Allow autofill in iframe inside page of same origin

chrome/browser/password_manager/password_manager_browsertest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <string>
 
 #include "base/command_line.h"
 #include "base/metrics/histogram_samples.h"
 #include "base/metrics/statistics_recorder.h"
 #include "base/path_service.h"
@@ skipping 30 matching lines @@
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/browser/web_contents_observer.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/test_utils.h"
 #include "net/base/filename_util.h"
+#include "net/dns/mock_host_resolver.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "net/test/embedded_test_server/http_request.h"
 #include "net/test/embedded_test_server/http_response.h"
 #include "net/test/spawned_test_server/spawned_test_server.h"
 #include "net/url_request/test_url_fetcher_factory.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "third_party/WebKit/public/web/WebInputEvent.h"
 #include "ui/events/keycodes/keyboard_codes.h"
 #include "ui/gfx/geometry/point.h"
 
@@ skipping 277 matching lines @@
     observer.Wait();
   }
 
   // Waits until the "value" attribute of the HTML element with |element_id| is
   // equal to |expected_value|. If the current value is not as expected, this
   // waits until the "change" event is fired for the element. This also
   // guarantees that once the real value matches the expected, the JavaScript
   // event loop is spun to allow all other possible events to take place.
   void WaitForElementValue(const std::string& element_id,
                            const std::string& expected_value);
+  // Same as above except the element |element_id| is in iframe |iframe_id|
+  void WaitForElementValue(const std::string& iframe_id,
+                           const std::string& element_id,
+                           const std::string& expected_value);
   // Checks that the current "value" attribute of the HTML element with
   // |element_id| is equal to |expected_value|.
   void CheckElementValue(const std::string& element_id,
                          const std::string& expected_value);
+  // Same as above except the element |element_id| is in iframe |iframe_id|
+  void CheckElementValue(const std::string& iframe_id,
+                         const std::string& element_id,
+                         const std::string& expected_value);
 
   // TODO(dvadym): Remove this once history.pushState() handling is not behind
   // a flag.
   // Calling this will activate handling of pushState()-initiated form submits.
   // This feature is currently behind a renderer flag. Just setting the flag in
   // the browser will not change it for the already running renderer at tab 0.
   // Therefore this method first sets the flag and then opens a new tab at
   // position 0. This new tab gets the flag copied from the browser process.
   void ActivateHistoryPushState();
 
  private:
   DISALLOW_COPY_AND_ASSIGN(PasswordManagerBrowserTest);
 };
 
 void PasswordManagerBrowserTest::WaitForElementValue(
     const std::string& element_id,
     const std::string& expected_value) {
+    PasswordManagerBrowserTest::WaitForElementValue("null",
+                                                    element_id,
+                                                    expected_value);
+}
+
+void PasswordManagerBrowserTest::WaitForElementValue(
+    const std::string& iframe_id,
+    const std::string& element_id,
+    const std::string& expected_value) {
   enum ReturnCodes {  // Possible results of the JavaScript code.
     RETURN_CODE_OK,
     RETURN_CODE_NO_ELEMENT,
     RETURN_CODE_WRONG_VALUE,
     RETURN_CODE_INVALID,
   };
   const std::string value_check_function = base::StringPrintf(
       "function valueCheck() {"
-      "  var element = document.getElementById('%s');"
+      "  if (%s)"
+      "    var element = document.getElementById("
+      "        '%s').contentDocument.getElementById('%s');"
+      "  else "
+      "    var element = document.getElementById('%s');"
       "  return element && element.value == '%s';"
       "}",
+      iframe_id.c_str(),
+      iframe_id.c_str(),
+      element_id.c_str(),
       element_id.c_str(),
       expected_value.c_str());
   const std::string script =
       value_check_function +
       base::StringPrintf(
           "if (valueCheck()) {"
           "  /* Spin the event loop with setTimeout. */"
           "  setTimeout(window.domAutomationController.send(%d), 0);"
           "} else {"
-          "  var element = document.getElementById('%s');"
+          "  if (%s)"
+          "    var element = document.getElementById("
+          "        '%s').contentDocument.getElementById('%s');"
+          "  else "
+          "    var element = document.getElementById('%s');"
           "  if (!element)"
           "    window.domAutomationController.send(%d);"
           "  element.onchange = function() {"
           "    if (valueCheck()) {"
           "      /* Spin the event loop with setTimeout. */"
           "      setTimeout(window.domAutomationController.send(%d), 0);"
           "    } else {"
           "      window.domAutomationController.send(%d);"
           "    }"
           "  };"
           "}",
           RETURN_CODE_OK,
+          iframe_id.c_str(),
+          iframe_id.c_str(),
+          element_id.c_str(),
           element_id.c_str(),
           RETURN_CODE_NO_ELEMENT,
           RETURN_CODE_OK,
           RETURN_CODE_WRONG_VALUE);
   int return_value = RETURN_CODE_INVALID;
   ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
       RenderViewHost(), script, &return_value));
   EXPECT_EQ(RETURN_CODE_OK, return_value)
       << "element_id = " << element_id
       << ", expected_value = " << expected_value;
 }
 
