diff options
Diffstat (limited to 'autofill-parser/src/main')
2 files changed, 13 insertions, 21 deletions
diff --git a/autofill-parser/src/main/java/com/github/androidpasswordstore/autofillparser/FeatureAndTrustDetection.kt b/autofill-parser/src/main/java/com/github/androidpasswordstore/autofillparser/FeatureAndTrustDetection.kt index a5ac72a2..ee9e98c8 100644 --- a/autofill-parser/src/main/java/com/github/androidpasswordstore/autofillparser/FeatureAndTrustDetection.kt +++ b/autofill-parser/src/main/java/com/github/androidpasswordstore/autofillparser/FeatureAndTrustDetection.kt @@ -16,17 +16,14 @@ import androidx.annotation.RequiresApi /** * In order to add a new browser, do the following: - * * 1. Obtain the .apk from a trusted source. For example, download it from the Play Store on your - * phone and use adb pull to get it onto your computer. We will assume that it is called - * browser.apk. - * + * phone and use adb pull to get it onto your computer. We will assume that it is called + * browser.apk. * 2. Run * * aapt dump badging browser.apk | grep package: | grep -Eo " name='[a-zA-Z0-9_\.]*" | cut -c8- * * to obtain the package name (actually, the application ID) of the app in the .apk. - * * 3. Run * * apksigner verify --print-certs browser.apk | grep "#1 certificate SHA-256" | grep -Eo @@ -36,19 +33,15 @@ import androidx.annotation.RequiresApi * the apk has a single signing certificate. Apps with multiple signers are very rare, so there is * probably no need to add them. Refer to computeCertificatesHash to learn how the hash would be * computed in this case. - * * 4. Verify the package name and the hash, for example by asking other people to repeat the steps - * above. - * + * above. * 5. Add an entry with the browser apps's package name and the hash to - * TRUSTED_BROWSER_CERTIFICATE_HASH. - * + * TRUSTED_BROWSER_CERTIFICATE_HASH. * 6. Optionally, try adding the browser's package name to BROWSERS_WITH_SAVE_SUPPORT and check - * whether a save request to Password Store is triggered when you submit a registration form. - * + * whether a save request to Password Store is triggered when you submit a registration form. * 7. Optionally, try adding the browser's package name to BROWSERS_WITH_MULTI_ORIGIN_SUPPORT and - * check whether it correctly distinguishes web origins even if iframes are present on the page. You - * can use https://fabianhenneke.github.io/Android-Password-Store/ as a test form. + * check whether it correctly distinguishes web origins even if iframes are present on the page. + * You can use https://fabianhenneke.github.io/Android-Password-Store/ as a test form. * * **Security assumption**: Browsers on this list correctly report the web origin of the top-level * window as part of their AssistStructure. @@ -112,9 +105,9 @@ internal enum class BrowserMultiOriginMethod { * * There are two methods used by browsers: * - Browsers based on Android's WebView report web domains on each WebView view node, which then - * needs to be propagated to the child nodes ( [BrowserMultiOriginMethod.WebView]). + * needs to be propagated to the child nodes ( [BrowserMultiOriginMethod.WebView]). * - Browsers with custom Autofill implementations report web domains on each input field ( - * [BrowserMultiOriginMethod.Field]). + * [BrowserMultiOriginMethod.Field]). */ private val BROWSER_MULTI_ORIGIN_METHOD = mapOf( diff --git a/autofill-parser/src/main/java/mozilla/components/lib/publicsuffixlist/PublicSuffixList.kt b/autofill-parser/src/main/java/mozilla/components/lib/publicsuffixlist/PublicSuffixList.kt index 1051125f..4b45cd1c 100644 --- a/autofill-parser/src/main/java/mozilla/components/lib/publicsuffixlist/PublicSuffixList.kt +++ b/autofill-parser/src/main/java/mozilla/components/lib/publicsuffixlist/PublicSuffixList.kt @@ -17,10 +17,9 @@ import kotlinx.coroutines.async /** * API for reading and accessing the public suffix list. - * * > A "public suffix" is one under which Internet users can (or historically could) directly - * register names. Some > examples of public suffixes are .com, .co.uk and pvt.k12.ma.us. The Public - * Suffix List is a list of all known > public suffixes. + * > register names. Some > examples of public suffixes are .com, .co.uk and pvt.k12.ma.us. The + * > Public Suffix List is a list of all known > public suffixes. * * Note that this implementation applies the rules of the public suffix list only and does not * validate domains. @@ -51,8 +50,8 @@ internal class PublicSuffixList( * ``` * * @param [domain] _must_ be a valid domain. [PublicSuffixList] performs no validation, and if any - * unexpected values are passed (e.g., a full URL, a domain with a trailing '/', etc) this may - * return an incorrect result. + * unexpected values are passed (e.g., a full URL, a domain with a trailing '/', etc) this may + * return an incorrect result. */ fun getPublicSuffixPlusOneAsync(domain: String): Deferred<String?> = scope.async { |