components/autofill/content/renderer/password_form_conversion_utils.cc - Issue 2771833002: Password Manager should skip fields with credit card autocomplete attribute.

Side by Side Diff: components/autofill/content/renderer/password_form_conversion_utils.cc

Issue 2771833002: Password Manager should skip fields with credit card autocomplete attribute. (Closed)

Patch Set: Do not create string in HasAutocompleteAttributeValue Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « components/autofill/content/renderer/password_form_conversion_utils.h ('k') | components/autofill/content/renderer/password_form_conversion_utils_browsertest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "components/autofill/content/renderer/password_form_conversion_utils.h"	5 #include "components/autofill/content/renderer/password_form_conversion_utils.h"

6	6

7 #include <stddef.h>	7 #include <stddef.h>

8	8

9 #include <algorithm>	9 #include <algorithm>

10 #include <string>	10 #include <string>

11	11

12 #include "base/i18n/case_conversion.h"	12 #include "base/i18n/case_conversion.h"

13 #include "base/lazy_instance.h"	13 #include "base/lazy_instance.h"

14 #include "base/macros.h"	14 #include "base/macros.h"

15 #include "base/metrics/histogram_macros.h"	15 #include "base/metrics/histogram_macros.h"

16 #include "base/stl_util.h"	16 #include "base/stl_util.h"

17 #include "base/strings/string16.h"	17 #include "base/strings/string16.h"

	18 #include "base/strings/string_split.h"

18 #include "base/strings/string_util.h"	19 #include "base/strings/string_util.h"

19 #include "base/strings/utf_string_conversions.h"	20 #include "base/strings/utf_string_conversions.h"

20 #include "components/autofill/content/renderer/form_autofill_util.h"	21 #include "components/autofill/content/renderer/form_autofill_util.h"

21 #include "components/autofill/core/common/autofill_util.h"	22 #include "components/autofill/core/common/autofill_util.h"

22 #include "components/autofill/core/common/password_form.h"	23 #include "components/autofill/core/common/password_form.h"

23 #include "components/autofill/core/common/password_form_field_prediction_map.h"	24 #include "components/autofill/core/common/password_form_field_prediction_map.h"

24 #include "google_apis/gaia/gaia_urls.h"	25 #include "google_apis/gaia/gaia_urls.h"

25 #include "third_party/WebKit/public/platform/WebString.h"	26 #include "third_party/WebKit/public/platform/WebString.h"

26 #include "third_party/WebKit/public/platform/WebVector.h"	27 #include "third_party/WebKit/public/platform/WebVector.h"

27 #include "third_party/WebKit/public/web/WebDocument.h"	28 #include "third_party/WebKit/public/web/WebDocument.h"

(...skipping 58 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
86 // (NPPP?.) and forms which use password fields to store private but	87 // (NPPP?.) and forms which use password fields to store private but

87 // non-password data (could look like, e.g., PN+P.*).	88 // non-password data (could look like, e.g., PN+P.*).

88 const char kLoginAndSignupRegex[] =	89 const char kLoginAndSignupRegex[] =

89 "NP" // Login section.	90 "NP" // Login section.

90 "N+P" // Sign-up section.	91 "N+P" // Sign-up section.

91 ".*"; // Anything beyond that.	92 ".*"; // Anything beyond that.

92	93

93 const char kAutocompleteUsername[] = "username";	94 const char kAutocompleteUsername[] = "username";

94 const char kAutocompleteCurrentPassword[] = "current-password";	95 const char kAutocompleteCurrentPassword[] = "current-password";

95 const char kAutocompleteNewPassword[] = "new-password";	96 const char kAutocompleteNewPassword[] = "new-password";

	97 const char kAutocompleteCreditCardPrefix[] = "cc-";

96	98

97 re2::RE2* CreateMatcher(void* instance, const char* pattern) {	99 re2::RE2* CreateMatcher(void* instance, const char* pattern) {

98 re2::RE2::Options options;	100 re2::RE2::Options options;

99 options.set_case_sensitive(false);	101 options.set_case_sensitive(false);

100 // Use placement new to initialize the instance in the preallocated space.	102 // Use placement new to initialize the instance in the preallocated space.

101 // The "(instance)" is very important to force POD type initialization.	103 // The "(instance)" is very important to force POD type initialization.

102 re2::RE2* matcher = new (instance) re2::RE2(pattern, options);	104 re2::RE2* matcher = new (instance) re2::RE2(pattern, options);

103 DCHECK(matcher->ok());	105 DCHECK(matcher->ok());

104 return matcher;	106 return matcher;

105 }	107 }

(...skipping 312 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
418 std::string layout_sequence;	420 std::string layout_sequence;

419 layout_sequence.reserve(form.control_elements.size());	421 layout_sequence.reserve(form.control_elements.size());

420 size_t number_of_non_empty_text_non_password_fields = 0;	422 size_t number_of_non_empty_text_non_password_fields = 0;

421 for (size_t i = 0; i < form.control_elements.size(); ++i) {	423 for (size_t i = 0; i < form.control_elements.size(); ++i) {

422 WebFormControlElement control_element = form.control_elements[i];	424 WebFormControlElement control_element = form.control_elements[i];

423	425

424 WebInputElement* input_element = toWebInputElement(&control_element);	426 WebInputElement* input_element = toWebInputElement(&control_element);

425 if (!input_element \|\| !input_element->isEnabled())	427 if (!input_element \|\| !input_element->isEnabled())

426 continue;	428 continue;

