search

mozilla / contain-facebook

Facebook Container isolates your Facebook activity from the rest of your web activity in order to prevent Facebook from tracking you outside of the Facebook website via third party cookies.
Mozilla Public License 2.0
974 stars 176 forks source link

Possible false positive at flybuys.com.au #660

Open goetzk opened 4 years ago

goetzk commented 4 years ago

Actual behavior

Container flags up the Sign In button on https://id.flybuys.com.au/ (to reach it visit https://www.flybuys.com.au/sign-in/#/ )

Button:

<svg aria-hidden="true" class="fb-icon-arrow " xmlns="http://www.w3.org/2000/svg" width="18" height="14" viewBox="0 0 18 14"><title>Arrow Left/Right</title><path fill="currentColor" fill-rule="nonzero" d="...."></path></svg>

Seems to be false positive (since all values are prefixed fb-* ?)

Expected behavior

Assets loaded from the website - none of which are from facebooks domains - don't trigger the container warning.

Steps to reproduce

  1. Visit https://www.flybuys.com.au/sign-in/#/
  2. Click sign in

Notes

maxxcrawford commented 4 years ago

@goetzk I see the issue too. Specfically, it's targeting the fb-login class, as set here. That snippet is set to target the generated code as documented in the Facebook docs.

The fix here is to revise https://github.com/mozilla/contain-facebook/blob/master/src/content_script.js#L50 from fb-login to fb-login-button. 

diff --git a/src/content_script.js b/src/content_script.js
index 2dd94cd..73e1469 100755
--- a/src/content_script.js
+++ b/src/content_script.js
@@ -47,7 +47,7 @@ const LOGIN_PATTERN_DETECTION_SELECTORS = [
   "[data-tag='login-form'] ~ span button[color='facebookBlue']", // Patreon
   ".homepage-photo-leader .welcome-buttons div.btn-facebook", // Mixcloud homepage
   ".modal-content .auth-form div.btn-facebook", // Mixcloud login modal
-  "[class*='fb-login']" // Default FB class name "fbc-login-button"
+  "[class*='fb-login-button']" // Default FB class name "fbc-login-button"
 ];
Smilebags commented 3 years ago

I'm also facing this issue. I'd like to be using flybuys outside of the facebook container but because of this false positive it seems to require me to move flybuys.com.au into the facebook container to be able to log in.

AddisonG commented 2 years ago

I'm getting this issue too. EDIT: It has gotten worse, and now flybuys.com is completely unusable.