Allow autofill in iframe inside page of same origin

chrome/browser/password_manager/password_manager_browsertest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <string>
 
 #include "base/command_line.h"
 #include "base/metrics/histogram_samples.h"
 #include "base/metrics/statistics_recorder.h"
 #include "base/path_service.h"
@@ skipping 30 matching lines @@
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/browser/web_contents_observer.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/test_utils.h"
 #include "net/base/filename_util.h"
+#include "net/dns/mock_host_resolver.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "net/test/embedded_test_server/http_request.h"
 #include "net/test/embedded_test_server/http_response.h"
 #include "net/test/spawned_test_server/spawned_test_server.h"
 #include "net/url_request/test_url_fetcher_factory.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "third_party/WebKit/public/web/WebInputEvent.h"
 #include "ui/events/keycodes/keyboard_codes.h"
 #include "ui/gfx/geometry/point.h"
 
@@ skipping 221 matching lines @@
   } else {
     scoped_ptr<net::test_server::BasicHttpResponse> http_response(
         new net::test_server::BasicHttpResponse);
     http_response->set_code(net::HTTP_UNAUTHORIZED);
     http_response->AddCustomHeader("WWW-Authenticate",
                                    "Basic realm=\"test realm\"");
     return http_response.Pass();
   }
 }
 
+// Handle |request| to arbitrary domain and respond with |response_content_|
+std::string response_content_;
+scoped_ptr<net::test_server::HttpResponse> HandleTestRequest(

[Garrett Casto, 2015/05/26 20:31:37]

So after thinking about it some more, I don't think that this is necessary. If
we have the content in a file and have the host resolver and the path set
correctly it looks like it should load fine. We shouldn't add this additional
way of loading content to this test unless it's necessary.

+    const net::test_server::HttpRequest& request) {
+  scoped_ptr<net::test_server::BasicHttpResponse> http_response(
+      new net::test_server::BasicHttpResponse());
+  http_response->set_code(net::HTTP_OK);
+  http_response->set_content_type("text/html");
+  if (request.relative_url == "/done.html") {

[Garrett Casto, 2015/05/26 20:31:37]

Looks like this could be solved by having the path be completely specified in
the iframe ("/passwords/done.html"), though if we move this content to
"password/cross_domain_iframed_content.html", this should work as is.

+    std::string alt_response =
+        "<html>"
+        "<body>"
+        "<a id='link' href='done.html'>Go somewhere</a>"
+        "</body>"
+        "</html>";
+    http_response->set_content(alt_response);
+  } else {
+    http_response->set_content(response_content_);
+  }
+  return http_response.Pass();
+}
+
+
 }  // namespace
 
 
 // PasswordManagerBrowserTest -------------------------------------------------
 
 class PasswordManagerBrowserTest : public InProcessBrowserTest {
  public:
   PasswordManagerBrowserTest() {}
   ~PasswordManagerBrowserTest() override {}
 
@@ skipping 36 matching lines @@
     observer.Wait();
   }
 
   // Waits until the "value" attribute of the HTML element with |element_id| is
   // equal to |expected_value|. If the current value is not as expected, this
   // waits until the "change" event is fired for the element. This also
   // guarantees that once the real value matches the expected, the JavaScript
   // event loop is spun to allow all other possible events to take place.
   void WaitForElementValue(const std::string& element_id,
                            const std::string& expected_value);
+  // Same as above except the element |element_id| is in iframe |iframe_id|
+  void WaitForElementValue(const std::string& iframe_id,
+                           const std::string& element_id,
+                           const std::string& expected_value);
   // Checks that the current "value" attribute of the HTML element with
   // |element_id| is equal to |expected_value|.
   void CheckElementValue(const std::string& element_id,
                          const std::string& expected_value);
+  // Same as above except the element |element_id| is in iframe |iframe_id|
+  void CheckElementValue(const std::string& iframe_id,
+                         const std::string& element_id,
+                         const std::string& expected_value);
 
