Post tasks for sensitive input visibility notifications

third_party/WebKit/Source/core/dom/Document.cpp

 /*
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
  *           (C) 2006 Alexey Proskuryakov (ap@webkit.org)
  * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All
  * rights reserved.
  * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.
  * (http://www.torchmobile.com/)
  * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.
@@ skipping 223 matching lines @@
 #include "platform/ScriptForbiddenScope.h"
 #include "platform/network/ContentSecurityPolicyParsers.h"
 #include "platform/network/HTTPParsers.h"
 #include "platform/scroll/ScrollbarTheme.h"
 #include "platform/text/PlatformLocale.h"
 #include "platform/text/SegmentedString.h"
 #include "platform/tracing/TraceEvent.h"
 #include "platform/weborigin/OriginAccessEntry.h"
 #include "platform/weborigin/SchemeRegistry.h"
 #include "platform/weborigin/SecurityOrigin.h"
+#include "public/platform/InterfaceProvider.h"
 #include "public/platform/Platform.h"
 #include "public/platform/WebAddressSpace.h"
 #include "public/platform/WebFrameScheduler.h"
 #include "public/platform/WebPrerenderingSupport.h"
 #include "public/platform/WebScheduler.h"
+#include "public/platform/modules/sensitive_input_visibility/sensitive_input_visibility_service.mojom-blink.h"
 #include "wtf/AutoReset.h"
 #include "wtf/CurrentTime.h"
 #include "wtf/DateMath.h"
 #include "wtf/Functional.h"
 #include "wtf/HashFunctions.h"
 #include "wtf/PtrUtil.h"
 #include "wtf/StdLibExtras.h"
 #include "wtf/text/CharacterNames.h"
 #include "wtf/text/StringBuffer.h"
 #include "wtf/text/TextEncodingRegistry.h"
@@ skipping 4063 matching lines @@
 
 const OriginAccessEntry& Document::accessEntryFromURL() {
   if (!m_accessEntryFromURL) {
     m_accessEntryFromURL = wrapUnique(
         new OriginAccessEntry(url().protocol(), url().host(),
                               OriginAccessEntry::AllowRegisterableDomains));
   }
   return *m_accessEntryFromURL;
 }
 
+void Document::sendSensitiveInputVisibility() {
+  m_sensitiveInputVisibilityTask =

[dcheng, 2016/11/24 01:54:08]

Let's guard this with an isActive() so we only queue a new task if it's not
already pending.

[estark, 2016/11/24 03:24:48]

Done. (Sorry I missed that suggestion earlier.)

+      TaskRunnerHelper::get(TaskType::Internal, this)
+          ->postCancellableTask(
+              BLINK_FROM_HERE,
+              WTF::bind(&Document::sendSensitiveInputVisibilityImpl,
+                        wrapWeakPersistent(this)));
+}
+
+void Document::sendSensitiveInputVisibilityImpl() {

[haraken, 2016/11/24 01:52:40]

sendSensitiveInputVisibilityImpl => sendSensitiveInputVisibilityInternal

[estark, 2016/11/24 03:24:48]

Done.

+  if (!frame())

[dcheng, 2016/11/24 01:54:08]

DCHECK(frame()), since I think it should be non-null in all the contexts where
we use this.

[estark, 2016/11/24 03:24:48]

I couldn't convince myself of this. Is it not possible that the Document would
detach from the frame before the queued task runs?

[dcheng, 2016/11/24 03:48:29]

Ah-ha. You got me. You're totally right.

I'm a bit torn on whether or not we should null check frame() here or just
cancel the task proactively in Document::shutdown()... but either way is fine.

Originally, I was thinking it was better to be explicit about it and explicitly
cancel it in Document::shutdown()... but I guess we're going to queue this task
*in* Document::shutdown() when we detach the layout tree.

In conclusion: this is fine. Maybe in some hypothetical future we can change
this, but this is safer for now. *sigh*

+    return;
+
+  mojom::blink::SensitiveInputVisibilityServicePtr sensitiveInputServicePtr;
+  frame()->interfaceProvider()->getInterface(
+      mojo::GetProxy(&sensitiveInputServicePtr));
+  if (m_passwordCount > 0) {
+    sensitiveInputServicePtr->PasswordFieldVisibleInInsecureContext();
+    return;
+  }
+  sensitiveInputServicePtr->AllPasswordFieldsInInsecureContextInvisible();
+}
+
 void Document::registerEventFactory(
     std::unique_ptr<EventFactoryBase> eventFactory) {
   DCHECK(!eventFactories().contains(eventFactory.get()));
   eventFactories().add(std::move(eventFactory));
 }
 
 Event* Document::createEvent(ExecutionContext* executionContext,
                              const String& eventType,
                              ExceptionState& exceptionState) {
   Event* event = nullptr;
@@ skipping 2057 matching lines @@
 
 PropertyRegistry* Document::propertyRegistry() {
   // TODO(timloh): When the flag is removed, return a reference instead.
   if (!m_propertyRegistry && RuntimeEnabledFeatures::cssVariables2Enabled())
     m_propertyRegistry = PropertyRegistry::create();
   return m_propertyRegistry;
 }
 
 void Document::incrementPasswordCount() {
   ++m_passwordCount;
+  if (isSecureContext() || m_passwordCount != 1) {
+    // The browser process only cares about passwords on pages where the
+    // top-level URL is not secure. Secure contexts must have a top-level
+    // URL that is secure, so there is no need to send notifications for
+    // password fields in secure contexts.
+    //
+    // Also, only send a message on the first visible password field; the
+    // browser process doesn't care about the presence of additional
+    // password fields beyond that.
+    return;
+  }
+  sendSensitiveInputVisibility();
 }
 
 void Document::decrementPasswordCount() {
   DCHECK_GT(m_passwordCount, 0u);
   --m_passwordCount;
-}
-
-unsigned Document::passwordCount() const {
-  return m_passwordCount;
+  if (isSecureContext() || m_passwordCount > 0)
+    return;
+  sendSensitiveInputVisibility();
 }
 
 DEFINE_TRACE(Document) {
   visitor->trace(m_importsController);
   visitor->trace(m_docType);
   visitor->trace(m_implementation);
   visitor->trace(m_autofocusElement);
   visitor->trace(m_focusedElement);
   visitor->trace(m_sequentialFocusNavigationStartingPoint);
   visitor->trace(m_hoverNode);
@@ skipping 94 matching lines @@
 }
 
 void showLiveDocumentInstances() {
   WeakDocumentSet& set = liveDocumentSet();
   fprintf(stderr, "There are %u documents currently alive:\n", set.size());
   for (Document* document : set)
     fprintf(stderr, "- Document %p URL: %s\n", document,
             document->url().getString().utf8().data());
 }
 #endif