Fix for scoring password autofill candidates:

components/password_manager/core/browser/password_form_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/password_manager/core/browser/password_form_manager.h"
 
 #include <algorithm>
 
 #include "base/metrics/histogram.h"
 #include "base/strings/string_split.h"
@@ skipping 615 matching lines @@
             autofill_manager->UploadPasswordGenerationForm(pending.form_data);
         UMA_HISTOGRAM_BOOLEAN("PasswordGeneration.UploadStarted", success);
       }
     }
   }
 }
 
 int PasswordFormManager::ScoreResult(const PasswordForm& candidate) const {
   DCHECK_EQ(state_, MATCHING_PHASE);
   // For scoring of candidate login data:
-  // The most important element that should match is the origin, followed by
-  // the action, the password name, the submit button name, and finally the
-  // username input field name.
+  // The most important element that should match is the signon_realm followed
+  // by the origin, the action, the password name, the submit button name, and
+  // finally the username input field name.
+  // If public suffix origin match was not used, it gives an addition of
+  // 128 (1 << 7).
   // Exact origin match gives an addition of 64 (1 << 6) + # of matching url
   // dirs.
   // Partial match gives an addition of 32 (1 << 5) + # matching url dirs
   // That way, a partial match cannot trump an exact match even if
   // the partial one matches all other attributes (action, elements) (and
   // regardless of the matching depth in the URL path).
-  // If public suffix origin match was not used, it gives an addition of
-  // 16 (1 << 4).
   int score = 0;
-  if (candidate.origin == observed_form_.origin) {
+  if (!candidate.IsPublicSuffixMatch()) {
+    score += 1 << 7;
+  } else if (candidate.origin == observed_form_.origin) {

[Garrett Casto, 2014/04/24 22:35:29]

Sorry about this, but I realized this isn't quite right. There shouldn't be an
else here.

if (!candidate.IsPublicSuffixMatch() {
  ...
}

if (candidate.origin == observed_form_.origin)
...

The issue is that you may have multiple matches that are from the same realm but
different origin (e.g. example.com/first vs. example.com/second) and these
should score differently. The fact that this didn't fail a test isn't great
either, so we should probably add something to verify this.

     // This check is here for the most common case which
     // is we have a single match in the db for the given host,
     // so we don't generally need to walk the entire URL path (the else
     // clause).
     score += (1 << 6) + static_cast<int>(form_path_tokens_.size());
   } else {
     // Walk the origin URL paths one directory at a time to see how
     // deep the two match.
     std::vector<std::string> candidate_path_tokens;
     base::SplitString(candidate.origin.path(), '/', &candidate_path_tokens);
     size_t depth = 0;
     size_t max_dirs = std::min(form_path_tokens_.size(),
                                candidate_path_tokens.size());
     while ((depth < max_dirs) && (form_path_tokens_[depth] ==
                                   candidate_path_tokens[depth])) {
       depth++;
       score++;
     }
     // do we have a partial match?
     score += (depth > 0) ? 1 << 5 : 0;
   }
   if (observed_form_.scheme == PasswordForm::SCHEME_HTML) {
-    if (!candidate.IsPublicSuffixMatch())
-      score += 1 << 4;
     if (candidate.action == observed_form_.action)
       score += 1 << 3;
     if (candidate.password_element == observed_form_.password_element)
       score += 1 << 2;
     if (candidate.submit_element == observed_form_.submit_element)
       score += 1 << 1;
     if (candidate.username_element == observed_form_.username_element)
       score += 1 << 0;
   }
 
   return score;
 }
 
 void PasswordFormManager::SubmitPassed() {
   submit_result_ = kSubmitResultPassed;
   if (has_generated_password_)
     LogPasswordGenerationSubmissionEvent(PASSWORD_SUBMITTED);
 }
 
 void PasswordFormManager::SubmitFailed() {
   submit_result_ = kSubmitResultFailed;
   if (has_generated_password_)
     LogPasswordGenerationSubmissionEvent(PASSWORD_SUBMISSION_FAILED);
 }
 
 }  // namespace password_manager