   // TODO(dvadym): Remove this once history.pushState() handling is not behind
   // a flag.
   // Calling this will activate handling of pushState()-initiated form submits.
   // This feature is currently behind a renderer flag. Just setting the flag in
   // the browser will not change it for the already running renderer at tab 0.
   // Therefore this method first sets the flag and then opens a new tab at
   // position 0. This new tab gets the flag copied from the browser process.
   void ActivateHistoryPushState();
 
  private:
   DISALLOW_COPY_AND_ASSIGN(PasswordManagerBrowserTest);
 };
 
 void PasswordManagerBrowserTest::WaitForElementValue(
     const std::string& element_id,
     const std::string& expected_value) {
+    PasswordManagerBrowserTest::WaitForElementValue("null",
+                                                    element_id,
+                                                    expected_value);
+}
+
+void PasswordManagerBrowserTest::WaitForElementValue(
+    const std::string& iframe_id,
+    const std::string& element_id,
+    const std::string& expected_value) {
   enum ReturnCodes {  // Possible results of the JavaScript code.
     RETURN_CODE_OK,
     RETURN_CODE_NO_ELEMENT,
     RETURN_CODE_WRONG_VALUE,
     RETURN_CODE_INVALID,
   };
   const std::string value_check_function = base::StringPrintf(
       "function valueCheck() {"
-      "  var element = document.getElementById('%s');"
+      "  var element;"

[Garrett Casto, 2015/05/26 20:31:37]

This is a counter intuitive, but this line isn't necessary in JavaScript. See
http://stackoverflow.com/questions/500431/what-is-the-scope-of-variables-in-j...

+      "  if (%s)"
+      "    var element = document.getElementById("
+      "        '%s').contentDocument.getElementById('%s');"
+      "  else "
+      "    var element = document.getElementById('%s');"
       "  return element && element.value == '%s';"
       "}",
+      iframe_id.c_str(),
+      iframe_id.c_str(),
+      element_id.c_str(),
       element_id.c_str(),
       expected_value.c_str());
   const std::string script =
       value_check_function +
       base::StringPrintf(
           "if (valueCheck()) {"
           "  /* Spin the event loop with setTimeout. */"
           "  setTimeout(window.domAutomationController.send(%d), 0);"
           "} else {"
-          "  var element = document.getElementById('%s');"
+          "  var element;"

[Garrett Casto, 2015/05/26 20:31:37]

Same here.

+          "  if (%s)"
+          "    var element = document.getElementById("
+          "        '%s').contentDocument.getElementById('%s');"
+          "  else "
+          "    var element = document.getElementById('%s');"
           "  if (!element)"
           "    window.domAutomationController.send(%d);"
           "  element.onchange = function() {"
           "    if (valueCheck()) {"
           "      /* Spin the event loop with setTimeout. */"
           "      setTimeout(window.domAutomationController.send(%d), 0);"
           "    } else {"
           "      window.domAutomationController.send(%d);"
           "    }"
           "  };"
           "}",
           RETURN_CODE_OK,
+          iframe_id.c_str(),
+          iframe_id.c_str(),
+          element_id.c_str(),
           element_id.c_str(),
           RETURN_CODE_NO_ELEMENT,
           RETURN_CODE_OK,
           RETURN_CODE_WRONG_VALUE);
   int return_value = RETURN_CODE_INVALID;
   ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
       RenderViewHost(), script, &return_value));
   EXPECT_EQ(RETURN_CODE_OK, return_value)
       << "element_id = " << element_id
       << ", expected_value = " << expected_value;
 }
 
 void PasswordManagerBrowserTest::CheckElementValue(
     const std::string& element_id,
     const std::string& expected_value) {
+  PasswordManagerBrowserTest::CheckElementValue("null",
+                                                element_id,
+                                                expected_value);
+}
+
+void PasswordManagerBrowserTest::CheckElementValue(
+    const std::string& iframe_id,
+    const std::string& element_id,
+    const std::string& expected_value) {
   const std::string value_check_script = base::StringPrintf(
-      "var element = document.getElementById('%s');"
+      "var element;"

[Garrett Casto, 2015/05/26 20:31:37]

Same here.