 void PasswordManagerBrowserTest::CheckElementValue(
     const std::string& element_id,
     const std::string& expected_value) {
+  PasswordManagerBrowserTest::CheckElementValue("null",
+                                                element_id,
+                                                expected_value);
+}
+
+void PasswordManagerBrowserTest::CheckElementValue(
+    const std::string& iframe_id,
+    const std::string& element_id,
+    const std::string& expected_value) {
   const std::string value_check_script = base::StringPrintf(
-      "var element = document.getElementById('%s');"
+      "if (%s)"
+      "  var element = document.getElementById("
+      "      '%s').contentDocument.getElementById('%s');"
+      "else "
+      "  var element = document.getElementById('%s');"
       "window.domAutomationController.send(element && element.value == '%s');",
+      iframe_id.c_str(),
+      iframe_id.c_str(),
+      element_id.c_str(),
       element_id.c_str(),
       expected_value.c_str());
   bool return_value = false;
   ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
       RenderViewHost(), value_check_script, &return_value));
   EXPECT_TRUE(return_value) << "element_id = " << element_id
                             << ", expected_value = " << expected_value;
 }
 
 void PasswordManagerBrowserTest::ActivateHistoryPushState() {
@@ skipping 1476 matching lines @@
   NavigateToFile("/password/password_xhr_submit.html");
 
   // Let the user interact with the page, so that DOM gets modification events,
   // needed for autofilling fields.
   content::SimulateMouseClickAt(
       WebContents(), 0, blink::WebMouseEvent::ButtonLeft, gfx::Point(1, 1));
 
