[Password Manager] Store forms with field name and id attributes missing.

components/autofill/content/renderer/password_form_conversion_utils.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/autofill/content/renderer/password_form_conversion_utils.h"
 
 #include <vector>
 
 #include "base/i18n/case_conversion.h"
 #include "base/lazy_instance.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/string_util.h"
+#include "base/strings/utf_string_conversions.h"
 #include "components/autofill/content/renderer/form_autofill_util.h"
 #include "components/autofill/core/common/password_form.h"
 #include "components/autofill/core/common/password_form_field_prediction_map.h"
 #include "third_party/WebKit/public/platform/WebString.h"
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebFormControlElement.h"
 #include "third_party/WebKit/public/web/WebInputElement.h"
 #include "third_party/icu/source/i18n/unicode/regex.h"
 
 using blink::WebDocument;
@@ skipping 30 matching lines @@
 // (N*PPP?.*) and forms which use password fields to store private but
 // non-password data (could look like, e.g., PN+P.*).
 const char kLoginAndSignupRegex[] =
     "NP"   // Login section.
     "N+P"  // Sign-up section.
     ".*";  // Anything beyond that.
 
 const char kAutocompleteUsername[] = "username";
 const char kAutocompleteCurrentPassword[] = "current-password";
 const char kAutocompleteNewPassword[] = "new-password";
+const char kDummyUsernameField[] = "anonymous_username";

[dvadym, 2015/08/24 13:32:08]

Probably it's better to make fake names that are not allowed to be attribute
name in HTML in order to avoid possible name collision.

[Pritam Nikam, 2015/08/25 09:01:10]

Acknowledged.

According to W3C spec, <input name> or <input id> attributes are of CDATA types.
I'm not sure what can be an invalid dummy name of our choice. Can you suggest
any thing meaningful here?

[dvadym, 2015/09/07 15:19:58]

Ok, I agree, that we hardly can do something with this. Current names are ok

[Pritam Nikam, 2015/09/08 15:09:36]

Acknowledged.

+const char kDummyPasswordField[] = "anonymous_password";
+const char kDummyNewPasswordField[] = "anonymous_new_password";
 
 struct LoginAndSignupLazyInstanceTraits
     : public base::DefaultLazyInstanceTraits<icu::RegexMatcher> {
   static icu::RegexMatcher* New(void* instance) {
     const icu::UnicodeString icu_pattern(kLoginAndSignupRegex);
 
     UErrorCode status = U_ZERO_ERROR;
     // Use placement new to initialize the instance in the preallocated space.
     // The "(instance)" is very important to force POD type initialization.
     scoped_ptr<icu::RegexMatcher> matcher(new (instance) icu::RegexMatcher(
@@ skipping 180 matching lines @@
         // https://crbug.com/517490 for more details.
         if (input_element) {
           (*predicted_elements)[*input_element] = type;
         }
         break;
       }
     }
   }
 }
 
+// Returns the |input_field| name if its non-empty; otherwise a |dummy_name|.
+base::string16 FieldName(const WebInputElement& input_field,
+                         const char dummy_name[]) {
+  base::string16 field_name = input_field.nameForAutofill();
+  return field_name.empty() ? base::ASCIIToUTF16(dummy_name) : field_name;
+}
+
 // Get information about a login form encapsulated in a PasswordForm struct.
 // If an element of |form| has an entry in |nonscript_modified_values|, the
 // associated string is used instead of the element's value to create
 // the PasswordForm.
 void GetPasswordForm(
     const WebFormElement& form,
     PasswordForm* password_form,
     const std::map<const blink::WebInputElement, blink::WebString>*
         nonscript_modified_values,
     const std::map<FormData, PasswordFormFieldPredictionMap>*
@@ skipping 139 matching lines @@
     if (it != other_possible_usernames.end())
       other_possible_usernames.erase(it);
     if (!username_element.isNull()) {
       other_possible_usernames.push_back(username_element.value());
     }
     username_element = predicted_username_element;
     password_form->was_parsed_using_autofill_predictions = true;
   }
 
   if (!username_element.isNull()) {
-    password_form->username_element = username_element.nameForAutofill();
+    password_form->username_element =
+        FieldName(username_element, kDummyUsernameField);
     base::string16 username_value = username_element.value();
     if (nonscript_modified_values != nullptr) {
       auto username_iterator =
         nonscript_modified_values->find(username_element);
       if (username_iterator != nonscript_modified_values->end()) {
         base::string16 typed_username_value = username_iterator->second;
         if (!base::StartsWith(
                 base::i18n::ToLower(username_value),
                 base::i18n::ToLower(typed_username_value),
                 base::CompareCase::SENSITIVE)) {
@@ skipping 17 matching lines @@
     return;
 
   password_form->origin = GetCanonicalOriginForDocument(form.document());
   GURL::Replacements rep;
   rep.SetPathStr("");
   password_form->signon_realm =
       password_form->origin.ReplaceComponents(rep).spec();
   password_form->other_possible_usernames.swap(other_possible_usernames);
 
   if (!password.isNull()) {
-    password_form->password_element = password.nameForAutofill();
+    password_form->password_element = FieldName(password, kDummyPasswordField);
     blink::WebString password_value = password.value();
     if (nonscript_modified_values != nullptr) {
       auto password_iterator = nonscript_modified_values->find(password);
       if (password_iterator != nonscript_modified_values->end())
         password_value = password_iterator->second;
     }
     password_form->password_value = password_value;
   }
   if (!new_password.isNull()) {
-    password_form->new_password_element = new_password.nameForAutofill();
+    password_form->new_password_element =
+        FieldName(new_password, kDummyNewPasswordField);
     password_form->new_password_value = new_password.value();
     if (HasAutocompleteAttributeValue(new_password, kAutocompleteNewPassword))
       password_form->new_password_marked_by_site = true;
   }
 
   if (username_element.isNull()) {
     // To get a better idea on how password forms without a username field
     // look like, report the total number of text and password fields.
     UMA_HISTOGRAM_COUNTS_100(
         "PasswordManager.EmptyUsernames.TextAndPasswordFieldCount",
@@ skipping 56 matching lines @@
   WebFormElementToFormData(web_form,
                            blink::WebFormControlElement(),
                            EXTRACT_NONE,
                            &password_form->form_data,
                            NULL /* FormFieldData */);
 
   return password_form.Pass();
 }
 
 }  // namespace autofill