+      "if (%s)"
+      "  var element = document.getElementById("
+      "      '%s').contentDocument.getElementById('%s');"
+      "else "
+      "  var element = document.getElementById('%s');"
       "window.domAutomationController.send(element && element.value == '%s');",
+      iframe_id.c_str(),
+      iframe_id.c_str(),
+      element_id.c_str(),
       element_id.c_str(),
       expected_value.c_str());
   bool return_value = false;
   ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
       RenderViewHost(), value_check_script, &return_value));
   EXPECT_TRUE(return_value) << "element_id = " << element_id
                             << ", expected_value = " << expected_value;
 }
 
 void PasswordManagerBrowserTest::ActivateHistoryPushState() {
@@ skipping 1476 matching lines @@
   NavigateToFile("/password/password_xhr_submit.html");
 
   // Let the user interact with the page, so that DOM gets modification events,
   // needed for autofilling fields.
   content::SimulateMouseClickAt(
       WebContents(), 0, blink::WebMouseEvent::ButtonLeft, gfx::Point(1, 1));
 
   // Wait until that interaction causes the password value to be revealed.
   WaitForElementValue("password_field", "mypassword");
 }
+
+// Check that a password form in an iframe of different origin will not be
+// filled in until a user interact with the form.
+IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTest, CrossSiteIframeNotFillTest) {
+  // Setup the mock host resolver
+  host_resolver()->AddRule("*", "127.0.0.1");
+  response_content_ = "<html>"
+                      "<head>"
+                      "  <meta charset='utf-8' />"
+                      "  <title>Title</title>"
+                      "</head>"
+                      "<body id='inframe'>"
+                      "<script>"
+                      "function receiveMessage(event){"
+                      "  if (event.data == 'init_fill') { "

[Garrett Casto, 2015/05/26 20:31:37]

Maybe this message should be "fill_and_submit" since it's not just filling.

+                      "    document.getElementById("
+                      "        'username').value = 'temp';"
+                      "    document.getElementById("
+                      "        'password').value = 'pa55w0rd';"
+                      "    document.getElementById('submit_button').click();"
+                      "  } else if (event.data == 'get_username') {"
+                      "    event.source.postMessage("
+                      "        document.getElementById('username').value,"
+                      "        event.origin);"
+                      "  } else if (event.data == 'get_password') {"
+                      "    event.source.postMessage("
+                      "        document.getElementById('password').value,"
+                      "        event.origin);"
+                      "  } else if (event.data == 'check_for_username') {"

[Garrett Casto, 2015/05/26 20:31:37]

These two "check" messages don't look like they are being used.

+                      "    waitForValue('username', 'temp', event)"
+                      "  } else if (event.data == 'check_for_password') {"
+                      "    waitForValue('password', 'pa55w0rd', event)"
+                      "  }"
+                      "}"
+                      "window.addEventListener('message',"
+                      "                        receiveMessage, false);"
+                      ""
+                      "function valueCheck(id, expect_value) {"

[Garrett Casto, 2015/05/26 20:31:37]

Looks like these two functions aren't necessary.

+                      "  var element = document.getElementById(id);"
+                      "  return element && element.value == expect_value;"
+                      "}"
+                      ""
+                      "function waitForValue(id, expect_value, event){"
+                      " var element = document.getElementById(id);"
+                      " if (valueCheck(id, expect_value)) {"
+                      "   /* Spin the event loop with setTimeout. */"
+                      "   setTimeout(event.source.postMessage("
+                      "       element.value, event.origin), 0);"
+                      " } else {"
+                      "   element.onchange = function() {"
+                      "     if (valueCheck(id, expect_value)) {"
+                      "       /* Spin the event loop with setTimeout. */"
+                      "       setTimeout(event.source.postMessage("
+                      "           element.value, event.origin), 0);"
+                      "     }"
+                      "   };"
+                      " }"
+                      "}"
+                      ""
+                      "</script>"
+                      "<form method='POST' name='TestForm' action='done.html'>"
+                      "  <input type='text' id='username'/>"
+                      "  <input type='password' id='password'/>"
+                      "  <input type='submit' id='submit_button' value='Log'/>"
+                      "</form>"
+                      "</body>"
+                      "</html>";
+  // Set up customized request handler
+  embedded_test_server()->RegisterRequestHandler(
+      base::Bind(&HandleTestRequest));
+
+  // Visit the sign-up form to store a password for autofill later

[Garrett Casto, 2015/05/26 20:31:38]

Nit: The code right after this comment actually sets up the iframe and then
actually navigates to it. It might help to be more specific here that you setup
the iframe first. It might also be nice to explain why you need to do this, as I
don't think it's particularly intuitive.

