Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Solved
1Password Chrome extension is incorrectly manipulating <code> blocks
The latest 1Password Chrome extension is incorrectly manipulating the DOM within <code> blocks on static pages. It looks it's using prism.js to try to add syntax highlighting to <code> blocks on the ...
Hey everyone! I want to thank everyone who called our attention to this and explain what happened and what we’re doing about it.
What happened: Prism.js is a syntax-highlighting library we use for our Labs Snippets feature. While optimizing our build to reduce bundle size, we unintentionally bundled Prism.js into the extension in a way that caused it to run on pages where it shouldn’t, which interfered with code formatting on certain sites. We apologize for the inconvenience this caused.What we’re doing about it: We’ve completed the fix and submitted it to the Chrome Web Store, along with Firefox, Edge, and our other supported extension storefronts. Rollout timing depends on each store’s review process, but we expect it to land over the next few days.
We want to emphasize that vault security was not impacted. At 1Password, protecting our customers’ privacy, passwords, and credentials is our highest priority.
We’ll be publishing a postmortem covering what went wrong, the timeline, and the concrete changes we’re making to how we build and release future browser extension updates.
On Safari 26.1, for example, referring to the page, https://en.wikipedia.org/wiki/Template:HTML_lists, with the 1Password Safari extension disabled, all of the list types in the table are linked (in code-formatted text, following the "{{" template opening syntax). For instance, under "Horizontal list", the text "hlist is linked: `{{https://en.wikipedia.org/wiki/Template:Hlist `.
With the 1Password Safari extension enabled, none of the links in the sample code in that table are linked. After enabling the 1P Safari extension, all of the links in that table are stripped from the HTML of the page.
Is the Javascript and/or CSS of the 1Password Safari extension having class or ID collisions with the links in that page? This isn't the only place I've seen the bug (anything related to Wikpedia's "tlx" -style templates seem to have the same problem.
I have disabled all other extensions in Safari and isolated the issue to just the 1Password Safari extension.
This also happens in Firefox on Linux. With the 1Password extension (8.11.23.2) disabled, the page loads as it should; as soon as I switch it back on, the links disappear immediately. The extension changes this
<code>{{<a href="/wiki/Template:Hlist" title="Template:Hlist">hlist</a>|item1 |item2 }}</code>to this
<code class="language-none">{{hlist|item1 |item2 }}</code>Edit – I think it's this bug: 1Password Chrome extension is incorrectly manipulating <code> blocks | 1Password Community
