Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(11)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2298263002: Revert of Filter out credentials with non-matching schemes (Closed)

Created:
4 years, 3 months ago by fgorski
Modified:
4 years, 3 months ago
CC:
chromium-reviews, gcasto+watchlist_chromium.org, vabr+watchlistpasswordmanager_chromium.org
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Revert of Filter out credentials with non-matching schemes (patchset #1 id:1 of https://codereview.chromium.org/2298733002/ ) Reason for revert: Patch is crashing tests on windows bots. https://build.chromium.org/p/chromium.win/builders/Win7%20Tests%20%28dbg%29%281%29/builds/52229 https://build.chromium.org/p/chromium.win/builders/Win7%20Tests%20%28dbg%29%281%29/builds/52229/steps/browser_tests%20on%20Windows-7-SP1/logs/AutofillEditAddressWebUITest.testFieldValuesSaved Original issue's description: > Filter out credentials with non-matching schemes > > PasswordFormManager::ProcessMatches currently happily accepts credentials from > PasswordStore with a different PasswordForm::Scheme than the observed form has. > However, it still has a DCHECK against it later (in the Autofill* methods), so > it is clearly not expecting these, rather than mixing the schemes being by > design. > > And it should not be by design. Especially, if the saved credential is a > non-HTML one, and should be filled in a HTML form. Mixing them makes the > non-HTML credential vulnerable against (injected attacker's) JavaScript > accessing them. > > This CL filters out credentials with non-matching scheme from the batch coming > from the PasswordStore. Given the absence of DCHECKs in release builds, this > actually changes the behaviour for Chrome users, but the change is a desired > one. > > BUG=640897 > > Committed: https://crrev.com/da597b2f777ea4ac768164bee01f39a90fba3c65 > Cr-Commit-Position: refs/heads/master@{#415622} TBR=mkwst@chromium.org,dvadym@chromium.org,vabr@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=640897 Committed: https://crrev.com/53105f2efbdccc7714b8bba189e628b0f87f7fba Cr-Commit-Position: refs/heads/master@{#415648}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+2 lines, -61 lines) Patch
M components/password_manager/core/browser/password_form_manager.cc View 1 chunk +2 lines, -11 lines 0 comments Download
M components/password_manager/core/browser/password_form_manager_unittest.cc View 1 chunk +0 lines, -50 lines 0 comments Download

Messages

Total messages: 8 (3 generated)
fgorski
Created Revert of Filter out credentials with non-matching schemes
4 years, 3 months ago (2016-08-31 16:17:05 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2298263002/1
4 years, 3 months ago (2016-08-31 16:17:33 UTC) #3
commit-bot: I haz the power
Committed patchset #1 (id:1)
4 years, 3 months ago (2016-08-31 16:18:57 UTC) #5
vabr (Chromium)
lgtm
4 years, 3 months ago (2016-08-31 16:20:06 UTC) #6
commit-bot: I haz the power
4 years, 3 months ago (2016-08-31 16:22:19 UTC) #8
Message was sent while issue was closed. 
Patchset 1 (id:??) landed as
https://crrev.com/53105f2efbdccc7714b8bba189e628b0f87f7fba
Cr-Commit-Position: refs/heads/master@{#415648}

Powered by Google App Engine
This is Rietveld 408576698