+  NavigateToFile("/password/password_form_in_crosssite_iframe.html");
+  NavigationObserver ifrm_observer(WebContents());
+  ifrm_observer.SetPathToWaitFor("/randomFile.html");
+
+  std::string submit = base::StringPrintf(

[Garrett Casto, 2015/05/26 20:31:37]

Nit: I'd name this string something more like "create_iframe"

+      "createCrossSiteIframe('http://randomsite.net:%d/randomFile.html');",
+      embedded_test_server()->port());
+
+  ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), submit));
+  ifrm_observer.Wait();
+  ifrm_observer.SetPathToWaitFor("");

[Garrett Casto, 2015/05/26 20:31:37]

This line looks superfluous as you change the string to wait for 3 lines down.

+
+  NavigationObserver init_observer(WebContents());
+  init_observer.SetPathToWaitFor("/done.html");
+  scoped_ptr<PromptObserver> prompt_observer(
+      PromptObserver::Create(WebContents()));
+  std::string init_form = "sendMessage('init_fill');";
+  ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), init_form));
+  init_observer.Wait();
+  EXPECT_TRUE(prompt_observer->IsShowingPrompt());
+  prompt_observer->Accept();
+
+  // Visit the form again
+  NavigationObserver reload_observer(WebContents());
+  NavigateToFile("/password/password_form_in_crosssite_iframe.html");
+  reload_observer.Wait();
+
+  NavigationObserver ifrm_observer_2(WebContents());
+  ifrm_observer_2.SetPathToWaitFor("/randomFile.html");
+  ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), submit));
+  ifrm_observer_2.Wait();
+
+  // Verfiy username is not autofilled
+  std::string empty_username;
+  ASSERT_TRUE(content::ExecuteScriptAndExtractString(
+      RenderViewHost(),
+      "sendMessage('get_username');",
+      &empty_username));
+  ASSERT_EQ("", empty_username);
+
+
+  // Verfiy password is not autofilled
+  std::string empty_password;
+  ASSERT_TRUE(content::ExecuteScriptAndExtractString(
+      RenderViewHost(),
+      "sendMessage('get_password');",
+      &empty_password));
+  ASSERT_EQ("", empty_password);
+}
+
+// Check that a password form in an iframe of different origin will not be
+// filled in until a user interact with the form.

[Garrett Casto, 2015/05/26 20:31:37]

This comment looks like it's from the other test.

+IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTest,
+                       SameOriginIframeAutoFillTest) {
+  // Visit the sign-up form to store a password for autofill later
+  NavigateToFile("/password/password_form_in_same_origin_iframe.html");
+  NavigationObserver observer(WebContents());
+  observer.SetPathToWaitFor("/password/done.html");
+  scoped_ptr<PromptObserver> prompt_observer(
+      PromptObserver::Create(WebContents()));
+
+  std::string submit =
+      "var ifrmDoc = document.getElementById('iframe').contentDocument;"
+      "ifrmDoc.getElementById('username_field').value = 'temp';"
+      "ifrmDoc.getElementById('password_field').value = 'pa55w0rd';"
+      "ifrmDoc.getElementById('input_submit_button').click();";
+  ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), submit));
+  observer.Wait();
+  EXPECT_TRUE(prompt_observer->IsShowingPrompt());
+  prompt_observer->Accept();
+
+  // Visit the form again
+  NavigationObserver reload_observer(WebContents());
+  NavigateToFile("/password/password_form_in_same_origin_iframe.html");
+  reload_observer.Wait();
+
+  // Verfiy username is autofilled
+  CheckElementValue("iframe", "username_field", "temp");
+
+  // Verfiy password is not autofilled
+  CheckElementValue("iframe", "password_field", "");
+
+  // Simulate the user interaction in the iframe which should trigger autofill.
+  ASSERT_TRUE(content::ExecuteScript(
+      RenderViewHost(),
+      "var iframeRect = document.getElementById("
+      "'iframe').getBoundingClientRect();"));
+  int top;
+  ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
+      RenderViewHost(),
+      "window.domAutomationController.send(iframeRect.top);",
+      &top));
+  int left;
+  ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
+      RenderViewHost(),
+      "window.domAutomationController.send(iframeRect.left);",
+      &left));
+
+  content::SimulateMouseClickAt(
+      WebContents(), 0, blink::WebMouseEvent::ButtonLeft, gfx::Point(left + 1,
+                                                                     top + 1));
+  // Verify password has been autofilled
+  WaitForElementValue("iframe", "password_field", "pa55w0rd");
+
+  // Verfiy username has been autofilled
+  CheckElementValue("iframe", "username_field", "temp");
+
+}