to Settings > Options > Ask to save and use passkeys and checking the checkbox input for this to an off state.
I'm closing this thread, but please feel free to continue discussion as necessary.
This issue still persists using Firefox 124.0.2 on Mac with Bitwarden plugin 2024.2.1 from March 13th 2024.
Have the exact same versions as @Fossil01, except I'm on Windows 10. I confirm the issue's still there:
Disabling Settings > Options > Ask to save and use passkeys as mentioned by @cagonzalezcs mitigates the issue.
Official release is still 2024.2.1, thus no fix available. When can we expect 2024.4.0 version?
The next version is v2024.3.1, which has been submitted to all web stores. The extension should be released upon approval, and is already appearing within Chrome and Edge. Mozilla takes a bit more time in their review process, but the release of that version should be out soon.