* Add warning system for 'confusable' ENS names (#9129)
Uses unicode.org's TR39 confusables.txt to display a warning when
'confusable' unicode points are detected.
Currently only the `AddRecipient` component has been updated, but the new
`Confusable` component could be used elsewhere
The new `unicode-confusables` dependency adds close to 100KB to the
bundle size, and around 30KB when gzipped.
Adds 'tag' prop to the tooltop-v2 component
Use $Red-500 for confusable ens warning
Lint Tooltip component
Update copy for confusing ENS domain warning.
* Fix prop type
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Use the includeFailedTokens option with useTokenTracker in viewQuote
* Show appropriate error message if we do not have data on the balance of token on the view-quote screen
* Update app/_locales/en/messages.json
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Updating Spanish messages.json
* Updating Spanish (Latin America) messages.json
* More updates to Spanish messages.json
* More updates to Spanish (Latin America) messages.json
* Lint fixes
The message `swapGetQuotes` is no longer used, so it has been removed.
Additionally two descriptions were updated to be English. The
descriptions are not meant to be translated.
Co-authored-by: Fernando Sproviero <fernandospr@gmail.com>
* Faulty use of adjective instead of noun in Dutch
The word `imported` in Dutch has different forms for adjective, noun and verb usage. I removed two instances of the letter `e` that I noticed when using Metamask.
Line `166` might similarly be wrong, but I don't know where in the interface it is so didn't verify.
**Question for devs:** is the `description` key in English on purpose or is it use for for me to translate it?
* Another faulty usage of geimporteerde
The updates to `zh_CN` merged in #9388 were a fair bit behind the
`develop` branch, so they ended up introducing various lint failures
despite passing on CI on the PR.
The localized messages have been updated to include English
descriptions, and one extraneous message has been removed.
* Update standard swaps build quote screen token verification message
* Add actionable warning token verification message to swaps build quote screen
* Simplify swapTokenVerification translations
* Use original verifyThisTokenOn message instead of swapsConfirmTokenAddressOnEtherscan
* Restore verifyThisTokenOn message to hi locale
* Support type and the withRightButton option as parameters on the actionable message component
* Use 'continue' in place of swapPriceDifferenceAcknowledgementNoFiat message
* Use wrapperClassName property on infotooltip in actionable-message
* Remove unnecessary change
* Lint fix
* Update `ko` localized messages
These translations were provided by Lionbridge.
* Update `lockoutTimeTooGreat` message
* Update statements with bold 'Never'
The sentences did not make sense previously. They have been updated to
be grammatically correct and to emphasize the negation.
* Apply suggested change to 'swapNewQuoteIn'
* use @lavamoat/allow-scripts for package postinstall allow list
* dnode: set "weak" to false
Co-authored-by: kumavis <kumavis@users.noreply.github.com>
Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
Fixes#10111
Determine if the msgParams/address for the newRequestEncryptionPublicKey is a ledger keyring via getKeyringForAccount and return a promise rejection.
Fixes#6071
The origin of the dapp that suggested signing has been added to the
signature request confirmation page. This only applies to `eth_sign`,
`personal_sign`, `eth_signTypedData`, and `eth_signTypedData_v1`. The
confirmation page for `eth_signTypedData_v3` and `eth_signTypedData_v4`
already featured the origin.
The localized message descriptions from the `en` locale have been
restored to all other locales. These descriptions are intended to help
translators understand the context for each message, and are not
intended to be translated.
* origin/develop: (29 commits)
Reset swaps routeState in navigateBackToBuildQuote (#10166)
Fix decrypt message confirmation UI crash (#10252)
Fix site metadata JSON-RPC handler (#10243)
Fix design system error constants (#10246)
Remove unused environment variables (#10234)
Update `yarn.lock` (#10241)
Update postMessage structure for TrezorConnect 8 (#10192)
Increase minimum Firefox version to v68 (#10195)
Bump socket.io from 2.2.0 to 2.4.1 (#10232)
Update `@reduxjs/toolkit` from v1.3.2 to v1.5.0 (#10228)
eth-rpc-errors@4.0.2 (#10226)
Add MAX_SAFE_CHAIN_ID and refactor chain ID validation (#10224)
add chip component (#10199)
add new typography component (#10197)
@metamask/inpage-provider@8.0.3 (#10219)
Add NETWORK_TYPE_RPC constant (#10203)
Further improve organization of constants (#10200)
add includePaths to sass-loader in storybook (#10213)
Disable the swaps submit button after the first time it is clicked (#10162)
Remove default to 18 decimals in quotesToRenderableData method (#10212)
...
Firefox v68 is the _previous_ Extended Support Release. We are
increasing this because our current minimum version doesn't support
async iterators, so some of our dependencies cause the extension to
crash.
Our metrics show that usage of Firefox versions older than this is
quite low (under 0.7% of Firefox users in the past month). These older
versions are also _very behind_ on security updates. Using the Extended
Support Release also makes it easier for us to test the minimum
version, and ensure our extension remains compatible with it.
