Update devtools security panel for HTTP-bad

chrome/browser/ssl/chrome_security_state_model_client.cc

Index: chrome/browser/ssl/chrome_security_state_model_client.cc
diff --git a/chrome/browser/ssl/chrome_security_state_model_client.cc b/chrome/browser/ssl/chrome_security_state_model_client.cc
index fe1f85e3a67d76cfb61829d207e7bcb44c6bcf45..f8e1baa2bd7882f4138e8ce32431f80ddbe52402 100644
--- a/chrome/browser/ssl/chrome_security_state_model_client.cc
+++ b/chrome/browser/ssl/chrome_security_state_model_client.cc
@@ -184,6 +184,14 @@ blink::WebSecurityStyle ChromeSecurityStateModelClient::GetSecurityStyle(
   const blink::WebSecurityStyle security_style =
       SecurityLevelToSecurityStyle(security_info.security_level);
 
+  if (security_info.security_level ==
+      security_state::SecurityStateModel::HTTP_SHOW_WARNING) {
+    security_style_explanations->unauthenticated_explanations.push_back(

[lgarron, 2016/10/18 23:49:55]

I *think* this should be an info explanation?

+        content::SecurityStyleExplanation(
+            l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT),
+            l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT_DESCRIPTION)));
+  }
+
   security_style_explanations->ran_insecure_content_style =
       SecurityLevelToSecurityStyle(
           SecurityStateModel::kRanInsecureContentLevel);
@@ -191,7 +199,7 @@ blink::WebSecurityStyle ChromeSecurityStateModelClient::GetSecurityStyle(
       SecurityLevelToSecurityStyle(
           SecurityStateModel::kDisplayedInsecureContentLevel);
 
-  // Check if the page is HTTP; if so, no explanations are needed. Note
+  // Check if the page is HTTP; if so, no more explanations are needed. Note
   // that SecurityStyleUnauthenticated does not necessarily mean that
   // the page is loaded over HTTP, because the security style merely
   // represents how the embedder wishes to display the security state of