[PM-8841] Passkeys script injection breaks loading of specific websites that are expecting an empty DOM on init

[cagonzalezcs]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-8841

📔 Objective

An issue was identified with how we handle injection of the passkeys script that facilitates WebAuthn interactions through Bitwarden. (#9618)

After investigating the issue, it seems that problem likely occurs due to a page script within the reference email client that is expecting an empty DOM structure on initialization. That's a guess at the moment, but one thing that I did observe was that waiting until the page's DOMContentLoaded event triggered resolved the problem entirely.

A caveat exists with this solution, however. We want to load the Fido2 page script as soon as possible to ensure that Bitwarden is used in place of the browser's native implementation for WebAuthn requests. Loading this after the DOMContentLoaded event creates an obvious delay that is undesirable.

The only solution that I see to this secondary issue is to migrate Firefox and other browsers to Manifest v3. A POC of this is in place, and we will be working on testing the mv3 implementation in Firefox to help resolve this problem in a better manner.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – c0f082ac-e7ad-4849-bfbe-7947a629af30

No New Or Fixed Issues Found

[codecov]

Codecov Report

Attention: Patch coverage is 36.84211% with 12 lines in your changes missing coverage. Please review.

Project coverage is 31.84%. Comparing base (7cd6fcf) to head (316b46e).
Report is 9 commits behind head on main.

Files	Patch %	Lines
...ido2/content/fido2-page-script-delay-append.mv2.ts	0.00%	12 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #10424      +/-   ##
==========================================
+ Coverage   31.82%   31.84%   +0.02%     
==========================================
  Files        2629     2637       +8     
  Lines       80052    80326     +274     
  Branches    15103    15144      +41     
==========================================
+ Hits        25473    25579     +106     
- Misses      52607    52773     +166     
- Partials     1972     1974       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.