per-Item user script hooks
- What will this feature do differently?
- What benefits will this feature bring?
- Remember to add a tag for each client application that will be affected
If an Item included a Field named
userscript:run-at:document-end (or one of the
@run-at directives (
https://violentmonkey.github.io/api/metadata-block/#run-at), then when the Item’s URL matches the Bitwarden extension would allow customization of the DOM in preparation for a better auto-fill experience by executing the user-controlled payload
At Bitwarden’s discretion whether the hooks were more password-manager-centric, such as
after-fill type deal
If the payload fails, at Bitwarden’s discretion whether to attempt to display some failure, or just
console.error like any other script error
As the supporting links demonstrate below, currently the burden is upon the user to either manually mutate the page using their own mechanisms, or to install a User Script provider extension to work-around the seemingly infinite ways login pages can be written. By consolidating the “fix” into the Bitwarden Item for that website, it allows the user to self-service without increasing their attack surface by installing other extensions
- scope creep is a very real thing!
- a partially applied DOM mutation may leave the page in a state that Bitwarden cannot auto-fill anymore
- it could increase the support burden, as bad user script execution may be blamed on Bitwarden, even when the user has explicitly asked for the non-standard behavior
- the worst(?) outcome would be a bug in the user script application process itself, meaning that neither the script is applied nor potentially the normal auto-fill behavior running
I have included
app:browser, which I presume is the extensions, but I am not aware of cross-platform mechanisms that would be applicable to the Android and iOS autofill mechanism. Comments welcome!
- Are there any related topics that may help explain the need and function of this feature?
- Are there any references to this feature or function on other platforms that may be helpful?
I am not aware of this behavior on any other platform, and thus would be a real game changer for Bitwarden. Since there is already a browser extension, and it already has the ability to mutate the target page, it is a natural pairing
and maybe a ton more