427	429

	430 if (HasCreditCardAutocompleteAttributes(*input_element))

	431 continue;

	432

428 bool element_is_invisible = !form_util::IsWebNodeVisible(*input_element);	433 bool element_is_invisible = !form_util::IsWebNodeVisible(*input_element);

429 if (input_element->isTextField()) {	434 if (input_element->isTextField()) {

430 if (input_element->isPasswordField()) {	435 if (input_element->isPasswordField()) {

431 if (element_is_invisible && ignore_invisible_passwords)	436 if (element_is_invisible && ignore_invisible_passwords)

432 continue;	437 continue;

433 layout_sequence.push_back('P');	438 layout_sequence.push_back('P');

434 } else {	439 } else {

435 if (FieldHasNonscriptModifiedValue(field_value_and_properties_map,	440 if (FieldHasNonscriptModifiedValue(field_value_and_properties_map,

436 *input_element))	441 *input_element))

437 ++number_of_non_empty_text_non_password_fields;	442 ++number_of_non_empty_text_non_password_fields;

(...skipping 290 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
728 return std::unique_ptr<PasswordForm>();	733 return std::unique_ptr<PasswordForm>();

729	734

730 // No actual action on the form, so use the the origin as the action.	735 // No actual action on the form, so use the the origin as the action.

731 password_form->action = password_form->origin;	736 password_form->action = password_form->origin;

732	737

733 return password_form;	738 return password_form;

734 }	739 }

735	740

736 bool HasAutocompleteAttributeValue(const blink::WebInputElement& element,	741 bool HasAutocompleteAttributeValue(const blink::WebInputElement& element,

737 const char* value_in_lowercase) {	742 const char* value_in_lowercase) {

738 base::string16 autocomplete_attribute(	743 std::string autocomplete_value_lowercase = base::ToLowerASCII(

739 element.getAttribute("autocomplete").utf16());	744 base::UTF16ToUTF8(element.getAttribute("autocomplete").utf16()));

740 std::vector<std::string> tokens = LowercaseAndTokenizeAttributeString(	745

741 base::UTF16ToUTF8(autocomplete_attribute));	746 std::vector<base::StringPiece> tokens = base::SplitStringPiece(

	747 autocomplete_value_lowercase, base::kWhitespaceASCII,

	748 base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);

742	749

743 return base::ContainsValue(tokens, value_in_lowercase);	750 return base::ContainsValue(tokens, value_in_lowercase);

744 }	751 }

745	752

	753 bool HasCreditCardAutocompleteAttributes(

	754 const blink::WebInputElement& element) {

	755 std::string autocomplete_value_lowercase = base::ToLowerASCII(

	756 base::UTF16ToUTF8(element.getAttribute("autocomplete").utf16()));

	757

	758 for (const auto& token : base::SplitStringPiece(
	Roger McFarlane (Chromium) 2017/03/27 19:06:28 Another, IMO better, alternative would be to just Another, IMO better, alternative would be to just do startswith "cc-" or contains " cc-" which would be clearer to read, have zero memory overhead and be O(n) time, where n is the length of the value. vabr (Chromium) 2017/03/27 20:20:03 It is indeed O(n) because the length of " cc-" is Show quoted text On 2017/03/27 19:06:28, Roger McFarlane (Chromium) wrote: > Another, IMO better, alternative would be to just do startswith "cc-" or > contains " cc-" which would be clearer to read, have zero memory overhead and be > O(n) time, where n is the length of the value. It is indeed O(n) because the length of " cc-" is a constant. I'm not sure about the zero memory overhead, because I don't know how exactly string::find is implemented. What you describe is roughly what Vadym had originally, and I would argue that that was not clearer to read. I'm fine with anything which at least reaches the bar of the current code: no explanatory comments needed, and the code is concise. dvadym 2017/03/28 08:33:08 When using regexp, there are 2 times: creating a r Show quoted text On 2017/03/27 20:20:03, vabr (Chromium) wrote: > On 2017/03/27 19:06:28, Roger McFarlane (Chromium) wrote: > > Another, IMO better, alternative would be to just do startswith "cc-" or > > contains " cc-" which would be clearer to read, have zero memory overhead and > be > > O(n) time, where n is the length of the value. > > It is indeed O(n) because the length of " cc-" is a constant. I'm not sure about > the zero memory overhead, because I don't know how exactly string::find is > implemented. > > What you describe is roughly what Vadym had originally, and I would argue that > that was not clearer to read. > > I'm fine with anything which at least reaches the bar of the current code: no > explanatory comments needed, and the code is concise. When using regexp, there are 2 times: creating a regexp object (building state machine) and matching. Since the creating of the object could take significant time in general, usually it's better to create the object only once. Then it's needed to use some machinery to do this for example like here https://cs.chromium.org/chromium/src/components/autofill/content/renderer/pas... with lazy loading. My feeling that it would be not easier than just straight forward splitting and checking with StartsWith. Moreover now both this function and HasAutocompleteAttributeValue function have the same logic with splitting, and in HasAutocompleteAttributeValue it doesn't make sense to create a regexp object since \|value_in_lowercase\| is different on each call.
	759 autocomplete_value_lowercase, base::kWhitespaceASCII,

	760 base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY)) {

	761 if (base::StartsWith(token, kAutocompleteCreditCardPrefix,

	762 base::CompareCase::SENSITIVE)) {

	763 return true;

	764 }

	765 }

	766 return false;

	767 }

	768

746 } // namespace autofill	769 } // namespace autofill

OLD	NEW