Fix check for user gesture on password autofill

components/autofill/content/renderer/password_autofill_agent.h

Index: components/autofill/content/renderer/password_autofill_agent.h
diff --git a/components/autofill/content/renderer/password_autofill_agent.h b/components/autofill/content/renderer/password_autofill_agent.h
index 72ad5b02f1c932188afa3b97b51ecbbbac607f3b..3e3eb1126072f97c9fb9813e49661af2ce920760 100644
--- a/components/autofill/content/renderer/password_autofill_agent.h
+++ b/components/autofill/content/renderer/password_autofill_agent.h
@@ -9,12 +9,10 @@
 #include <vector>
 
 #include "base/memory/linked_ptr.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "components/autofill/core/common/password_form_fill_data.h"
 #include "content/public/renderer/render_view_observer.h"
 #include "third_party/WebKit/public/web/WebInputElement.h"
-#include "third_party/WebKit/public/web/WebUserGestureIndicator.h"
 
 namespace blink {
 class WebInputElement;
@@ -81,24 +79,33 @@ class PasswordAutofillAgent : public content::RenderViewObserver {
   typedef std::map<blink::WebFrame*,
                    linked_ptr<PasswordForm> > FrameToPasswordFormMap;
 
-  class AutofillWebUserGestureHandler : public blink::WebUserGestureHandler {
+  // This class holds a vector of autofilled password input elements and makes
+  // sure the autofilled password value is not accessible to JavaScript code
+  // until the user interacts with the page.
+  class PasswordValueGatekeeper {
    public:
-    AutofillWebUserGestureHandler(PasswordAutofillAgent* agent);
-    virtual ~AutofillWebUserGestureHandler();
+    PasswordValueGatekeeper();
+    ~PasswordValueGatekeeper();
 
-    void addElement(const blink::WebInputElement& element) {
-      elements_.push_back(element);
-    }
+    // Call this for every autofilled password field, so that the gatekeeper
+    // protects the value accordingly.
+    void RegisterElement(blink::WebInputElement& element);
 
-    void clearElements() {
-      elements_.clear();
-    }
+    // Call this to notify the gatekeeper that the user interacted with the
+    // page.
+    void OnGesture();
 
-    virtual void onGesture();
+    // Call this to reset the gatekeeper on a new page navigation.
+    void Reset();
 
    private:
-    PasswordAutofillAgent* agent_;
+    // Make the value of |element| accessible to JavaScript code.
+    void ShowValue(blink::WebInputElement& element);
+
+    bool was_gesture_seen_;

[jww, 2014/02/13 21:34:00]

nit: I'd suggest renaming this to something like was_user_gesture_seen_ just so
it's more explicit that it must be a user gesture, not a JavaScript-simulated
gesture.

[vabr (Chromium), 2014/02/14 08:13:12]

Done.

     std::vector<blink::WebInputElement> elements_;
+
+    DISALLOW_COPY_AND_ASSIGN(PasswordValueGatekeeper);
   };
 
   // RenderViewObserver:
@@ -113,6 +120,9 @@ class PasswordAutofillAgent : public content::RenderViewObserver {
                                    const blink::WebFormElement& form) OVERRIDE;
   virtual void WillSubmitForm(blink::WebFrame* frame,
                               const blink::WebFormElement& form) OVERRIDE;
+  virtual void DidHandleKeyEvent() OVERRIDE;
+  virtual void DidHandleMouseEvent(const blink::WebMouseEvent& event) OVERRIDE;
+  virtual void DidHandleTouchEvent(const blink::WebTouchEvent& event) OVERRIDE;
 
   // RenderView IPC handlers:
   void OnFillPasswordForm(const PasswordFormFillData& form_data);
@@ -183,7 +193,7 @@ class PasswordAutofillAgent : public content::RenderViewObserver {
   // but the submit may still fail (i.e. doesn't pass JavaScript validation).
   FrameToPasswordFormMap provisionally_saved_forms_;
 
-  scoped_ptr<AutofillWebUserGestureHandler> gesture_handler_;
+  PasswordValueGatekeeper gatekeeper_;
 
   bool user_gesture_occurred_;