| Index: components/password_manager/core/browser/password_autofill_manager.cc
|
| diff --git a/components/password_manager/core/browser/password_autofill_manager.cc b/components/password_manager/core/browser/password_autofill_manager.cc
|
| index 34b6bd72d9dd8557bb74e033fedb9c5409df2577..091b2062c2ef71c5e7129cdbb1e41e2c5afb6c0d 100644
|
| --- a/components/password_manager/core/browser/password_autofill_manager.cc
|
| +++ b/components/password_manager/core/browser/password_autofill_manager.cc
|
| @@ -257,6 +257,16 @@ void PasswordAutofillManager::OnShowNotSecureWarning(
|
| base::i18n::TextDirection text_direction,
|
| const gfx::RectF& bounds) {
|
| DCHECK(security_state::IsHttpWarningInFormEnabled());
|
| + // TODO(estark): Other code paths in this file don't do null checks before
|
| + // using |autofill_client_|. It seems that these other code paths somehow
|
| + // short-circuit before dereferencing |autofill_client_| in cases where it's
|
| + // null; it would be good to understand why/how and make a firm decision about
|
| + // whether |autofill_client_| is allowed to be null. Ideally we would be able
|
| + // to get rid of such cases so that we can enable Form-Not-Secure warnings
|
| + // here in all cases. https://crbug.com/699217
|
| + if (!autofill_client_)
|
| + return;
|
| +
|
| std::vector<autofill::Suggestion> suggestions;
|
| autofill::Suggestion http_warning_suggestion(
|
| l10n_util::GetStringUTF8(IDS_AUTOFILL_LOGIN_HTTP_WARNING_MESSAGE),
|
|
|