components/security_state/content/content_utils.cc - Issue 2727353002: Ensure GetSecurityStyle sets correct explanations for HTTP_SHOW_WARNING

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/security_state/content/content_utils.cc

Issue 2727353002: Ensure GetSecurityStyle sets correct explanations for HTTP_SHOW_WARNING (Closed)

Patch Set: Address estark feedback Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: components/security_state/content/content_utils.cc

diff --git a/components/security_state/content/content_utils.cc b/components/security_state/content/content_utils.cc

index 71b9d1c5fe93043db787a8fae01e4a0f4ae57671..266eeb3a557a39aca9b615662689521d0c3f2ba1 100644

--- a/components/security_state/content/content_utils.cc

+++ b/components/security_state/content/content_utils.cc

@@ -184,27 +184,16 @@ blink::WebSecurityStyle GetSecurityStyle(

const blink::WebSecurityStyle security_style =

SecurityLevelToSecurityStyle(security_info.security_level);

- if (security_info.security_level == security_state::HTTP_SHOW_WARNING) {

- // If the HTTP_SHOW_WARNING field trial is in use, display an

- // unauthenticated explanation explaining why the omnibox warning is

- // present.

+ // The HTTP_SHOW_WARNING state may occur if the page is served as a data: URI

+ // or if it is served non-securely AND contains a sensitive form field.

+ if (security_info.security_level == security_state::HTTP_SHOW_WARNING &&

+ (security_info.displayed_password_field_on_http ||

+ security_info.displayed_credit_card_field_on_http)) {

security_style_explanations->unauthenticated_explanations.push_back(

content::SecurityStyleExplanation(

l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT),

l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT_DESCRIPTION)));

- } else if (security_info.security_level == security_state::NONE &&

- (security_info.displayed_password_field_on_http ||

- security_info.displayed_credit_card_field_on_http)) {

- // If the HTTP_SHOW_WARNING field trial isn't in use yet, display an

- // informational note that the omnibox will contain a warning for

- // this site in a future version of Chrome.

- security_style_explanations->info_explanations.push_back(

- content::SecurityStyleExplanation(

- l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT),

- l10n_util::GetStringUTF8(

- IDS_PRIVATE_USER_DATA_INPUT_FUTURE_DESCRIPTION)));

}

security_style_explanations->ran_insecure_content_style =

SecurityLevelToSecurityStyle(security_state::kRanInsecureContentLevel);

security_style_explanations->displayed_insecure_content_style =