Relates to #6805
* origin/develop:
add new typography component (#10197)
@metamask/inpage-provider@8.0.3 (#10219)
Add NETWORK_TYPE_RPC constant (#10203)
Further improve organization of constants (#10200)
add includePaths to sass-loader in storybook (#10213)
Disable the swaps submit button after the first time it is clicked (#10162)
Remove default to 18 decimals in quotesToRenderableData method (#10212)
use dart sass, and update related modules (#10208)
Fetch with a timeout everywhere (#10101)
Make hiring link a link on text (#10206)
improve design system scss (#10193)
zh_TW: Translate buy, assets, activity (#10207)
Update TW term 乙太 -> 以太 (#10191)
Fix hardware account selection (#10198)
Add hiring note to the README (#10190)
drop the fox in about (#10174)
This restores support for versions of the inpage provider prior to v8.
This is intended to support dapps and extensions that directly
instantiated their own provider rather than using the injected
provider.
* Forward traffic between old and new provider streams
* Ignore publicConfig stream for non-legacy muxes
* Transform accountsChanged notification for legacy streams
* Convert publicConfigStore to singleton
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Migration 51: ensure chainId is set in network controller provider state for all infura/default networks
* Clean up
* Migrate incorrect as well as falsy chainIds
Co-authored-by: Erik Marks <rekmarks@protonmail.com>
Our automatic token detection was hard-coded to only work on our built-
in Infura Mainnet endpoint. It now works with custom Mainnet RPC
endpoints as well.
Relates to #6992
* origin/develop: (66 commits)
Disable swaps based on chainId, instead of network id (#10155)
improve handling of last selected provider (#10093)
Add links to Community Forum to README (#10152)
@metamask/contract-metadata@1.21.0 (#10142)
Prevent malformed next nonce warning (#10143)
add module resolution for node-analytics/axios (#10139)
Ensure that gas for swap tx submitted at same time as approval is in hex (#10135)
Fix useTransactionDisplayData unit tests (#10134)
Fix network settings Kovan block explorer link (#10117)
Use destructured signal (#10115)
throw a new wrapped error instead of default one from segment (#10118)
@metamask/contract-metadata@1.20.0 (#10116)
Use late-bound noop function when disabling console (#10110)
Bump @metamask/contract-metadata from 1.19.0 to 1.20.0 (#10104)
Remove unnecessary swaps footer space when in dropdown mode (#10100)
Tighten up loading indication logic (#10103)
Skip reporting of successive persistence failures (#10099)
Update `@metamask/controllers` to v5.1.0 (#10096)
@metamask/obs-store@5.0.0 (#10092)
set last provider when switching to a customRPC (#10084)
...
* origin/develop: (60 commits)
Ensure that gas for swap tx submitted at same time as approval is in hex (#10135)
Fix useTransactionDisplayData unit tests (#10134)
Fix network settings Kovan block explorer link (#10117)
Use destructured signal (#10115)
throw a new wrapped error instead of default one from segment (#10118)
@metamask/contract-metadata@1.20.0 (#10116)
Use late-bound noop function when disabling console (#10110)
Bump @metamask/contract-metadata from 1.19.0 to 1.20.0 (#10104)
Remove unnecessary swaps footer space when in dropdown mode (#10100)
Tighten up loading indication logic (#10103)
Skip reporting of successive persistence failures (#10099)
Update `@metamask/controllers` to v5.1.0 (#10096)
@metamask/obs-store@5.0.0 (#10092)
set last provider when switching to a customRPC (#10084)
Fetch swap quote refresh time from API (#10069)
Fix `fetch-with-cache` handling of interwoven requests (#10079)
Fix 9874 - Improve gas maximum estimation (#10043)
Add eth_getProof to safe methods (#10070)
fix metametrics option tracking (#10071)
Disable console in contentscript (#10040)
...
The `disable-console` script introduced in #10040 used an arrow-
function no-op function to replace `console.log` and `console.info`.
This replacement function was early-bound to the `this` context of the
`disable-console` script, because that's how arrow functions work.
This violates an assumption baked into Sentry, which also replaces the
`console` functions. It wraps them in a function it uses to track
console logs as breadcrumbs. This wrapper function blows up for some
reason if the "original" `console` function is early-bound to a `this`
value of `undefined`.
This resulted in various UI freezes. One example is during onboarding,
when using Firefox with Enhanced Tracking Protection set in "strict"
mode. After submitting a password in the 'Create wallet' flow, the
Sentry `console` wrapper would throw and leave the user stuck on the
loading screen.
By replacing the no-op arrow function with a no-op function
declaration, the problem has been resolved.
Relates to #10097
The `disable-console` script introduced in #10040 used an arrow-
function no-op function to replace `console.log` and `console.info`.
This replacement function was early-bound to the `this` context of the
`disable-console` script, because that's how arrow functions work.
