[CL-104] fix overlay + virtual scroll view recycling bug #6179

willmartian · 2023-09-03T19:57:48Z

Type of change

- [x] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

This PR disables view recycling in vault-items. This prevents a bug where the overlay menu would reattach onto new elements after scrolling in a virtual scroll viewport.

While testing this change on the vault-items story in Storybook, a bug was also found with the fallback-src directive. If the fallback itself is missing, the directive will request the resource in an infinite loop. This was fixed by only trying to set the fallback image once.

Code changes

file.ext: Description of what was changed and why

Screenshots

Before you submit

Please add unit tests where it makes sense to do so (encouraged but not required)
If this change requires a documentation update - notify the documentation team
If this change has particular deployment requirements - notify the DevOps team
Ensure that all UI additions follow WCAG AA requirements

bitwarden-bot · 2023-09-03T20:54:49Z

Checkmarx One – Scan Summary & Details – 0f34e7ac-410d-4790-a242-e5015e739d95

New Issues

Issue	Source File / Package	Checkmarx Insight
Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/login.strategy.spec.ts: 63	Attack Vector
Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/login.strategy.spec.ts: 51	Attack Vector
Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/login.strategy.spec.ts: 81	Attack Vector
Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/password-login.strategy.spec.ts: 206	Attack Vector
Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/login.strategy.spec.ts: 63	Attack Vector
Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/login.strategy.spec.ts: 51	Attack Vector
Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/login.strategy.spec.ts: 81	Attack Vector
Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/password-login.strategy.spec.ts: 206	Attack Vector
Use_Of_Hardcoded_Password	/apps/browser/src/autofill/content/notification-bar.ts: 542	Attack Vector
Use_Of_Hardcoded_Password	/apps/browser/src/autofill/content/notification-bar.ts: 542	Attack Vector
Use_Of_Hardcoded_Password	/apps/browser/src/autofill/content/notification-bar.ts: 536	Attack Vector
Use_Of_Hardcoded_Password	/libs/common/src/vault/services/cipher.service.ts: 132	Attack Vector
Use_Of_Hardcoded_Password	/apps/cli/src/tools/generate.command.ts: 60	Attack Vector

Fixed Issues

Severity	Issue	Source File / Package
	Client_DOM_Code_Injection	/apps/browser/src/autofill/services/collect-autofill-content.service.ts: 953
	Client_Privacy_Violation	/apps/browser/src/autofill/services/collect-autofill-content.service.spec.ts: 171
	Client_Privacy_Violation	/apps/browser/src/autofill/services/collect-autofill-content.service.spec.ts: 170
	Client_Privacy_Violation	/apps/browser/src/autofill/services/collect-autofill-content.service.spec.ts: 169
	Client_Privacy_Violation	/apps/browser/src/autofill/services/collect-autofill-content.service.spec.ts: 82
	Client_Privacy_Violation	/apps/browser/src/autofill/services/collect-autofill-content.service.spec.ts: 81
	Client_Privacy_Violation	/apps/browser/src/autofill/services/collect-autofill-content.service.spec.ts: 80
	Client_Privacy_Violation	/apps/browser/src/autofill/services/collect-autofill-content.service.spec.ts: 177
	Client_Privacy_Violation	/apps/browser/src/autofill/services/collect-autofill-content.service.spec.ts: 87
	Client_Password_In_Comment	/apps/browser/src/autofill/services/insert-autofill-content.service.ts: 51
	Use_Of_Hardcoded_Password	/libs/common/src/vault/services/cipher.service.ts: 998
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 36
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 33
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 32
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 28
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 27
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 26
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 25
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 24
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 23
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 22
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 21
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 20
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 19
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 18
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 17
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 16
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 13
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 36
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 33
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 32
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 28
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 27
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 26
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 25
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 24
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 23
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 22
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 21
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 20
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 19
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 18
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 17
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 16
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 13
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 36
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 33
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 32
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 28
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 27
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 26
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 25
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 24
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 23
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 22
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 21
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 20
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 19
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 18
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 17
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 16
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 13
	Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/login.strategy.spec.ts: 60
	Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/login.strategy.spec.ts: 48
	Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/login.strategy.spec.ts: 74
	Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/password-login.strategy.spec.ts: 206
	Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/login.strategy.spec.ts: 60
	Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/login.strategy.spec.ts: 48
	Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/login.strategy.spec.ts: 74
	Use_Of_Hardcoded_Password	/libs/common/src/auth/login-strategies/password-login.strategy.spec.ts: 206
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 36
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 33
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 32
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 28
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 27
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 26
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 25
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 24
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 23
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 22
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 21
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 20
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 19
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 18
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 17
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 16
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 13
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 36
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 33
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 32
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 28
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 27
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 26
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 25
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 24
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 23
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 22
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 21
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 20
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 19
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 18
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 17
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 16
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 13
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 32
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 36
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 33
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 28
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 27
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 26
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 25
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 24
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 23
	Use_Of_Hardcoded_Password	/apps/browser/src/autofill/jest/autofill-mocks.ts: 22
	Use_Of_Hardcoded_Password

