New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 662298 link

Starred by 3 users
Status: Fixed
Owner:
lshang@chromium.org
Last visit > 30 days ago
Closed: Jan 2017
Cc:
est...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Feature



Sign in to add a comment

Show warning in the form field itself when website is HTTP [Views]

Project Member Reported by lshang@chromium.org, Nov 4 2016 
Show "Login not secure" warning message for password and credit card forms on http websites on desktop.

https://docs.google.com/document/d/1xno6g6OnA7strcyzE-o_drevW8L0Mb6ZBEkjsiwa6x0/edit#
Project Member

Comment 1 by bugdroid1@chromium.org, Nov 5 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b928f12db89f12ed5c1911859080318ca21172eb

commit b928f12db89f12ed5c1911859080318ca21172eb
Author: lshang <lshang@chromium.org>
Date: Sat Nov 05 04:35:06 2016

HTTP Bad: Add a switch for showing both verbose state and form warning

This CL introduces a new switch kMarkHttpWithPasswordsOrCcWithChipAndFormWarning
that enables both the omnibox warning and the autofill dropdown warning in HTTP
Bad. That way, in case there are problems, we can launch the omnibox warning
without the autofill dropdown warning via Finch.

BUG= 662298 ,  662297 

Review-Url: https://codereview.chromium.org/2472943004
Cr-Commit-Position: refs/heads/master@{#430151}

[modify] https://crrev.com/b928f12db89f12ed5c1911859080318ca21172eb/chrome/app/generated_resources.grd
[modify] https://crrev.com/b928f12db89f12ed5c1911859080318ca21172eb/chrome/browser/about_flags.cc
[modify] https://crrev.com/b928f12db89f12ed5c1911859080318ca21172eb/chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc
[modify] https://crrev.com/b928f12db89f12ed5c1911859080318ca21172eb/components/security_state/security_state_model.cc
[modify] https://crrev.com/b928f12db89f12ed5c1911859080318ca21172eb/components/security_state/switches.cc
[modify] https://crrev.com/b928f12db89f12ed5c1911859080318ca21172eb/components/security_state/switches.h
Project Member

Comment 2 by bugdroid1@chromium.org, Nov 9 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/479fa58cbbb3b9234de6e53c05037afdfcf928d2

commit 479fa58cbbb3b9234de6e53c05037afdfcf928d2
Author: lshang <lshang@chromium.org>
Date: Wed Nov 09 04:25:41 2016

HTTP Bad: Add warning message to autofill dropdown for http sites

In HTTP Bad project, chrome will generally warn users for http websites which
asks for credit cards and password info.

Guarded by a switch flag kMarkHttpWithPasswordsOrCcWithChipAndFormWarning, this CL adds a
warning message "Login not secure" on top of password suggestions in autofill
popup dropdown. Will polish its styles and add icons in the following CLs.

BUG= 662298 ,  662297 

Review-Url: https://codereview.chromium.org/2478043002
Cr-Commit-Position: refs/heads/master@{#430858}

