Prevent scripts to use autocomplete

1 files changed, 26 insertions, 3 deletions

diff --git a/keepassxc-browser/keepassxc-browser.js b/keepassxc-browser/keepassxc-browser.js
index 26f41e3..5064845 100755
--- a/keepassxc-browser/keepassxc-browser.js
+++ b/keepassxc-browser/keepassxc-browser.js
@@ -127,11 +127,17 @@ cipAutocomplete.init = function(field) {
         .focus(cipAutocomplete.onFocus);
 };
 
-cipAutocomplete.onClick = function() {
+cipAutocomplete.onClick = function(e) {
+    if (!cipAutocomplete.isTrusted(e)) {
+        return;
+    }
     jQuery(this).autocomplete('search', jQuery(this).val());
 };
 
-cipAutocomplete.onOpen = function(event, ui) {
+cipAutocomplete.onOpen = function(e, ui) {
+    if (!cipAutocomplete.isTrusted(e)) {
+        return;
+    }
     jQuery('ul.ui-autocomplete.ui-menu').css('z-index', 2147483636);
 };
 
@@ -145,6 +151,9 @@ cipAutocomplete.onSource = function(request, callback) {
 };
 
 cipAutocomplete.onSelect = function(e, ui) {
+    if (!cipAutocomplete.isTrusted(e)) {
+        return;
+    }
     e.preventDefault();
     cip.setValueWithChange(jQuery(this), ui.item.value);
     const fieldId = cipFields.prepareId(jQuery(this).attr('data-cip-id'));
@@ -171,7 +180,10 @@ cipAutocomplete.onBlur = function() {
     }
 };
 
-cipAutocomplete.onFocus = function() {
+cipAutocomplete.onFocus = function(e) {
+    if (!cipAutocomplete.isTrusted(e)) {
+        return;
+    }
     cip.u = jQuery(this);
 
     if (jQuery(this).val() === '') {
@@ -179,6 +191,17 @@ cipAutocomplete.onFocus = function() {
     }
 };
 
+// Search for isTrusted from jQuery's originalEvent
+cipAutocomplete.isTrusted = function(e) { 
+    for (let f = e.originalEvent; f !== null; f = f.originalEvent) {
+        if (f.isTrusted !== undefined) {
+            return f.isTrusted;
+        }
+    }
+    return false;
+};
+
+
 var cipPassword = {};
 cipPassword.observedIcons = [];
 cipPassword.observingLock = false;