More results are available on AST platform

libs/components/src/menu/menu-trigger-for.directive.ts

willmartian · 2023-09-06T18:38:29Z

@Hinton: I talked with @jtouchstonebw and we aligned on the behavior of blocking scrolling when the menu is open.
My prior approach of autoclosing the menus when they exited the viewport did not work if the user scrolled very quickly--I think there is a race condition between the view being recycled and the CDK intersection observer firing.

Hinton

LGTM, tested and seems to behave as expected. It's a bit odd that you can't see the position in the scrollbar while a menu is open, but that's a side effect of how browsers works.

willmartian · 2023-09-28T20:03:39Z

We can't combine overlay scroll blocking with virtual scroll--they don't work well together in Chrome & Safari. 😭

menu_issue.mp4

Instead, we will disable view recycling for now as we investigate a more long term solution.

LRNcardozoWDF

Nice work, LGTM!

) * close menu overlay when no longer visible * prevent infinite loop in fallback-src directive * block scrolling when menu is open * disable view recycling; use reposition strategy

willmartian added 2 commits September 3, 2023 15:45

close menu overlay when no longer visible

e555d26

prevent infinite loop in fallback-src directive

4406e4e

github-actions bot added the needs-qa Marks a PR as requiring QA approval label Sep 3, 2023

Hinton reviewed Sep 4, 2023

View reviewed changes

libs/components/src/menu/menu-trigger-for.directive.ts Outdated Show resolved Hide resolved

block scrolling when menu is open

92c271d

willmartian requested a review from Hinton September 6, 2023 18:38

willmartian marked this pull request as ready for review September 6, 2023 18:38

willmartian requested review from a team as code owners September 6, 2023 18:38

Hinton previously approved these changes Sep 7, 2023

View reviewed changes

disable view recycling; use reposition strategy

d231faa

willmartian dismissed Hinton’s stale review via d231faa September 28, 2023 19:57

willmartian requested a review from a team as a code owner September 28, 2023 19:57

willmartian requested a review from LRNcardozoWDF September 28, 2023 19:57

willmartian requested a review from Hinton September 28, 2023 20:04

Hinton approved these changes Sep 29, 2023

View reviewed changes

LRNcardozoWDF approved these changes Oct 12, 2023

View reviewed changes

willmartian removed the needs-qa Marks a PR as requiring QA approval label Oct 12, 2023

willmartian merged commit 84bafe5 into master Oct 12, 2023
59 of 62 checks passed

willmartian deleted the ps/CL-104/overlay-virtual-scroll-bug branch October 12, 2023 14:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[CL-104] fix overlay + virtual scroll view recycling bug #6179

[CL-104] fix overlay + virtual scroll view recycling bug #6179

willmartian commented Sep 3, 2023 •

edited

Loading

bitwarden-bot commented Sep 3, 2023 •

edited

Loading

willmartian commented Sep 6, 2023

Hinton left a comment

willmartian commented Sep 28, 2023

LRNcardozoWDF left a comment

[CL-104] fix overlay + virtual scroll view recycling bug #6179

[CL-104] fix overlay + virtual scroll view recycling bug #6179

Conversation

willmartian commented Sep 3, 2023 • edited Loading

Type of change

Objective

Code changes

Screenshots

Before you submit

bitwarden-bot commented Sep 3, 2023 • edited Loading

New Issues

Fixed Issues

willmartian commented Sep 6, 2023

Hinton left a comment

Choose a reason for hiding this comment

willmartian commented Sep 28, 2023

LRNcardozoWDF left a comment

Choose a reason for hiding this comment

willmartian commented Sep 3, 2023 •

edited

Loading

bitwarden-bot commented Sep 3, 2023 •

edited

Loading