Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(660)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/security_state/content/content_utils.cc

Issue 2727353002: Ensure GetSecurityStyle sets correct explanations for HTTP_SHOW_WARNING (Closed)
Patch Set: Update SecurityStateContentUtilsTest Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/ssl/security_state_tab_helper_browser_tests.cc ('K') | « components/components_google_chrome_strings.grd ('k') | components/security_state/content/content_utils_unittest.cc » ('j') | components/security_state/content/content_utils_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/security_state/content/content_utils.cc
diff --git a/components/security_state/content/content_utils.cc b/components/security_state/content/content_utils.cc
index 71b9d1c5fe93043db787a8fae01e4a0f4ae57671..18d470e18c0654b1a6d4b3a9fb28a3cdc27f09be 100644
--- a/components/security_state/content/content_utils.cc
+++ b/components/security_state/content/content_utils.cc
@@ -184,27 +184,18 @@ blink::WebSecurityStyle GetSecurityStyle(
const blink::WebSecurityStyle security_style =
SecurityLevelToSecurityStyle(security_info.security_level);
- if (security_info.security_level == security_state::HTTP_SHOW_WARNING) {
- // If the HTTP_SHOW_WARNING field trial is in use, display an
- // unauthenticated explanation explaining why the omnibox warning is
- // present.
+ // The HTTP_SHOW_WARNING state may occur if the page is served as a data: URI
+ // or if it is served non-securely AND contains a sensitive form field.
+ if (security_info.security_level == security_state::HTTP_SHOW_WARNING &&
+ (security_info.displayed_password_field_on_http ||
+ security_info.displayed_credit_card_field_on_http)) {
+ // Display an unauthenticated explanation explaining why the omnibox warning
estark 2017/03/02 22:53:33 optional nit: I don't think this comment is helpfu
elawrence 2017/03/02 23:11:43 Done.
+ // is present.
security_style_explanations->unauthenticated_explanations.push_back(
content::SecurityStyleExplanation(
l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT),
l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT_DESCRIPTION)));
- } else if (security_info.security_level == security_state::NONE &&
- (security_info.displayed_password_field_on_http ||
- security_info.displayed_credit_card_field_on_http)) {
- // If the HTTP_SHOW_WARNING field trial isn't in use yet, display an
- // informational note that the omnibox will contain a warning for
- // this site in a future version of Chrome.
- security_style_explanations->info_explanations.push_back(
- content::SecurityStyleExplanation(
- l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT),
- l10n_util::GetStringUTF8(
- IDS_PRIVATE_USER_DATA_INPUT_FUTURE_DESCRIPTION)));
}
-
security_style_explanations->ran_insecure_content_style =
SecurityLevelToSecurityStyle(security_state::kRanInsecureContentLevel);
security_style_explanations->displayed_insecure_content_style =
« chrome/browser/ssl/security_state_tab_helper_browser_tests.cc ('K') | « components/components_google_chrome_strings.grd ('k') | components/security_state/content/content_utils_unittest.cc » ('j') | components/security_state/content/content_utils_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698