Add support for setting password value gated on user's gesture in a page

Add support for setting password value gated on user's gesture in a page

A new way to set value is exposed for password input elements: setValueAfterUserGesture -- unlike setValue, which sets the new value immediately, setValueAfterUserGesture delays the effect until the user interacts with the page in any way.
This has security motivation, detailed here:
https://docs.google.com/document/d/1_Es0qQVrKZSZoXuQBuPmNW8-EAUDsuQGSMIlRFPzs_0/edit?usp=sharing

This improves the current status, when a workaround involving setSuggestedValue and checking for a user gesture outside of Blink is used. That workaround does not work for Android, and can be seen as a layering violation in the sense, that checking for user gesture is a Blink internal thing.

This is the Blink part, two more CLs are planned as follow-ups:
1) Chromium part: PasswordAutofillAgent using setValueAfterUserGesture instead of setSuggestedValue + clean-up (basically getting rid of content/ changes from https://codereview.chromium.org/163843002)
2) Blink clean-up: making WebInputEvent::isUserGestureEventType Blink-internal

This CL was closed without landing, in favour of https://codereview.chromium.org/235983016/.
BUG=163072

[vabr (Chromium), 2014-04-14 14:37:43]

Hi Jochen,

It would be great if you could review this, but feel free to say no, and I'll
find somebody else.
There is no rush, I'm afraid I've delayed the code by a month already. :)

Thanks,
Vaclav

[jochen (gone - plz use gerrit), 2014-04-14 14:40:08]

adding Kent who knows more about input than I do

will this work on mobile?

[vabr (Chromium), 2014-04-14 14:45:27]

On 2014/04/14 14:40:08, jochen wrote:
> adding Kent who knows more about input than I do
> 
> will this work on mobile?

That's the hope. I'm afraid I can only try that after I finish the Chromium
part, though.

[tkent, 2014-04-15 05:01:17]

This behavior is too specific to add to core/.  Adding new data member to
HTMLInputElement just for this feature is not reasonable.
IMO, the best approach is to notify the first user-gesture to Chromium (via
WebAutofillClient or WebViewClient?).

[vabr (Chromium), 2014-04-15 17:09:41]

On 2014/04/15 05:01:17, tkent wrote:
> This behavior is too specific to add to core/.  Adding new data member to
> HTMLInputElement just for this feature is not reasonable.
> IMO, the best approach is to notify the first user-gesture to Chromium (via
> WebAutofillClient or WebViewClient?).

Thanks Kent, fair enough. I tried to got the way you suggested in a new CL:
https://codereview.chromium.org/235983016/
If that CL ends up landing, I'll close this one.

Cheers,
Vaclav