iOS: Mark HTTP pages with password fields with an omnibox icon.

ios/web/web_state/ui/crw_web_controller.mm

Index: ios/web/web_state/ui/crw_web_controller.mm
diff --git a/ios/web/web_state/ui/crw_web_controller.mm b/ios/web/web_state/ui/crw_web_controller.mm
index daba52a1871c7d98c800ef12efd9cc37c4478fbd..8d33e5f1b51d59ef1248df4f50970c60d7039661 100644
--- a/ios/web/web_state/ui/crw_web_controller.mm
+++ b/ios/web/web_state/ui/crw_web_controller.mm
@@ -4590,6 +4590,17 @@ const NSTimeInterval kSnapshotOverlayTransition = 0.5;
   }
 }
 
+- (void)didShowSensitiveInputOnHttp {
+  // TODO: Get the current item, not the visible item.

[lgarron, 2016/11/29 03:48:49]

The implementation of webControllerDidUpdateSSLStatusForCurrentNavigationItem:
actually uses GetTransientItem().

Also, there is no "current item" method, on the controller, only:

- GetVisibleItem()
- GetLastCommittedItem()
- GetPendingItem()
- GetTransientItem()

Which should I use?
GetTransientItem() is consistent with
didUpdateSSLStatusForCurrentNavigationItem, but sounds the
second-least-accurate.

[Eugene But (OOO till 7-30), 2016/11/30 17:58:41]

Tab uses transient item to exit from fullscreen if interstitial is shown. Which
API do you use for other platforms? Is there anything suitable in
CRWSessionController?

[lgarron, 2016/12/02 01:21:52]

Desktop uses LastCommittedEntry() [1].
Ive updated this callsite, and also used the last committed URL in the password
manager.

However, this function still calls
webControllerDidUpdateSSLStatusForCurrentNavigationItem, which uses the
transient entry. Is that safe, or should I mage a version of
webControllerDidUpdateSSLStatusForCurrentNavigationItem that uses the last
committed entry?

[1]
https://cs.chromium.org/chromium/src/content/browser/ssl/ssl_manager.cc?dr=CS...

[Eugene But (OOO till 7-30), 2016/12/02 01:53:11]

There is no ned to change Tab. It uses pending entry to check for interstitial
presence, which is orthogonal to password field warning.

+  web::NavigationItem* item =
+      self.webState->GetNavigationManager()->GetVisibleItem();
+  item->GetSSL().security_style = web::SECURITY_STYLE_AUTHENTICATED;

[estark, 2016/11/29 21:28:48]

I don't think you should be setting the security_style or
DISPLAYED_INSECURE_CONTENT here, unless I'm missing something.

[lgarron, 2016/12/02 01:21:52]

Removed.

+  item->GetSSL().content_status |= web::SSLStatus::DISPLAYED_INSECURE_CONTENT;
+  item->GetSSL().content_status |=
+      web::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP;

[estark, 2016/11/29 21:28:48]

Are you planning to later expand this method to handle credit cards too? Or do
that as a separate method? If the latter, maybe this should be named
didShowPasswrodInputOnHttp.

[lgarron, 2016/12/02 01:21:52]

Possibly. I've renamed to didShowPasswordInputOnHTTP.

+  [self didUpdateSSLStatusForCurrentNavigationItem];
+}
+
 - (void)handleSSLCertError:(NSError*)error {
   CHECK(web::IsWKWebViewSSLCertError(error));