This violates an assumption baked into Sentry, which also replaces the
`console` functions. It wraps them in a function it uses to track
console logs as breadcrumbs. This wrapper function blows up for some
reason if the "original" `console` function is early-bound to a `this`
value of `undefined`.
This resulted in various UI freezes. One example is during onboarding,
when using Firefox with Enhanced Tracking Protection set in "strict"
mode. After submitting a password in the 'Create wallet' flow, the
Sentry `console` wrapper would throw and leave the user stuck on the
loading screen.
By replacing the no-op arrow function with a no-op function
declaration, the problem has been resolved.
Relates to #10097
Failure to persist state will now only report to Sentry if the last
attempt to save state succeeded. This ensures that if anyone is stuck
in a state where state can't be saved (e.g. low disk space), we aren't
flooded with repeated errors on Sentry.
Failure to persist state will now only report to Sentry if the last
attempt to save state succeeded. This ensures that if anyone is stuck
in a state where state can't be saved (e.g. low disk space), we aren't
flooded with repeated errors on Sentry.
This update comes with a breaking change to the Approval controller. It
now requires a `defaultApprovalType` parameter.
I don't think we have any use for a default approval type, but I've
added a "NO_TYPE" one for now because it's a strict requirement. We
should consider making this parameter optional in the future, for cases
like this where it's not needed.
This update will hopefully address some caching issues we've been
seeing with our phishing configuration. See here for more details:
https://github.com/MetaMask/controllers/pull/297
* origin/develop: (46 commits)
Fetch swap quote refresh time from API (#10069)
Fix `fetch-with-cache` handling of interwoven requests (#10079)
Fix 9874 - Improve gas maximum estimation (#10043)
Add eth_getProof to safe methods (#10070)
fix metametrics option tracking (#10071)
Disable console in contentscript (#10040)
Use Boolean for filters (#10066)
Add approval controller (#9401)
Cache dependencies (#10065)
Bump ini from 1.3.5 to 1.3.7 (#10064)
Add HTML coverage report to MetaMask bot comment (#10061)
Remove coveralls (#10063)
Prevent metaMaskFee prop error in FeeCard (#10047)
Display boolean values when signing typed data (#10048)
Use CircleCI executors to simplify CI config (#10055)
Use `.zip` for Firefox e2e tests (#10056)
Update `selenium-webdriver` and `geckodriver` (#10057)
Update Firefox version used on CI for e2e tests (#10058)
Add web3 shim usage notification (#10039)
Refactor home notification (#10046)
...
`eth_getProof` is an unpermissioned, read-only RPC method for getting account-related Merkle proofs, specified here: https://eips.ethereum.org/EIPS/eip-1186
It's been supported by major Ethereum clients, and Infura, for some time. By adding it to the safe methods list, we enable this method for our users.
* Maintain console logging in dev mode
Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Erik Marks <rekmarks@protonmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
On Firefox 56 and Waterfox Classic, our `runLockdown.js` script throws
an error. This is fine on the HTML pages, as the next script tags still
get run without issue (though they don't benefit from the SES lockdown
sadly). But in the `contentscript`, an exception thrown here appears to
halt the execution of subsequent scripts.
To prevent the `contentscript` from crashing completely, lockdown
errors are now caught and logged. They are also logged to Sentry on the
pages where Sentry is setup.
`eth_getProof` is an unpermissioned, read-only RPC method for getting account-related Merkle proofs, specified here: https://eips.ethereum.org/EIPS/eip-1186
It's been supported by major Ethereum clients, and Infura, for some time. By adding it to the safe methods list, we enable this method for our users.
* Maintain console logging in dev mode
Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Erik Marks <rekmarks@protonmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
This PR introduces the new approval controller to the extension codebase. We use it for the permissions controller's pending approval functionality.
The approval controller sets us up for a new pattern of requesting and managing user confirmations in RPC methods. Along with the generic RPC method middleware, the approval controller will allow us to eliminate our message managers, and decouple various method handlers from our provider stack, making the implementations more portable between the extension and mobile.
On Firefox 56 and Waterfox Classic, our `runLockdown.js` script throws
an error. This is fine on the HTML pages, as the next script tags still
get run without issue (though they don't benefit from the SES lockdown
sadly). But in the `contentscript`, an exception thrown here appears to
halt the execution of subsequent scripts.
To prevent the `contentscript` from crashing completely, lockdown
errors are now caught and logged. They are also logged to Sentry on the
pages where Sentry is setup.
The Chrome minimum version has been increased from v58 to v63. We found
that we had very few users on versions below v63, and v62 is
incompatible with our SES lockdown dependency.
This also makes us compatible with Object rest/spread syntax, so we
might not have to transpile that anymore. I'll revisit that separately.
When you load an extension `.zip` file in Firefox, it fails to load
scripts with the `.cjs` file extension. However, it works if you load
the extension via the `manifest.json` file instead.
After renaming the `lockdown.cjs` file to `lockdown.js`, it works in
Firefox in all cases, regardless whether it's loaded by manifest or by
`.zip`.