[modify] https://crrev.com/479fa58cbbb3b9234de6e53c05037afdfcf928d2/components/autofill/core/browser/BUILD.gn
[modify] https://crrev.com/479fa58cbbb3b9234de6e53c05037afdfcf928d2/components/autofill/core/browser/DEPS
[modify] https://crrev.com/479fa58cbbb3b9234de6e53c05037afdfcf928d2/components/autofill/core/browser/autofill_experiments.cc
[modify] https://crrev.com/479fa58cbbb3b9234de6e53c05037afdfcf928d2/components/autofill/core/browser/autofill_experiments.h
[modify] https://crrev.com/479fa58cbbb3b9234de6e53c05037afdfcf928d2/components/autofill/core/browser/autofill_external_delegate.cc
[modify] https://crrev.com/479fa58cbbb3b9234de6e53c05037afdfcf928d2/components/autofill/core/browser/autofill_external_delegate.h
[modify] https://crrev.com/479fa58cbbb3b9234de6e53c05037afdfcf928d2/components/autofill/core/browser/autofill_external_delegate_unittest.cc
[modify] https://crrev.com/479fa58cbbb3b9234de6e53c05037afdfcf928d2/components/autofill/core/browser/autofill_manager.cc
[modify] https://crrev.com/479fa58cbbb3b9234de6e53c05037afdfcf928d2/components/autofill/core/browser/autofill_manager_unittest.cc
[modify] https://crrev.com/479fa58cbbb3b9234de6e53c05037afdfcf928d2/components/autofill_strings.grdp
[modify] https://crrev.com/479fa58cbbb3b9234de6e53c05037afdfcf928d2/components/password_manager/core/browser/BUILD.gn
[modify] https://crrev.com/479fa58cbbb3b9234de6e53c05037afdfcf928d2/components/password_manager/core/browser/DEPS
[modify] https://crrev.com/479fa58cbbb3b9234de6e53c05037afdfcf928d2/components/password_manager/core/browser/password_autofill_manager.cc
[modify] https://crrev.com/479fa58cbbb3b9234de6e53c05037afdfcf928d2/components/password_manager/core/browser/password_autofill_manager_unittest.cc
Project Member

Comment 3 by bugdroid1@chromium.org, Nov 18 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4d6fb24de5f4de7bf92ca572b7be8c3a05376043

commit 4d6fb24de5f4de7bf92ca572b7be8c3a05376043
Author: lshang <lshang@chromium.org>
Date: Fri Nov 18 04:14:56 2016

Http Bad: Add a PopupItemId to identify http warning message

Since Http bad warning message has somewhat different UI from other autofill
popup items (see specs of http bad warning message in: go/fns-ui-spec), this CL
adds a new PopupItemId POPUP_ITEM_ID_HTTP_NOT_SECURE_WARNING_MESSAGE to identify
http warning message. And renamed POPUP_ITEM_ID_WARNING_MESSAGE to
POPUP_ITEM_ID_INSECURE_CONTEXT_PAYMENT_DISABLED_MESSAGE accordingly to be more
specific.

This CL also changes text color of the message to show an example of use this
new PopupItemId in UI code.

BUG= 662298 ,  662297 

Review-Url: https://codereview.chromium.org/2496683003
Cr-Commit-Position: refs/heads/master@{#433092}

[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/chrome/browser/ui/android/autofill/autofill_popup_view_android.cc
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/chrome/browser/ui/autofill/autofill_popup_controller_impl.cc
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/chrome/browser/ui/autofill/autofill_popup_layout_model.cc
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/chrome/browser/ui/autofill/autofill_popup_layout_model.h
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/chrome/browser/ui/autofill/popup_constants.h
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/chrome/browser/ui/cocoa/autofill/autofill_popup_view_cocoa.mm
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/chrome/browser/ui/views/autofill/autofill_popup_view_views.cc
[add] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/components/autofill/android/java/res/values/colors.xml
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/components/autofill/android/java/res/values/dimens.xml
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/components/autofill/android/java/src/org/chromium/components/autofill/AutofillSuggestion.java
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/components/autofill/core/browser/autofill_external_delegate.cc
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/components/autofill/core/browser/autofill_external_delegate_unittest.cc
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/components/autofill/core/browser/autofill_manager.cc
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/components/autofill/core/browser/autofill_manager_unittest.cc
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/components/autofill/core/browser/popup_item_ids.h
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/components/password_manager/core/browser/password_autofill_manager.cc
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/content/public/android/java/src/org/chromium/content/browser/input/SelectPopupItem.java
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/ui/android/BUILD.gn
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/ui/android/java/res/layout/dropdown_item.xml
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/ui/android/java/res/values/dimens.xml
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/ui/android/java/src/org/chromium/ui/DropdownAdapter.java
[modify] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/ui/android/java/src/org/chromium/ui/DropdownItem.java
[add] https://crrev.com/4d6fb24de5f4de7bf92ca572b7be8c3a05376043/ui/android/java/src/org/chromium/ui/DropdownItemBase.java
Project Member

