Excluded Domains List Ignored in Firefox

[hrunting]

Steps To Reproduce

1. Add www.w3schools.com to the Excluded Domains list and click Save
2. Open this XML file in Firefox
3. Right click in the browser and click on "Inspect (Q)"
4. Note that a "" tag has been injected in the content. Note also that the XML file does not display as an XML file but rather as an HTML file in the browser.

Expected Result

The extension ignores the domain and does not inject anything or break the content in an way.

Actual Result

The XML content is modified, showing the domain is not excluded.

Screenshots or Videos

Additional Context

See https://github.com/bitwarden/clients/issues/6865 for a related issue.

Operating System

Windows

Operating System Version

Windows 11 23H2

Web Browser

Firefox

Browser Version

120.0.1

Build Version

2023.12.0

Issue Tracking Info

• [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[SergeantConfused]

Hi @hrunting,

Thank you for your report. I was able to reproduce this behaviour and I have flagged it to our Engineering team, and I would like to add that this also affects other browsers and also causes the extension to offer to save new passwords, update existing vault items, or offer to store passkeys at domains that are on the excluded domains list.

If you wish to add any further information, such as screenshots or screen recordings, please feel free to do so at any time - our Engineering team will be happy to review them.

Thank you again,

[sterlingbates]

@SergeantConfused I prefer to avoid "me too" comments, but in this case the related problem of passkeys on excluded domains can be quite annoying for corporate users. Every time Chrome gets a webauthn prompt, Bitwarden preempts it on excluded domains. Hopefully this helps to identify one aspect of the affected userbase.