[password autofill] Remove references to PasswordForm from RenderViewImpl

components/autofill/content/renderer/password_autofill_agent.cc

Index: components/autofill/content/renderer/password_autofill_agent.cc
diff --git a/components/autofill/content/renderer/password_autofill_agent.cc b/components/autofill/content/renderer/password_autofill_agent.cc
index 6d068d9ca2d84d397c72ad2642d3a56192f0cf72..1d1b170789ec7dafa94cc888594f8196eba335f7 100644
--- a/components/autofill/content/renderer/password_autofill_agent.cc
+++ b/components/autofill/content/renderer/password_autofill_agent.cc
@@ -24,6 +24,7 @@
 #include "third_party/WebKit/public/web/WebFrame.h"
 #include "third_party/WebKit/public/web/WebInputEvent.h"
 #include "third_party/WebKit/public/web/WebSecurityOrigin.h"
+#include "third_party/WebKit/public/web/WebUserGestureIndicator.h"
 #include "third_party/WebKit/public/web/WebView.h"
 #include "ui/base/keycodes/keyboard_codes.h"
 
@@ -427,6 +428,60 @@ void PasswordAutofillAgent::FrameWillClose(WebKit::WebFrame* frame) {
   FrameClosing(frame);
 }
 
+void PasswordAutofillAgent::WillSendSubmitEvent(
+    WebKit::WebFrame* frame,
+    const WebKit::WebFormElement& form) {
+  // Some login forms have onSubmit handlers that put a hash of the password
+  // into a hidden field and then clear the password. (Issue 28910.)

[Ilya Sherman, 2013/07/27 01:09:48]

nit: Could you make the bug reference into an http://crbug.com hyperlink?

[Garrett Casto, 2013/08/03 00:38:42]

Done.

+  // This method gets called before any of those handlers run, so save away
+  // a copy of the password in case it gets lost.
+  provisional_forms_[frame].reset(content::CreatePasswordForm(form).release());

[Ilya Sherman, 2013/07/27 01:09:48]

Is there a guarantee that we will free elements from this map?  I'm a little
worried that this can create a slow memory leak (though since form submissions
are relatively rare, it's not a particularly bad memory leak).

[Garrett Casto, 2013/08/03 00:38:42]

I was actually thinking about this earlier, and I don't know for certain. I
think that there might be a leak if the user tries to log in to a subframe but
fails and then navigates the main page away. I can add code to delete this in
FrameClosing() to be extra safe.

+}
+
+void PasswordAutofillAgent::WillSubmitForm(WebKit::WebFrame* frame,
+                                           const WebKit::WebFormElement& form) {
+  scoped_ptr<content::PasswordForm> submitted_form =
+      content::CreatePasswordForm(form);
+
+  // If there is a provisionally saved password, copy over the previous
+  // password value so we get the users typed password, not the value that

[Ilya Sherman, 2013/07/27 01:09:48]

nit: "users" -> "user's"

[Garrett Casto, 2013/08/03 00:38:42]

Done.

+  // may have been transformed for submit.
+  // TODO(gcasto): Do we need to have this action equality check? Is it trying
+  // to prevent accidentally copying over passwords from a different form?
+  if (submitted_form.get()) {

[Ilya Sherman, 2013/07/27 01:09:48]

nit: No need for .get()

[Garrett Casto, 2013/08/03 00:38:42]

Done.

+    if (provisional_forms_[frame].get() &&

[Ilya Sherman, 2013/07/27 01:09:48]

nit: Ditto

[Garrett Casto, 2013/08/03 00:38:42]

linked_ptr<> aren't convertible to bool, so this doesn't work.

+        submitted_form->action == provisional_forms_[frame]->action) {
+      submitted_form->password_value =
+          provisional_forms_[frame]->password_value;
+    }

[Ilya Sherman, 2013/07/27 01:09:48]

nit: Please leave a blank line after this one.

[Garrett Casto, 2013/08/03 00:38:42]

Done.

+    // Some observers depend on sending this information now instead of when
+    // the frame starts loading. If there are redirects that cause a new
+    // RenderView to be instantiated (such as redirects to the WebStore)
+    // we will never get to finish the load.
+    Send(new AutofillHostMsg_PasswordFormSubmitted(routing_id(),
+                                                   *submitted_form.get()));

[Ilya Sherman, 2013/07/27 01:09:48]

nit: No need for .get()

[Garrett Casto, 2013/08/03 00:38:42]

Done.

+    // Remove reference since we have already submitted this form.
+    provisional_forms_.erase(frame);
+  }
+}
+
+void PasswordAutofillAgent::DidStartProvisionalLoad(WebKit::WebFrame* frame) {
+  // If the navigation is not triggered by a user gesture, e.g. by some ajax
+  // callback, then inherit the submitted password form from the previous
+  // state. This fixes the no password save issue for ajax login, tracked in
+  // [http://crbug/43219]. Note that there are still some sites that this
+  // fails for because they use some element other than a submit button to
+  // trigger submission (which means WillSendSubmitEvent will not be called).
+  if (!frame->parent() &&
+      !WebKit::WebUserGestureIndicator::isProcessingUserGesture() &&
+      provisional_forms_[frame].get()) {

[Ilya Sherman, 2013/07/27 01:09:48]

nit: No need for .get()

[Garrett Casto, 2013/08/03 00:38:42]

Doesn't work.

+    Send(new AutofillHostMsg_PasswordFormSubmitted(
+        routing_id(),
+        *provisional_forms_[frame].get()));

[Ilya Sherman, 2013/07/27 01:09:48]

nit: No need for .get()

[Garrett Casto, 2013/08/03 00:38:42]

Done.

[Garrett Casto, 2013/08/03 00:38:42]

Done.

+  }
+  provisional_forms_.erase(frame);

[Ilya Sherman, 2013/07/27 01:09:48]

Can we clear the whole map if the |frame| is a top-level frame, either here or
when a load commits?

[Garrett Casto, 2013/08/03 00:38:42]

Sure.

+}
+
 void PasswordAutofillAgent::OnFillPasswordForm(
     const PasswordFormFillData& form_data) {
   if (usernames_usage_ == NOTHING_TO_AUTOFILL) {