DLP agent does not scan text pasted into Chatbot shortcut text field
Categories
(Firefox :: Data Loss Prevention, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox-esr128 | --- | unaffected |
| firefox137 | --- | disabled |
| firefox138 | --- | wontfix |
| firefox139 | --- | verified |
People
(Reporter: bhidecuti, Assigned: gstoll)
References
(Blocks 2 open bugs)
Details
Attachments
(3 files)
Found in
- 138.0b4
Affected versions
- 139.0a1
- 138.0b4
Tested platforms
- Affected platforms: Windows 10/11
- Unaffected platforms: Ubuntu, macOS
Preconditions
- Download the DLP test assets from https://drive.google.com/file/d/1yjqVRuxdKV3WnO7D2wzMgDXBuYBxUgVw/view
- Create a distribution folder inside the Firefox folder and paste the policies-1.json to it and then rename it to policies.json
- DLP Agent is running:
.\content_analysis_sdk_agent.exe --user --toblock=.*\d{3}-?\d{2}-?\d{4}.* --towarn=.*warn.* --delays=10 - Have a chatbot provider selected in the sidebar (e.g. ChatGPT)
Steps to reproduce
- Navigate to any webpage (e.g. wikipedia.org) and select some text to trigger the chatbot shortcut
- Hover over the chatbot shortcut and paste any random text inside the text field in the chatbot shortcut menu
- Observe the behavior
Expected result
- The text should be scanned by the DLP agent
Actual result
- The text is not scanned by the DLP agent and is pasted directly into the field
Regression range
- Not a regression (also reproducing with Firefox 133.0a1)
Additional notes
- Attached a screen recording
- If pressing the "Enter" key after pasting the text, the text is sent to the chatbot in the sidebar. This may allow users to bypass the DLP agent
|
Assignee | |
Updated•7 months ago
|
|
|
Assignee | |
Comment 1•7 months ago
|
||
We handle this similarly to pasting into a prompt() dialog, so I
refactored that logic into a new ContentAnalysisUtils and call it from
both places.
Also drive-by cleanup of BUG_COMPONENT for a few Content Analysis
moz.build's
|
||
Comment 3•7 months ago
|
||
Backed out for causing bc failures in /browser_clipboard_paste_prompt_content_analysis.js
- Backout link
- Push with failures
- Failure Log
- Failure line: TEST-UNEXPECTED-FAIL | toolkit/components/contentanalysis/tests/browser/browser_clipboard_paste_prompt_content_analysis.js | Correct number of calls to getURIForBrowsingContext() - Got +0, expected 1
|
||
Comment 5•7 months ago
|
||
| bugherder | ||
|
|
Assignee | |
Updated•7 months ago
|
|
Reporter | |
Comment 6•7 months ago
|
||
Verified this using Firefox Nightly 139.0a1 (2025-04-13), on Windows 11 and the text pasted into Chatbot shortcut text field is now scanned by the DLP agent.
However, I've noticed two behaviors during verification:
- While the scan is in progress, it's still possible to enter text into the Chatbot shortcut text field
- After interacting with the DLP dialogs, the Chatbot shortcut menu disappears, resulting in being unable to verify the output in the text field (attached a video as well)
@greg, could you please let us know if we should file separate issues for the above behaviors? Thank you in advance!
|
|
Assignee | |
Comment 7•7 months ago
|
||
Yeah, if you could file separate issues for these that would be great. Thanks!
|
|
Reporter | |
Comment 8•7 months ago
•
|
||
Logged bug 1960571 and bug 1960576, for the behaviors mentioned in Comment 6.
Based on Comment 6, I am marking this verified as fixed.
|
|
Reporter | |
Updated•7 months ago
|
|
||
Comment 9•7 months ago
|
||
The patch landed in nightly and beta is affected.
:gstoll, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval. Also, don't forget to request an uplift for the patches in the regression caused by this fix.
- See https://wiki.mozilla.org/Release_Management/Requesting_an_Uplift for documentation on how to request an uplift.
- If no, please set
status-firefox138towontfix.
For more information, please visit BugBot documentation.
|
|
Assignee | |
Updated•7 months ago
|
Description
•