[Autofill] Autofill fails to fill credit card number when split across fields.

components/autofill/core/browser/credit_card_field.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/autofill/core/browser/credit_card_field.h"
 
 #include <stddef.h>
 
+#include <algorithm>
+
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/strings/string16.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "components/autofill/core/browser/autofill_field.h"
 #include "components/autofill/core/browser/autofill_regex_constants.h"
 #include "components/autofill/core/browser/autofill_scanner.h"
 #include "components/autofill/core/browser/field_types.h"
 #include "ui/base/l10n/l10n_util.h"
 
 namespace autofill {
 
+// Credit card numbers are at most 19 digits in length.
+// [Ref: http://en.wikipedia.org/wiki/Bank_card_number]
+static const size_t kMaxValidCardNumberSize = 19;
+
 // static
 FormField* CreditCardField::Parse(AutofillScanner* scanner) {
   if (scanner->IsEnd())
     return NULL;
 
   scoped_ptr<CreditCardField> credit_card_field(new CreditCardField);
   size_t saved_cursor = scanner->SaveCursor();
 
   // Credit card fields can appear in many different orders.
   // We loop until no more credit card related fields are found, see |break| at
@@ skipping 19 matching lines @@
       }
 
       if (ParseField(scanner, name_pattern, &credit_card_field->cardholder_))
         continue;
 
       // As a hard-coded hack for Expedia's billing pages (expedia_checkout.html
       // and ExpediaBilling.html in our test suite), recognize separate fields
       // for the cardholder's first and last name if they have the labels "cfnm"
       // and "clnm".
       scanner->SaveCursor();
-      const AutofillField* first;
+      AutofillField* first;
       if (ParseField(scanner, base::ASCIIToUTF16("^cfnm"), &first) &&
           ParseField(scanner, base::ASCIIToUTF16("^clnm"),
                      &credit_card_field->cardholder_last_)) {
         credit_card_field->cardholder_ = first;
         continue;
       }
       scanner->Rewind();
     }
 
     // Check for a credit card type (Visa, MasterCard, etc.) field.
@@ skipping 10 matching lines @@
     // has a plethora of names; we've seen "verification #",
     // "verification number", "card identification number" and others listed
     // in the |pattern| below.
     base::string16 pattern = base::UTF8ToUTF16(autofill::kCardCvcRe);
     if (!credit_card_field->verification_ &&
         ParseField(scanner, pattern, &credit_card_field->verification_)) {
       continue;
     }
 
     pattern = base::UTF8ToUTF16(autofill::kCardNumberRe);
-    if (!credit_card_field->number_ &&
-        ParseField(scanner, pattern, &credit_card_field->number_)) {
+    AutofillField* current_number_field;
+    if (ParseField(scanner, pattern, &current_number_field)) {
+      // Avoid autofilling any credit card number field having very low or high
+      // |start_index| on the HTML form.
+      size_t start_index = 0;
+      if (!credit_card_field->numbers_.empty()) {
+        size_t last_number_field_size =
+            credit_card_field->numbers_.back()
+                ->credit_card_number_start_index() +
+            credit_card_field->numbers_.back()->max_length;

[Evan Stade, 2014/08/28 18:18:42]

nit: \n

[Pritam Nikam, 2014/09/01 09:03:35]

Done.

+        // In some cases, HTML form may have credit card number split across
+        // multiple input fields and either one or cumulatively having
+        // |max_length| more than |kMaxValidCardNumberSize|, mark these input
+        // form fields as invalid and skip autofilling them.

[Evan Stade, 2014/08/28 18:18:42]

Not sure if this would happen in the wild, but it seems like the last input
might not have a max size set. In this case, we could still fill in the credit
card just by stuffing whatever numbers we have left over from the first n-1
fields into the last field.

[Pritam Nikam, 2014/09/01 09:03:35]

This is already taken care with current logic.
Modified a unit test CreditCardFieldTest::ParseCreditCardNumberWithSplit to
reflect this along with a comment.

+        if (last_number_field_size == 0U ||
+            last_number_field_size >= kMaxValidCardNumberSize)

[Evan Stade, 2014/08/28 18:18:42]

nit: curlies

[Pritam Nikam, 2014/09/01 09:03:35]

Done.

+          // Mark that the credit card number splits are invalid. But keep
+          // scanning HTML form so that cursor moves beyond related fields.
+          credit_card_field->is_valid_card_number_split_ = false;
+
+        start_index = last_number_field_size;
+      }
+
+      current_number_field->set_credit_card_number_start_index(start_index);
+      credit_card_field->numbers_.push_back(current_number_field);
       continue;
     }
 
     if (LowerCaseEqualsASCII(scanner->Cursor()->form_control_type, "month")) {
       credit_card_field->expiration_date_ = scanner->Cursor();
       scanner->Advance();
     } else {
       // First try to parse split month/year expiration fields.
       scanner->SaveCursor();
       pattern = base::UTF8ToUTF16(autofill::kExpirationMonthRe);
@@ skipping 56 matching lines @@
   if (credit_card_field->cardholder_)
     return credit_card_field.release();
 
   // On some pages, the user selects a card type using radio buttons
   // (e.g. test page Apple Store Billing.html).  We can't handle that yet,
   // so we treat the card type as optional for now.
   // The existence of a number or cvc in combination with expiration date is
   // a strong enough signal that this is a credit card.  It is possible that
   // the number and name were parsed in a separate part of the form.  So if
   // the cvc and date were found independently they are returned.
-  if ((credit_card_field->number_ || credit_card_field->verification_) &&
+  if ((!credit_card_field->numbers_.empty() ||
+       credit_card_field->verification_) &&
       (credit_card_field->expiration_date_ ||
        (credit_card_field->expiration_month_ &&
         credit_card_field->expiration_year_))) {
     return credit_card_field.release();
   }
 
   scanner->RewindTo(saved_cursor);
   return NULL;
 }
 
 CreditCardField::CreditCardField()
     : cardholder_(NULL),
       cardholder_last_(NULL),
       type_(NULL),
-      number_(NULL),
       verification_(NULL),
       expiration_month_(NULL),
       expiration_year_(NULL),
       expiration_date_(NULL),
-      is_two_digit_year_(false) {
+      is_two_digit_year_(false),
+      is_valid_card_number_split_(true) {
+}
+
+CreditCardField::~CreditCardField() {
 }
 
 bool CreditCardField::ClassifyField(ServerFieldTypeMap* map) const {
-  bool ok = AddClassification(number_, CREDIT_CARD_NUMBER, map);
+  // Bail-out autofilling for invalid credit card number splits.
+  if (!is_valid_card_number_split_)
+    return false;
+
+  bool ok = true;
+  for (size_t index = 0; index < numbers_.size(); ++index) {
+    ok = ok && AddClassification(numbers_.at(index), CREDIT_CARD_NUMBER, map);
+  }
+
   ok = ok && AddClassification(type_, CREDIT_CARD_TYPE, map);
   ok = ok && AddClassification(verification_, CREDIT_CARD_VERIFICATION_CODE,
                                map);
 
   // If the heuristics detected first and last name in separate fields,
   // then ignore both fields. Putting them into separate fields is probably
   // wrong, because the credit card can also contain a middle name or middle
   // initial.
   if (cardholder_last_ == NULL)
     ok = ok && AddClassification(cardholder_, CREDIT_CARD_NAME, map);
@@ skipping 16 matching lines @@
       ok = ok && AddClassification(expiration_year_,
                                    CREDIT_CARD_EXP_4_DIGIT_YEAR,
                                    map);
     }
   }
 
   return ok;
 }
 
 }  // namespace autofill