Bitwarden Firefox Addon not blacklisting passwords

[gituser823]

Before creating a new issue, see list of known issues.

Describe the bug I read in another bug about copyq keeping password manager passwords, that passwords should not be copied to clipboard anymore with 8.0.0. I am using the Firefox Bitwarden Addon, but all passwords from Bitwarden are still copied to copyq.

To Reproduce Copy Password with Bitwarden Firefox Addon.

Expected behavior The Password should not be copied to copyq.

Screenshots

Version, OS and Environment (Get details from copyq version command if possible.)

• Application Version 8.0.0
• OS Linux Mint Debian Edition 6
• Desktop environment: Cinnamon
• window manager: Mutter (Muffin)
• Firefox 124.0.2

Additional context Is it because the Addon is running in Firefox? In the other Bug, where I read about this issue it said to add a command:

Ignore \"Password\" window

But when adding that as a Script I get three error messages from copyq. Maybe Its wrong to just copy that line in the commands as a script? Sorry, I never wrote a script, but the Script linked in the Bug Thread was only for Wayland.

Another Question: I have Zapzap installed (A Whatsapp Desktop Client). Is it possible to write a Script, that if I select a phonenumber in a Browser it shows me an option to write a message via Whatsapp to that number? Or is it better I just try to configure xdg-mime for that?

[hluk]

I assume the Firefox addon does not (and probably cannot) set the clipboard properly to indicate that a secret was copied.

Can you check what formats the clipboard contains after copying the password with the addon? You can list the formats in CopyQ with Ctrl+Shift+C shortcut or from menu bar File - Show Clipboard Content.

[hluk]

Here are the related feature requests for Bitwarden:

• “Clipboard Viewer Ignore” support
• Skip clipboard manager (KDE Klipper) on copy from Bitwarden app

[gituser823]

It lists the passwords as text/plain

[hluk]

I don't think I can do anything about this unless the password manager can indicate that secrets are stored in the clipboard.

Workaround could be to ignore a specifically formatted text in CopyQ based on the passwords characters - e.g. contains letters, uppercase and lowercase, digits (possibly other characters) and no spaces.

I've added just added a sample command to ignore passwords/tokens to the copyq-commands repository (here is how to add the command to CopyQ).

[Command]
Automatic=true
Command="
    copyq:
    const passwordLengthRange = [16, 128];
    const passwordMustNotContainSpaces = true;
    const passwordMustContainNumber = true;
    const passwordMustContainLowercaseLetter = true;
    const passwordMustContainUppercaseLetter = true;

    const textData = data(mimeText);
    if (textData.length < passwordLengthRange[0]) abort();
    if (textData.length > passwordLengthRange[1]) abort();

    const text = str(textData);
    if (passwordMustNotContainSpaces && /\\s/.test(text)) abort();

    if (passwordMustContainNumber && !/\\d/.test(text)) abort();
    if (passwordMustContainLowercaseLetter && !/[a-z]/.test(text)) abort();
    if (passwordMustContainUppercaseLetter && !/[A-Z]/.test(text)) abort();

    notification(
        '.title', 'Ignoring secret in the clipboard',
        '.id', 'secrets');
    ignore();"
Icon=\xf084
Name=Ignore Passwords/Tokens