Issue metadata
Sign in to add a comment
|
Update SSLStatus when passwords are detected in a page [iOS] |
||||||||||||||||||||||
Issue descriptionCreate a new class, IOSHttpDowngradeHandler: This class will be responsible for handling events, checking whether the top-level frame is displaying a non-secure origin, and (if so) updating the SecurityStateModel. It will implement OnPasswordFormsRendered. It will require access to a WebState. PasswordController is the Bling equivalent of ContentPasswordManagerDriver. It should create a IOSHttpDowngradeHandler, passing it a WebState. (PasswordController has a webStateObserverBridge, from which you can retrieve a web_state().) You should hook didFinishPasswordFormExtraction to identify when password forms are rendered. When that occurs, call ios_http_downgrade_handler_->OnPasswordFormsRendered. The detection code should record the event on the NavigationItem’s SSLStatus. Extend web::SSLStatus to be aware of the HTTP bad detection events. Specifically, add new flags to the ContentStatusFlags enum: DISPLAYED_PASSWORD_FIELD and DISPLAYED_CREDIT_CARD_FIELD. These flags should be set on the current NavigationItem’s SSLStatus whenever the detection logic identifies a password or credit card form field. The detection code should trigger a refresh of the security UI elements by calling webControllerDidUpdateSSLStatusForCurrentNavigationItem. This will cause the security UI elements to request updated security information from the SSM. https://docs.google.com/document/d/1xno6g6OnA7strcyzE-o_drevW8L0Mb6ZBEkjsiwa6x0/edit#heading=h.zax2c3mff695
,
Oct 26 2016
,
Nov 22 2016
,
Nov 22 2016
,
Dec 5 2016
,
Dec 7 2016
The following revision refers to this bug: https://chrome-internal.googlesource.com/chrome/ios_internal.git/+/ca43dc029a86dc54f33777efc21823b7bb5029ad commit ca43dc029a86dc54f33777efc21823b7bb5029ad Author: lgarron <lgarron@google.com> Date: Wed Dec 07 21:39:50 2016
,
Dec 13 2016
,
Dec 15 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5f03ba5ae3b6fa1059da663fa8c86f8846b16e31 commit 5f03ba5ae3b6fa1059da663fa8c86f8846b16e31 Author: lgarron <lgarron@chromium.org> Date: Thu Dec 15 03:05:43 2016 iOS: Mark HTTP pages with password fields with an omnibox icon. BUG= 647822 ================================ TEST=Use an iPhone, not an iPad. First, enable the proper flag: -------------------------------- 1. Open the Settings app 2. Scroll to Chrome Beta/Dev/Canary and press 3. Scroll down to Experimental Settings and press 4. Scroll to EXTRA FLAGS (ONE PER LINE) 5. Toggle "Append Extra Flags" to ON 6. Set Flag1 to "--mark-non-secure-as=show-non-secure-passwords-cc-ui" (without the quotes) -------------------------------- Test 3 URLs: 1) Visit https://badssl.com/input/login/ and verify that the omnibox security has a green lock security indicator to the left of the URL. 2) Visit http://http-login.badssl.com/ and verify that the omnibox security has a grey info icon ⓘ security indicator to the left of the URL. 3) Visit http://http.badssl.com/ and verify that the omnibox does *not* have a security indicator to the left of the URL. -------------------------------- 4) Set Flag1 (see above) to "--mark-non-secure-as=neutral" (without the quotes) and check that http://http-login.badssl.com/ does *not* have a security indicator to the left of the URL. ================================ Review-Url: https://codereview.chromium.org/2466143002 Cr-Commit-Position: refs/heads/master@{#438721} [modify] https://crrev.com/5f03ba5ae3b6fa1059da663fa8c86f8846b16e31/ios/chrome/browser/passwords/password_controller.mm [modify] https://crrev.com/5f03ba5ae3b6fa1059da663fa8c86f8846b16e31/ios/chrome/browser/passwords/password_controller_unittest.mm [modify] https://crrev.com/5f03ba5ae3b6fa1059da663fa8c86f8846b16e31/ios/chrome/browser/ssl/ios_security_state_tab_helper.mm [modify] https://crrev.com/5f03ba5ae3b6fa1059da663fa8c86f8846b16e31/ios/web/public/ssl_status.h [modify] https://crrev.com/5f03ba5ae3b6fa1059da663fa8c86f8846b16e31/ios/web/public/test/test_web_state.h [modify] https://crrev.com/5f03ba5ae3b6fa1059da663fa8c86f8846b16e31/ios/web/public/web_state/web_state.h [modify] https://crrev.com/5f03ba5ae3b6fa1059da663fa8c86f8846b16e31/ios/web/web_state/ui/crw_web_controller.h [modify] https://crrev.com/5f03ba5ae3b6fa1059da663fa8c86f8846b16e31/ios/web/web_state/ui/crw_web_controller.mm [modify] https://crrev.com/5f03ba5ae3b6fa1059da663fa8c86f8846b16e31/ios/web/web_state/ui/crw_web_controller_unittest.mm [modify] https://crrev.com/5f03ba5ae3b6fa1059da663fa8c86f8846b16e31/ios/web/web_state/web_state_impl.h [modify] https://crrev.com/5f03ba5ae3b6fa1059da663fa8c86f8846b16e31/ios/web/web_state/web_state_impl.mm
,
Dec 15 2016
,
Dec 15 2016
The following revision refers to this bug: https://chrome-internal.googlesource.com/chrome/ios_internal.git/+/b09d0ee00472b77b3e752c51367423bb4fe091f7 commit b09d0ee00472b77b3e752c51367423bb4fe091f7 Author: lgarron <lgarron@google.com> Date: Thu Dec 15 05:01:37 2016
,
Dec 27 2016
Verified in 57.0.2964.0 canary, iPhone 6S iOS 10.1, iPhone iOS 9.3.5 followed steps from comment #8, looks good. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by est...@chromium.org
, Sep 21 2016