Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(44)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/security_state/content/content_utils.cc

Issue 2727353002: Ensure GetSecurityStyle sets correct explanations for HTTP_SHOW_WARNING (Closed)
Patch Set: Address estark feedback Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/components_google_chrome_strings.grd ('k') | components/security_state/content/content_utils_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/security_state/content/content_utils.h" 5 #include "components/security_state/content/content_utils.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/memory/ptr_util.h" 10 #include "base/memory/ptr_util.h"
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after
177 177
178 return state; 178 return state;
179 } 179 }
180 180
181 blink::WebSecurityStyle GetSecurityStyle( 181 blink::WebSecurityStyle GetSecurityStyle(
182 const security_state::SecurityInfo& security_info, 182 const security_state::SecurityInfo& security_info,
183 content::SecurityStyleExplanations* security_style_explanations) { 183 content::SecurityStyleExplanations* security_style_explanations) {
184 const blink::WebSecurityStyle security_style = 184 const blink::WebSecurityStyle security_style =
185 SecurityLevelToSecurityStyle(security_info.security_level); 185 SecurityLevelToSecurityStyle(security_info.security_level);
186 186
187 if (security_info.security_level == security_state::HTTP_SHOW_WARNING) { 187 // The HTTP_SHOW_WARNING state may occur if the page is served as a data: URI
188 // If the HTTP_SHOW_WARNING field trial is in use, display an 188 // or if it is served non-securely AND contains a sensitive form field.
189 // unauthenticated explanation explaining why the omnibox warning is 189 if (security_info.security_level == security_state::HTTP_SHOW_WARNING &&
190 // present. 190 (security_info.displayed_password_field_on_http ||
191 security_info.displayed_credit_card_field_on_http)) {
191 security_style_explanations->unauthenticated_explanations.push_back( 192 security_style_explanations->unauthenticated_explanations.push_back(
192 content::SecurityStyleExplanation( 193 content::SecurityStyleExplanation(
193 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), 194 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT),
194 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT_DESCRIPTION))); 195 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT_DESCRIPTION)));
195 } else if (security_info.security_level == security_state::NONE &&
196 (security_info.displayed_password_field_on_http ||
197 security_info.displayed_credit_card_field_on_http)) {
198 // If the HTTP_SHOW_WARNING field trial isn't in use yet, display an
199 // informational note that the omnibox will contain a warning for
200 // this site in a future version of Chrome.
201 security_style_explanations->info_explanations.push_back(
202 content::SecurityStyleExplanation(
203 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT),
204 l10n_util::GetStringUTF8(
205 IDS_PRIVATE_USER_DATA_INPUT_FUTURE_DESCRIPTION)));
206 } 196 }
207
208 security_style_explanations->ran_insecure_content_style = 197 security_style_explanations->ran_insecure_content_style =
209 SecurityLevelToSecurityStyle(security_state::kRanInsecureContentLevel); 198 SecurityLevelToSecurityStyle(security_state::kRanInsecureContentLevel);
210 security_style_explanations->displayed_insecure_content_style = 199 security_style_explanations->displayed_insecure_content_style =
211 SecurityLevelToSecurityStyle( 200 SecurityLevelToSecurityStyle(
212 security_state::kDisplayedInsecureContentLevel); 201 security_state::kDisplayedInsecureContentLevel);
213 202
214 if (security_info.malicious_content_status != 203 if (security_info.malicious_content_status !=
215 security_state::MALICIOUS_CONTENT_STATUS_NONE) { 204 security_state::MALICIOUS_CONTENT_STATUS_NONE) {
216 security_style_explanations->summary = 205 security_style_explanations->summary =
217 l10n_util::GetStringUTF8(IDS_SAFEBROWSING_WARNING); 206 l10n_util::GetStringUTF8(IDS_SAFEBROWSING_WARNING);
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after
310 security_style_explanations->info_explanations.push_back( 299 security_style_explanations->info_explanations.push_back(
311 content::SecurityStyleExplanation( 300 content::SecurityStyleExplanation(
312 "Public-Key Pinning Bypassed", 301 "Public-Key Pinning Bypassed",
313 "Public-key pinning was bypassed by a local root certificate.")); 302 "Public-key pinning was bypassed by a local root certificate."));
314 } 303 }
315 304
316 return security_style; 305 return security_style;
317 } 306 }
318 307
319 } // namespace security_state 308 } // namespace security_state
OLDNEW
« no previous file with comments | « components/components_google_chrome_strings.grd ('k') | components/security_state/content/content_utils_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698