Index: components/security_state/content/content_utils.cc |
diff --git a/components/security_state/content/content_utils.cc b/components/security_state/content/content_utils.cc |
index 71b9d1c5fe93043db787a8fae01e4a0f4ae57671..18d470e18c0654b1a6d4b3a9fb28a3cdc27f09be 100644 |
--- a/components/security_state/content/content_utils.cc |
+++ b/components/security_state/content/content_utils.cc |
@@ -184,27 +184,18 @@ blink::WebSecurityStyle GetSecurityStyle( |
const blink::WebSecurityStyle security_style = |
SecurityLevelToSecurityStyle(security_info.security_level); |
- if (security_info.security_level == security_state::HTTP_SHOW_WARNING) { |
- // If the HTTP_SHOW_WARNING field trial is in use, display an |
- // unauthenticated explanation explaining why the omnibox warning is |
- // present. |
+ // The HTTP_SHOW_WARNING state may occur if the page is served as a data: URI |
+ // or if it is served non-securely AND contains a sensitive form field. |
+ if (security_info.security_level == security_state::HTTP_SHOW_WARNING && |
+ (security_info.displayed_password_field_on_http || |
+ security_info.displayed_credit_card_field_on_http)) { |
+ // Display an unauthenticated explanation explaining why the omnibox warning |
estark
2017/03/02 22:53:33
optional nit: I don't think this comment is helpfu
elawrence
2017/03/02 23:11:43
Done.
|
+ // is present. |
security_style_explanations->unauthenticated_explanations.push_back( |
content::SecurityStyleExplanation( |
l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), |
l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT_DESCRIPTION))); |
- } else if (security_info.security_level == security_state::NONE && |
- (security_info.displayed_password_field_on_http || |
- security_info.displayed_credit_card_field_on_http)) { |
- // If the HTTP_SHOW_WARNING field trial isn't in use yet, display an |
- // informational note that the omnibox will contain a warning for |
- // this site in a future version of Chrome. |
- security_style_explanations->info_explanations.push_back( |
- content::SecurityStyleExplanation( |
- l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), |
- l10n_util::GetStringUTF8( |
- IDS_PRIVATE_USER_DATA_INPUT_FUTURE_DESCRIPTION))); |
} |
- |
security_style_explanations->ran_insecure_content_style = |
SecurityLevelToSecurityStyle(security_state::kRanInsecureContentLevel); |
security_style_explanations->displayed_insecure_content_style = |