[Password Manager] Make filling robust against changing url by JavaScript

components/autofill/content/renderer/password_form_conversion_utils.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/autofill/content/renderer/password_form_conversion_utils.h"
 
 #include <stddef.h>
 
 #include <algorithm>
 #include <string>
@@ skipping 575 matching lines @@
         // |typed_username_value|. In case when it was, |typed_username_value|
         // is incomplete, so we should leave autofilled value.
         username_value = typed_username_value;
       }
     }
     password_form->username_value = username_value;
   }
 
   password_form->origin =
       form_util::GetCanonicalOriginForDocument(form.document);
-  GURL::Replacements rep;
-  rep.SetPathStr("");
-  password_form->signon_realm =
-      password_form->origin.ReplaceComponents(rep).spec();
+  password_form->signon_realm = GetSignOnRealm(password_form->origin);
   password_form->other_possible_usernames.swap(other_possible_usernames);
 
   if (!password.IsNull()) {
     password_form->password_element = FieldName(password, "anonymous_password");
     blink::WebString password_value = password.Value();
     if (FieldHasNonscriptModifiedValue(field_value_and_properties_map,
                                        password))
       password_value = blink::WebString::FromUTF16(
           *field_value_and_properties_map->at(password).first);
     password_form->password_value = password_value.Utf16();
@@ skipping 164 matching lines @@
     const blink::WebInputElement& field) {
   if (!field.IsPasswordField())
     return false;
 
   static const base::string16 kCardCvcReCached = base::UTF8ToUTF16(kCardCvcRe);
 
   return MatchesPattern(field.GetAttribute("id").Utf16(), kCardCvcReCached) ||
          MatchesPattern(field.GetAttribute("name").Utf16(), kCardCvcReCached);
 }
 
+std::string GetSignOnRealm(const GURL& origin) {

[kolos1, 2017/05/18 09:52:53]

There might be confusion with GetSignonRealm from
chrome/browser/ui/login/login_handler.h. This function could not remove path as
I understand. And we use it here
https://cs.chromium.org/chromium/src/chrome/browser/ui/login/login_handler.cc...

[dvadym, 2017/05/18 11:08:52]

GetSignOnRealm is very good name :). I don't think that there will be any
confusions, this function is in autofill namespace an it's used in rederer.
That's exactly why namespaces are needed :)

[kolos1, 2017/05/18 11:11:50]

Acknowledged.

+  GURL::Replacements rep;
+  rep.SetPathStr("");

[kolos1, 2017/05/18 09:52:53]

Shall we also clear Query, Ref, Username, Password as we do for example here:
https://cs.chromium.org/chromium/src/chrome/utility/importer/nss_decryptor.cc...

[dvadym, 2017/05/18 11:08:52]

This is just extracting of logic that we had for calculating of signon_realm. As
far as I understand it removes everything, only scheme:host:port are left.

[kolos1, 2017/05/18 11:11:50]

Acknowledged.

+  return origin.ReplaceComponents(rep).spec();
+}
+
 }  // namespace autofill