New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Autofill domain check #520
base: main
Are you sure you want to change the base?
Conversation
This introduces a new option that prevents auto fill if the actual page URL's domain is not a sub domain (or equal) to the domain in the database.
Do not show a modal dialog when auto filling but rather simply prevent auto fill.
Thanks a lot, this is a great contribution! From a programming point of view, it's a bit odd to have these two functions without one of them calling the other:
I think the function From a usability point of view, I think that the two check-mark options
Ideally, it would be possible for each of the 5 security checks separately to specify which of ignore/warn/enforce is applied if the check fails... |
Co-authored-by: Thomas Vogt <tuxor1337@users.noreply.github.com>
Yeah, I 100 % agree on this. I actually also needed to look into the source to actually understand what exactly is checked. In addition, I also thought that we should probably consider I hope that I'll find some time today or tomorrow to have a look at the implementation again. |
Sorry, didn't find the time earlier to finish the implementation. So far, I edited the settings page and added the new options for a detailed adjustments for checks. What do you think? I think that requiring a valid URL can be implicit. When visiting a real website, the URL must be valid anyways and an invalid URL in the pass db can simply cause the check to fail but is not a security issue otherwise. Therefore, I only added the other three levels. Since ii, iii, and iv are getting in stricter in this order, I grouped them in a combo box and added another combo box for the independent setting of the protocol check. The actual logic needs to be implemented still… |
Hey, any news on this great contribution? :) |
I was quite busy in the last weeks but hope that I'll find some time at the next weekend or so. But good to hear that others want to see this, too :). |
@tuxor1337 , sorry that I did not manage to come back to this in such a long time. Do you think the concept still makes sense? I cannot promise that I'll find some hours in the next weeks, please feel free to build upon my PR. |
Yes, I think the concept still makes sense. I just implemented the feature discussed in this PR as far as I understand it. It would be great if you found the time to test this implementation and provide some feedback. :) |
This adds an option to check for exact domain matches when auto filling. When the additional security checks are enabled, a failure simply prevents auto fill rather than popping up a modal dialog.
#519