Chromium Code Reviews Chromium Code Reviews
Issue 1136473006:
Don't autofill credit cards on non-secure pages (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/autofill/core/browser/autofill_manager.h" | 5 #include "components/autofill/core/browser/autofill_manager.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <limits> | 9 #include <limits> |
| 10 #include <map> | 10 #include <map> |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 79 for (size_t i = 0; i < form_structure.field_count(); ++i) { | 79 for (size_t i = 0; i < form_structure.field_count(); ++i) { |
| 80 if (form_structure.field(i)->section() == section && | 80 if (form_structure.field(i)->section() == section && |
| 81 form.fields[i].is_autofilled) { | 81 form.fields[i].is_autofilled) { |
| 82 return true; | 82 return true; |
| 83 } | 83 } |
| 84 } | 84 } |
| 85 | 85 |
| 86 return false; | 86 return false; |
| 87 } | 87 } |
| 88 | 88 |
| 89 bool FormIsHTTPS(const FormStructure& form) { | |
| 90 return form.source_url().SchemeIs(url::kHttpsScheme); | |
|
Evan Stade
2015/05/18 18:15:50
so palmer@, should we just change this to SchemeIs
palmer
2015/05/18 18:26:19
LGTM either way. (And, at the moment and into at l
Ilya Sherman
2015/05/18 18:41:30
Sorry, I'm still not following why we shouldn't ju
| |
| 91 } | |
| 92 | |
| 93 // Uses the existing personal data in |profiles| and |credit_cards| to determine | 89 // Uses the existing personal data in |profiles| and |credit_cards| to determine |
| 94 // possible field types for the |submitted_form|. This is potentially | 90 // possible field types for the |submitted_form|. This is potentially |
| 95 // expensive -- on the order of 50ms even for a small set of |stored_data|. | 91 // expensive -- on the order of 50ms even for a small set of |stored_data|. |
| 96 // Hence, it should not run on the UI thread -- to avoid locking up the UI -- | 92 // Hence, it should not run on the UI thread -- to avoid locking up the UI -- |
| 97 // nor on the IO thread -- to avoid blocking IPC calls. | 93 // nor on the IO thread -- to avoid blocking IPC calls. |
| 98 void DeterminePossibleFieldTypesForUpload( | 94 void DeterminePossibleFieldTypesForUpload( |
| 99 const std::vector<AutofillProfile>& profiles, | 95 const std::vector<AutofillProfile>& profiles, |
| 100 const std::vector<CreditCard>& credit_cards, | 96 const std::vector<CreditCard>& credit_cards, |
| 101 const std::string& app_locale, | 97 const std::string& app_locale, |
| 102 FormStructure* submitted_form) { | 98 FormStructure* submitted_form) { |
| (...skipping 381 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 484 got_autofillable_form) { | 480 got_autofillable_form) { |
| 485 AutofillType type = autofill_field->Type(); | 481 AutofillType type = autofill_field->Type(); |
| 486 bool is_filling_credit_card = (type.group() == CREDIT_CARD); | 482 bool is_filling_credit_card = (type.group() == CREDIT_CARD); |
| 487 if (is_filling_credit_card) { | 483 if (is_filling_credit_card) { |
| 488 suggestions = GetCreditCardSuggestions(field, type); | 484 suggestions = GetCreditCardSuggestions(field, type); |
| 489 } else { | 485 } else { |
| 490 suggestions = | 486 suggestions = |
| 491 GetProfileSuggestions(*form_structure, field, *autofill_field); | 487 GetProfileSuggestions(*form_structure, field, *autofill_field); |
| 492 } | 488 } |
| 493 if (!suggestions.empty()) { | 489 if (!suggestions.empty()) { |
| 494 // Don't provide credit card suggestions for non-HTTPS pages. However, | 490 // Don't provide credit card suggestions for non-secure pages. However, |
| 495 // do provide a warning to the user. | 491 // do provide a warning to the user. This will generate warnings on pages |
| 496 if (is_filling_credit_card && !FormIsHTTPS(*form_structure)) { | 492 // with mixed content (which includes forms with an http target). |
| 493 if (is_filling_credit_card && | |
| 494 !client_->IsContextSecure(form_structure->source_url())) { | |
| 497 Suggestion warning_suggestion(l10n_util::GetStringUTF16( | 495 Suggestion warning_suggestion(l10n_util::GetStringUTF16( |
| 498 IDS_AUTOFILL_WARNING_INSECURE_CONNECTION)); | 496 IDS_AUTOFILL_WARNING_INSECURE_CONNECTION)); |
| 499 warning_suggestion.frontend_id = POPUP_ITEM_ID_WARNING_MESSAGE; | 497 warning_suggestion.frontend_id = POPUP_ITEM_ID_WARNING_MESSAGE; |
| 500 suggestions.assign(1, warning_suggestion); | 498 suggestions.assign(1, warning_suggestion); |
| 501 } else { | 499 } else { |
| 502 bool section_is_autofilled = | 500 bool section_is_autofilled = |
| 503 SectionIsAutofilled(*form_structure, form, | 501 SectionIsAutofilled(*form_structure, form, |
| 504 autofill_field->section()); | 502 autofill_field->section()); |
| 505 if (section_is_autofilled) { | 503 if (section_is_autofilled) { |
| 506 // If the relevant section is auto-filled and the renderer is querying | 504 // If the relevant section is auto-filled and the renderer is querying |
| (...skipping 1004 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1511 return false; | 1509 return false; |
| 1512 | 1510 |
| 1513 // Disregard forms that we wouldn't ever autofill in the first place. | 1511 // Disregard forms that we wouldn't ever autofill in the first place. |
| 1514 if (!form.ShouldBeParsed()) | 1512 if (!form.ShouldBeParsed()) |
| 1515 return false; | 1513 return false; |
| 1516 | 1514 |
| 1517 return true; | 1515 return true; |
| 1518 } | 1516 } |
| 1519 | 1517 |
| 1520 } // namespace autofill | 1518 } // namespace autofill |
| OLD | NEW |