   // Wait until that interaction causes the password value to be revealed.
   WaitForElementValue("password_field", "mypassword");
 }
+
+// Check that a password form in an iframe of different origin will not be
+// filled in until a user interact with the form.
+IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTest, CrossSiteIframeNotFillTest) {
+  // Setup the mock host resolver
+  host_resolver()->AddRule("*", "127.0.0.1");
+
+  // Here we need to dynamically create the iframe because the port
+  // embedded_test_server ran on was dynamically allocated, so the iframe's src
+  // attribute can only be determined at run time.
+  NavigateToFile("/password/password_form_in_crosssite_iframe.html");
+  NavigationObserver ifrm_observer(WebContents());
+  ifrm_observer.SetPathToWaitFor("/password/crossite_iframe_content.html");
+  std::string create_iframe = base::StringPrintf(
+      "create_iframe("
+          "'http://randomsite.net:%d/password/crossite_iframe_content.html');",
+      embedded_test_server()->port());
+  ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), create_iframe));
+  ifrm_observer.Wait();
+
+  // Store a password for autofill later
+  NavigationObserver init_observer(WebContents());
+  init_observer.SetPathToWaitFor("/password/done.html");
+  scoped_ptr<PromptObserver> prompt_observer(
+      PromptObserver::Create(WebContents()));
+  std::string init_form = "sendMessage('fill_and_submit');";
+  ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), init_form));
+  init_observer.Wait();
+  EXPECT_TRUE(prompt_observer->IsShowingPrompt());
+  prompt_observer->Accept();
+
+  // Visit the form again
+  NavigationObserver reload_observer(WebContents());
+  NavigateToFile("/password/password_form_in_crosssite_iframe.html");
+  reload_observer.Wait();
+
+  NavigationObserver ifrm_observer_2(WebContents());
+  ifrm_observer_2.SetPathToWaitFor("/password/crossite_iframe_content.html");
+  ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), create_iframe));
+  ifrm_observer_2.Wait();
+
+  // Verify username is not autofilled
+  std::string empty_username;
+  ASSERT_TRUE(content::ExecuteScriptAndExtractString(
+      RenderViewHost(),
+      "sendMessage('get_username');",
+      &empty_username));
+  ASSERT_EQ("", empty_username);
+  // Verify password is not autofilled
+  std::string empty_password;
+  ASSERT_TRUE(content::ExecuteScriptAndExtractString(
+      RenderViewHost(),
+      "sendMessage('get_password');",
+      &empty_password));
+  ASSERT_EQ("", empty_password);
+
+  // Simulate the user interaction in the iframe and verify autofill is not
+  // triggered. Note this check is only best-effort because we don't know how
+  // long to wait before we are certain that no autofill will be triggered.
+  // Theoretically unexpected autofill can happen after this check.
+  ASSERT_TRUE(content::ExecuteScript(
+      RenderViewHost(),
+      "var iframeRect = document.getElementById("
+      "'iframe').getBoundingClientRect();"));
+  int top;
+  ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
+      RenderViewHost(),
+      "window.domAutomationController.send(iframeRect.top);",
+      &top));
+  int left;
+  ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
+      RenderViewHost(),
+      "window.domAutomationController.send(iframeRect.left);",
+      &left));
+
+  content::SimulateMouseClickAt(
+      WebContents(), 0, blink::WebMouseEvent::ButtonLeft, gfx::Point(left + 1,
+                                                                     top + 1));
+  // Verify username is not autofilled
+  ASSERT_TRUE(content::ExecuteScriptAndExtractString(
+      RenderViewHost(),
+      "sendMessage('get_username');",
+      &empty_username));
+  ASSERT_EQ("", empty_username);
+  // Verify password is not autofilled
+  ASSERT_TRUE(content::ExecuteScriptAndExtractString(
+      RenderViewHost(),
+      "sendMessage('get_password');",
+      &empty_password));
+  ASSERT_EQ("", empty_password);
+}
+
+// Check that a password form in an iframe of same origin will not be
+// filled in until user interact with the iframe.
+IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTest,
+                       SameOriginIframeAutoFillTest) {
+  // Visit the sign-up form to store a password for autofill later
+  NavigateToFile("/password/password_form_in_same_origin_iframe.html");
+  NavigationObserver observer(WebContents());
+  observer.SetPathToWaitFor("/password/done.html");
+  scoped_ptr<PromptObserver> prompt_observer(
+      PromptObserver::Create(WebContents()));
+
+  std::string submit =
+      "var ifrmDoc = document.getElementById('iframe').contentDocument;"
+      "ifrmDoc.getElementById('username_field').value = 'temp';"
+      "ifrmDoc.getElementById('password_field').value = 'pa55w0rd';"
+      "ifrmDoc.getElementById('input_submit_button').click();";
+  ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), submit));
+  observer.Wait();
+  EXPECT_TRUE(prompt_observer->IsShowingPrompt());
+  prompt_observer->Accept();
+
+  // Visit the form again
+  NavigationObserver reload_observer(WebContents());
+  NavigateToFile("/password/password_form_in_same_origin_iframe.html");
+  reload_observer.Wait();
+
+  // Verify username is autofilled
+  CheckElementValue("iframe", "username_field", "temp");
+
+  // Verify password is not autofilled
+  CheckElementValue("iframe", "password_field", "");
+
+  // Simulate the user interaction in the iframe which should trigger autofill.
+  ASSERT_TRUE(content::ExecuteScript(
+      RenderViewHost(),
+      "var iframeRect = document.getElementById("
+      "'iframe').getBoundingClientRect();"));
+  int top;
+  ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
+      RenderViewHost(),
+      "window.domAutomationController.send(iframeRect.top);",
+      &top));
+  int left;
+  ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
+      RenderViewHost(),
+      "window.domAutomationController.send(iframeRect.left);",
+      &left));
+
+  content::SimulateMouseClickAt(
+      WebContents(), 0, blink::WebMouseEvent::ButtonLeft, gfx::Point(left + 1,
+                                                                     top + 1));
+  // Verify password has been autofilled
+  WaitForElementValue("iframe", "password_field", "pa55w0rd");
+
+  // Verify username has been autofilled
+  CheckElementValue("iframe", "username_field", "temp");
+
+}