leaky-forms / leak-inspector Goto Github PK

Creating this issue to track the progress of publishing the add-on to AMO.
The code for that effort lives here: https://github.com/leaky-forms/leak-inspector/tree/development

Seeing an intermittent error:

TypeError: currentTab is undefined

pointing to line 245 in popup.js:

Quite sure it was introduced by pull request #12

I suspect it's caused by the fact that this code is now executing sooner because it no longer needs to wait on the two (removed) jquery.load() calls that were dynamically loading html fragments.
Therefore sometimes beating the async method that populates currentTab:

Hi,

Read about this in a news article. Very interesting and I'd like to try it for myself. Can you tell how to install this as an add-on in Firefox?

Hi
i have installed and tested the extension and i have realized that in some websites where i have account with this extension enabled i cant make login always return username or password wrong when i disable the extension i can make login again with the same credentials.

The description in the README says attempts to publish to the Chrome Web Store failed suggests that you have a Chrome extension already. It would be great to make that available for manual loading for those of us willing to do so.

Instructions are here https://www.cnet.com/tech/services-and-software/how-to-install-chrome-extensions-manually/

I know that uploading the extension to the Chrome Store doesn’t allow that, but publishing an extension to upload yourself will be accepted. I use developer mode all the time and install lots of extensions that are currently not on the Chrome Store.

We should have tests covering (at least) the basic functionality such as sniff detection and leaky request blocking.
The simplest way could be to use Selenium, similar to Privacy Badger: https://github.com/EFForg/privacybadger/tree/master/tests

Unfortunately Playwright doesn't (yet) support Firefox add-ons: microsoft/playwright#7297

Any idea why the setter in the overridden input element value property is commented out here (line 18)?

The result is that if any script tries to set the value of an input field, it'll throw an error:
Uncaught TypeError: setting getter-only property "value"
(i.e. by not providing a setter, it breaks existing functionality)

I tried simply removing the comment, and it resolved the error and didn't seem to have any ill effect on Leak Inspector.
So, curious if there's a reason why it's been commented out.

Hi Team,

I've found that one particular site (for paying medical bills in US) that I use showed leaking plain-text passwords, although the connection of this site to another site (for login purposes) is through https. Also excuse my naivitete, I do not claim to know anything about security, privacy, so might be just fine..

In any case it dispalayed to me Requests exfiltrating personal data extracted from web forms for both email/password, and in Chrome Developer ToolBox - I could see in plaintext my user/password.

My question really is - is there an appropriate way to report these without affecting other users?
After all I have to use this service, and not sure how they can be reached to fix it.

(Since I can't use the chrome web store to install the plugin, I've installed it directly from a folder I've "git cloned")

Thank you!

Hi. Thanks for the revelations. 👍️

Is there any chance this add-on will get approved soon?

I uploaded the zip to Mozilla for private use approval and got warnings:

I tried it as a temporary extension, but I didn't see any blocking.
But that could be due to uBlock Origin and my hosts file?