Chromium Code Reviews Chromium Code Reviews
Issue 2727353002:
Ensure GetSecurityStyle sets correct explanations for HTTP_SHOW_WARNING (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/security_state/content/content_utils.h" | 5 #include "components/security_state/content/content_utils.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/memory/ptr_util.h" | 10 #include "base/memory/ptr_util.h" |
| (...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 177 | 177 |
| 178 return state; | 178 return state; |
| 179 } | 179 } |
| 180 | 180 |
| 181 blink::WebSecurityStyle GetSecurityStyle( | 181 blink::WebSecurityStyle GetSecurityStyle( |
| 182 const security_state::SecurityInfo& security_info, | 182 const security_state::SecurityInfo& security_info, |
| 183 content::SecurityStyleExplanations* security_style_explanations) { | 183 content::SecurityStyleExplanations* security_style_explanations) { |
| 184 const blink::WebSecurityStyle security_style = | 184 const blink::WebSecurityStyle security_style = |
| 185 SecurityLevelToSecurityStyle(security_info.security_level); | 185 SecurityLevelToSecurityStyle(security_info.security_level); |
| 186 | 186 |
| 187 if (security_info.security_level == security_state::HTTP_SHOW_WARNING) { | 187 // The HTTP_SHOW_WARNING state may occur if the page is served as a data: URI |
| 188 // If the HTTP_SHOW_WARNING field trial is in use, display an | 188 // or if it is served non-securely AND contains a sensitive form field. |
| 189 // unauthenticated explanation explaining why the omnibox warning is | 189 if (security_info.security_level == security_state::HTTP_SHOW_WARNING && |
| 190 // present. | 190 (security_info.displayed_password_field_on_http || |
| 191 security_info.displayed_credit_card_field_on_http)) { | |
| 192 // Display an unauthenticated explanation explaining why the omnibox warning | |
|
estark
2017/03/02 22:53:33
optional nit: I don't think this comment is helpfu
elawrence
2017/03/02 23:11:43
Done.
| |
| 193 // is present. | |
| 191 security_style_explanations->unauthenticated_explanations.push_back( | 194 security_style_explanations->unauthenticated_explanations.push_back( |
| 192 content::SecurityStyleExplanation( | 195 content::SecurityStyleExplanation( |
| 193 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), | 196 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), |
| 194 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT_DESCRIPTION))); | 197 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT_DESCRIPTION))); |
| 195 } else if (security_info.security_level == security_state::NONE && | |
| 196 (security_info.displayed_password_field_on_http || | |
| 197 security_info.displayed_credit_card_field_on_http)) { | |
| 198 // If the HTTP_SHOW_WARNING field trial isn't in use yet, display an | |
| 199 // informational note that the omnibox will contain a warning for | |
| 200 // this site in a future version of Chrome. | |
| 201 security_style_explanations->info_explanations.push_back( | |
| 202 content::SecurityStyleExplanation( | |
| 203 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), | |
| 204 l10n_util::GetStringUTF8( | |
| 205 IDS_PRIVATE_USER_DATA_INPUT_FUTURE_DESCRIPTION))); | |
| 206 } | 198 } |
| 207 | |
| 208 security_style_explanations->ran_insecure_content_style = | 199 security_style_explanations->ran_insecure_content_style = |
| 209 SecurityLevelToSecurityStyle(security_state::kRanInsecureContentLevel); | 200 SecurityLevelToSecurityStyle(security_state::kRanInsecureContentLevel); |
| 210 security_style_explanations->displayed_insecure_content_style = | 201 security_style_explanations->displayed_insecure_content_style = |
| 211 SecurityLevelToSecurityStyle( | 202 SecurityLevelToSecurityStyle( |
| 212 security_state::kDisplayedInsecureContentLevel); | 203 security_state::kDisplayedInsecureContentLevel); |
| 213 | 204 |
| 214 if (security_info.malicious_content_status != | 205 if (security_info.malicious_content_status != |
| 215 security_state::MALICIOUS_CONTENT_STATUS_NONE) { | 206 security_state::MALICIOUS_CONTENT_STATUS_NONE) { |
| 216 security_style_explanations->summary = | 207 security_style_explanations->summary = |
| 217 l10n_util::GetStringUTF8(IDS_SAFEBROWSING_WARNING); | 208 l10n_util::GetStringUTF8(IDS_SAFEBROWSING_WARNING); |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 310 security_style_explanations->info_explanations.push_back( | 301 security_style_explanations->info_explanations.push_back( |
| 311 content::SecurityStyleExplanation( | 302 content::SecurityStyleExplanation( |
| 312 "Public-Key Pinning Bypassed", | 303 "Public-Key Pinning Bypassed", |
| 313 "Public-key pinning was bypassed by a local root certificate.")); | 304 "Public-key pinning was bypassed by a local root certificate.")); |
| 314 } | 305 } |
| 315 | 306 |
| 316 return security_style; | 307 return security_style; |
| 317 } | 308 } |
| 318 | 309 |
| 319 } // namespace security_state | 310 } // namespace security_state |
| OLD | NEW |
