Show form not secure warnings for blob and filesystem URLs.

components/security_state/core/security_state_unittest.cc

Index: components/security_state/core/security_state_unittest.cc
diff --git a/components/security_state/core/security_state_unittest.cc b/components/security_state/core/security_state_unittest.cc
index 54b7cd37c7aa76f632883692c3027e82fcfe39f8..00753de0ac95ac0929a6ec74482613d498874ea3 100644
--- a/components/security_state/core/security_state_unittest.cc
+++ b/components/security_state/core/security_state_unittest.cc
@@ -26,6 +26,12 @@ namespace {
 const char kHttpsUrl[] = "https://foo.test/";
 const char kHttpUrl[] = "http://foo.test/";
 
+// This list doesn't include data: URL, as data: URLs will be explicitly marked
+// as not secure.
+const char* const kPseudoUrls[] = {
+    "blob:http://test/some-guid", "filesystem:http://test/some-guid",
+};
+
 bool IsOriginSecure(const GURL& url) {
   return url == kHttpsUrl;
 }
@@ -273,6 +279,22 @@ TEST(SecurityStateTest, PasswordFieldWarning) {
   EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level);
 }
 
+// Tests that password fields cause the security level to be downgraded
+// to HTTP_SHOW_WARNING on pseudo URLs when the command-line switch is set.
+TEST(SecurityStateTest, PasswordFieldWarningOnPseudoUrls) {
+  base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
+      switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip);
+  for (const char* const url : kPseudoUrls) {
+    TestSecurityStateHelper helper;
+    helper.SetUrl(GURL(url));
+    helper.set_displayed_password_field_on_http(true);
+    SecurityInfo security_info;
+    helper.GetSecurityInfo(&security_info);
+    EXPECT_TRUE(security_info.displayed_password_field_on_http);
+    EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level);
+  }
+}
+
 // Tests that credit card fields cause the security level to be downgraded
 // to HTTP_SHOW_WARNING when the command-line switch is set.
 TEST(SecurityStateTest, CreditCardFieldWarning) {
@@ -287,6 +309,22 @@ TEST(SecurityStateTest, CreditCardFieldWarning) {
   EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level);
 }
 
+// Tests that credit card fields cause the security level to be downgraded
+// to HTTP_SHOW_WARNING on pseudo URLs when the command-line switch is set.
+TEST(SecurityStateTest, CreditCardFieldWarningOnPseudoUrls) {
+  base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
+      switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip);
+  for (const char* const url : kPseudoUrls) {
+    TestSecurityStateHelper helper;
+    helper.SetUrl(GURL(url));
+    helper.set_displayed_credit_card_field_on_http(true);
+    SecurityInfo security_info;
+    helper.GetSecurityInfo(&security_info);
+    EXPECT_TRUE(security_info.displayed_credit_card_field_on_http);
+    EXPECT_EQ(HTTP_SHOW_WARNING, security_info.security_level);
+  }
+}
+
 // Tests that neither |displayed_password_field_on_http| nor
 // |displayed_credit_card_field_on_http| is set when the corresponding
 // VisibleSecurityState flags are not set.
@@ -300,6 +338,21 @@ TEST(SecurityStateTest, PrivateUserDataNotSet) {
   EXPECT_EQ(NONE, security_info.security_level);
 }
 
+// Tests that neither |displayed_password_field_on_http| nor
+// |displayed_credit_card_field_on_http| is set on pseudo URLs when the
+// corresponding VisibleSecurityState flags are not set.
+TEST(SecurityStateTest, PrivateUserDataNotSetOnPseudoUrls) {
+  for (const char* const url : kPseudoUrls) {
+    TestSecurityStateHelper helper;
+    helper.SetUrl(GURL(url));
+    SecurityInfo security_info;
+    helper.GetSecurityInfo(&security_info);
+    EXPECT_FALSE(security_info.displayed_password_field_on_http);
+    EXPECT_FALSE(security_info.displayed_credit_card_field_on_http);
+    EXPECT_EQ(NONE, security_info.security_level);
+  }
+}
+
 // Tests that SSL.MarkHttpAsStatus histogram is updated when security state is
 // computed for a page.
 TEST(SecurityStateTest, MarkHttpAsStatusHistogram) {