Guard autofill and auto-submit with viewport visibility checks

[capaj]

Motivation

• Prevent autofilling and auto-submitting forms that are not visible to the user (off-screen or hidden), which can cause invisible or irrelevant forms to be filled/submitted.
• Avoid unsafe autofills into elements that are detached, collapsed, or styled out of view, addressing cases like pages that contain hidden forms that get auto-submitted.

Description

• Added isElementVisibleInViewport in web-extension/src/content-script/isElementInViewport.ts which requires the element to be connected, have client rects, not be hidden (display:none, visibility:hidden/collapse, opacity:0, or hidden attribute), and be inside the viewport, and improved isHidden accordingly.
• Updated autofillValueIntoInput in web-extension/src/content-script/autofill.ts to skip autofill when an input is not visible in the viewport by using isElementVisibleInViewport and log the skip.
• Updated auto-submit logic in autofill.ts to only dispatch submit when the form and all autofilled inputs are visible in the viewport; otherwise the submit is skipped and a log entry is emitted.
• Added unit tests web-extension/src/content-script/isElementInViewport.spec.ts to cover viewport and visibility helper behavior.

Testing

• Ran cd web-extension && pnpm vitest run src/content-script/isElementInViewport.spec.ts and the tests passed: 1 test file, 5 tests passed.
• (An earlier direct pnpm --dir web-extension vitest run ... invocation failed due to the workspace invocation; the correct command above was used to run the tests successfully.)

---

Codex Task

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	authier-vault-web	cc3571a	Commit Preview URL Branch Preview URL	Apr 14 2026, 07:53 AM