components/autofill/content/renderer/password_autofill_agent.cc - Issue 2676653004: Show FormNotSecure warnings on sensitive inputs in non-secure contexts

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/autofill/content/renderer/password_autofill_agent.cc

Issue 2676653004: Show FormNotSecure warnings on sensitive inputs in non-secure contexts (Closed)

Patch Set: Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « components/autofill/content/renderer/password_autofill_agent.h ('k') | components/autofill/core/browser/autofill_manager.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: components/autofill/content/renderer/password_autofill_agent.cc

diff --git a/components/autofill/content/renderer/password_autofill_agent.cc b/components/autofill/content/renderer/password_autofill_agent.cc

index 8f2e20475ddf8ce70694314b79982de65c72487d..0e56fbbc091110c693c55f503ef3eec18165f463 100644

--- a/components/autofill/content/renderer/password_autofill_agent.cc

+++ b/components/autofill/content/renderer/password_autofill_agent.cc

@@ -28,6 +28,8 @@

#include "components/autofill/core/common/autofill_util.h"

#include "components/autofill/core/common/form_field_data.h"

#include "components/autofill/core/common/password_form_fill_data.h"

+#include "components/security_state/core/security_state.h"

+#include "content/public/common/origin_util.h"

#include "content/public/renderer/document_state.h"

#include "content/public/renderer/navigation_state.h"

#include "content/public/renderer/render_frame.h"

@@ -842,9 +844,25 @@ bool PasswordAutofillAgent::ShowSuggestions(

blink::WebInputElement username_element;

blink::WebInputElement password_element;

PasswordInfo* password_info;

if (!FindPasswordInfoForElement(element, &username_element, &password_element,

- &password_info))

+ &password_info)) {

+ // If we don't have a password stored, but the form is non-secure, warn

+ // the user about the non-secure form.

+ if ((element.isPasswordField() ||

+ HasAutocompleteAttributeValue(element, "username")) &&

+ security_state::IsHttpWarningInFormEnabled() &&

+ !content::IsOriginSecure(url::Origin(render_frame()

+ ->GetRenderView()

+ ->GetMainRenderFrame()

+ ->GetWebFrame()

+ ->getSecurityOrigin())

+ .GetURL())) {

+ autofill_agent_->ShowNotSecureWarning(element);

+ return true;

+ }

return false;

+ }

// If autocomplete='off' is set on the form elements, no suggestion dialog

// should be shown. However, return |true| to indicate that this is a known