Merge pull request #2649 from keepassxreboot/fix/untrust-iframe

Add special error message for untrusted iframes
This commit is contained in:
Sami Vänttinen 2025-08-26 07:37:00 +03:00 committed by GitHub
commit 9ff98e8875
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 9 additions and 2 deletions

View file

@ -370,6 +370,10 @@
"message": "No logins found.",
"description": "Shown when no credentials are found for the current page."
},
"credentialsBlockedInIframe": {
"message": "Credential fill blocked in untrusted iframe.",
"description": "Alert message when filling credentials is blocked due to iframe restrictions."
},
"credentialsMultipleFound": {
"message": "More than one login was found in KeePassXC!",
"description": "Alert message when trying to fill username and/or password when multiple credentials are found."

View file

@ -217,7 +217,7 @@ kpxcFill.fillFromUsernameIcon = async function(combination) {
*/
kpxcFill.fillInCredentials = async function(combination, predefinedUsername, uuid, passOnly = false) {
if (kpxc.credentials.length === 0) {
kpxcUI.createNotification('error', tr('credentialsNoLoginsFound'));
showErrorNotification(`${tr('credentialsNoLoginsFound')} ${document.location.origin}`);
return;
}
@ -358,6 +358,9 @@ const showErrorNotification = async function(errorMessage, notificationType = 'e
const connectedDatabase = await sendMessage('get_connected_database');
if (!connectedDatabase?.identifier) {
kpxcUI.createNotification('error', tr('errorCurrentDatabaseNotConnected'));
} else if (!await isIframeAllowed()) {
// Special error if we are blocking due to iframe
kpxcUI.createNotification('error', tr('credentialsBlockedInIframe'));
} else {
kpxcUI.createNotification(notificationType, errorMessage);
}

View file

@ -646,7 +646,7 @@ kpxc.rememberCredentialsFromContextMenu = async function() {
// Credential Banner can force the retrieval for reloading new/modified credentials.
kpxc.retrieveCredentials = async function(force = false) {
if (!await isIframeAllowed()) {
return [];
return;
}
kpxc.url = document.location.href;