clients icon indicating copy to clipboard operation
clients copied to clipboard
verified publisher icon bitwarden

Firefox throws an error when referencing attributes of the inline autofill menu DOM elements.

Open Racle opened this issue 1 year ago • 1 comments

Steps To Reproduce

  1. Enable BW new auto-fill (either focus on or click, doesn't matter)
  2. Go to https://www.dropbox.com/login
  3. Click your username to fill that
  4. Click continue
  5. No prompt to fill password

Expected Result

Prompt to select/fill your password.

Actual Result

No way to fill password other than copying that from BW extension.

CTRL+SHIFT+L doesn't work anymore to fill password, cannot click username on extension to fill password as it doesn't offer that anymore.

After disabling new feature and refreshing page, CTRL+SHIFT+L and clicking username on extension works as expected.

Auto-fill menu on form fields is currently broken on certain sites.

Screenshots or Videos

No response

Additional Context

Seems that it happens mostly on pages where you have to input first your username AND then your password on next page. Also happened on pages where there is only password field and no username.

Operating System

Linux

Operating System Version

pop_os 22.04

Web Browser

Firefox

Browser Version

124.0b2 (64-bit) (Firefox Developer Edition)

Build Version

2024.2.0

Issue Tracking Info

  • [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Racle avatar Feb 23 '24 06:02 Racle

This issue is a duplicate of https://github.com/bitwarden/clients/issues/7837 and https://github.com/bitwarden/clients/issues/8030.

The reason this happens is due to our usage of Custom Elements, and a know bug within Firefox that prevents referencing attributes on Custom Elements created within web extensions.

https://bugzilla.mozilla.org/show_bug.cgi?id=1492002 https://bugzilla.mozilla.org/show_bug.cgi?id=1836269

At the moment, there isn't much I can do to resolve this directly, though I did take some time today to look into a potential way to resolve the issue through some kind of workaround to the bug.

For now, I'd recommend you use other means for autofilling the credentials on this website, either the keyboard shortcut, context menu, or directly in the popup.

I'd like to keep this ticket open to give room to investigate this issue. I'm not sure when a resolution for this will be possible, but given that the problem exists in a number of websites it makes sense to document and track the problem here.

cagonzalezcs avatar Feb 23 '24 16:02 cagonzalezcs

I've taken a look at this and identified a path forward on resolution of the issue. If we render the UI elements for the overlay as a <div> with an attached Shadow DOM, we no longer experience the issues found with referencing custom web components in Firefox.

This fix presents a minor step back in terms of providing obfuscation for the UI elements we inject into a web page, but rendering the inline menu as a <div> element with a ShadowRoot attached keeps us close to parity in terms of security. Also, this change will only affect Firefox browsers, and when Mozilla resolves the issue we will reconsider a re-introduction of web components to the inline menu.

Closing this thread for now as a fix for this is currently in QA review. Please feel free to continue conversation as necessary.

cagonzalezcs avatar Mar 19 '24 19:03 cagonzalezcs

Just wanted to confirm that v2024.3.1 has indeed fixed this issue for me with all the React sites I've tested. Thanks for looking into this!

cdonovan avatar Apr 12 '24 21:04 cdonovan