Fix handling of pasted domain name

When you open the page by clicking on a bookmark, you're given the opportunity to paste a URL to check for phishing. I had 2 problems. First, I cleared the domain name field if you pasted an incorrectly formatted URL. That led to phishing warning if you then pasted a properly formatted URL that matched the bookmark's domain name. Second, I allowed typing in that field.
alanhkarp · Aug 8, 2024 · 51de34f · 51de34f
1 parent 72d79f0
commit 51de34f
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/src/ssp.js b/src/ssp.js
@@ -452,9 +452,7 @@ let SitePasswordWeb = ((function (self) {
             let domain = (split.length > 1 ? split[2] : split[0]);
             if (logging) console.log("domain", domain, "protocol", protocol);
             if (domain && !isValidDomain(normalize(domain))) {
-                $domainname.value = url;
                 alert("Invalid domain.  Try again.");
-                $domainname.value = "";
                 domain = "";
             } else if (domain && protocol !== "https") {
                 httpWarningOn();
@@ -762,9 +760,20 @@ let SitePasswordWeb = ((function (self) {
         }
 
         let $bkmkDomain = get("bkmkDomain");
+        $bkmkDomain.onkeyup = function (e) {
+            if (e.crtlKey || e.metaKey && e.key === "v") {
+                return
+            }
+            alert("You can only paste the URL here.");
+            e.preventDefault();
+        }
         $bkmkDomain.onpaste = function () {
             setTimeout(() => {
                 let testDomain = parseDomain(normalize($bkmkDomain.value));
+                if (!testDomain) {
+                    $bkmkDomain.value = "";
+                    return;
+                }
                 if (testDomain === $domainname.value) {
                     phishingWarningOff();
                 } else {