Comment 4 by bugdroid1@chromium.org, Nov 30 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9c5dad4bc57d0d53a43bf5fabea8ff3a64a650e4

commit 9c5dad4bc57d0d53a43bf5fabea8ff3a64a650e4
Author: lshang <lshang@chromium.org>
Date: Wed Nov 30 09:14:28 2016

Http Bad: Add icons to the http warning message

For http sites, show gfx::VectorIconId::LOCATION_BAR_HTTP. For broken
https, show gfx::VectorIconId::LOCATION_BAR_HTTPS_INVALID icon.

BUG= 662298 ,  662297 

Review-Url: https://codereview.chromium.org/2498503002
Cr-Commit-Position: refs/heads/master@{#435195}

[modify] https://crrev.com/9c5dad4bc57d0d53a43bf5fabea8ff3a64a650e4/chrome/browser/android/resource_id.h
[modify] https://crrev.com/9c5dad4bc57d0d53a43bf5fabea8ff3a64a650e4/chrome/browser/ui/autofill/autofill_popup_layout_model.cc
[modify] https://crrev.com/9c5dad4bc57d0d53a43bf5fabea8ff3a64a650e4/chrome/browser/ui/autofill/autofill_popup_layout_model.h
[modify] https://crrev.com/9c5dad4bc57d0d53a43bf5fabea8ff3a64a650e4/chrome/browser/ui/views/autofill/autofill_popup_view_views.cc
[modify] https://crrev.com/9c5dad4bc57d0d53a43bf5fabea8ff3a64a650e4/components/autofill/core/browser/autofill_manager.cc
[modify] https://crrev.com/9c5dad4bc57d0d53a43bf5fabea8ff3a64a650e4/components/autofill/core/browser/autofill_manager_unittest.cc
[modify] https://crrev.com/9c5dad4bc57d0d53a43bf5fabea8ff3a64a650e4/components/password_manager/core/browser/password_autofill_manager.cc
[modify] https://crrev.com/9c5dad4bc57d0d53a43bf5fabea8ff3a64a650e4/components/resources/autofill_scaled_resources.grdp
Project Member

Comment 5 by bugdroid1@chromium.org, Nov 30 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882

commit b0cb5e4ea319515a8de9c9e9720fd9a79beeb882
Author: lshang <lshang@chromium.org>
Date: Wed Nov 30 11:53:50 2016

Http Bad: Add "Learn more" sublabel to warning message and make it clickable

This CL adds a "Learn more" sublabel to the http bad warning message, and makes
the dropdown item to be clickable and redirect to the security indicator help
center page.

BUG= 662298 ,  662297 

Review-Url: https://codereview.chromium.org/2505533002
Cr-Commit-Position: refs/heads/master@{#435224}

[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/android_webview/native/aw_autofill_client.cc
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/android_webview/native/aw_autofill_client.h
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/chrome/browser/ui/autofill/autofill_popup_controller_impl.cc
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/chrome/browser/ui/autofill/chrome_autofill_client.cc
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/chrome/browser/ui/autofill/chrome_autofill_client.h
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/components/autofill/core/browser/autofill_client.h
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/components/autofill/core/browser/autofill_external_delegate.cc
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/components/autofill/core/browser/autofill_external_delegate_unittest.cc
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/components/autofill/core/browser/autofill_manager.cc
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/components/autofill/core/browser/autofill_manager_unittest.cc
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/components/autofill/core/browser/test_autofill_client.cc
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/components/autofill/core/browser/test_autofill_client.h
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/components/autofill_strings.grdp
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/components/password_manager/core/browser/password_autofill_manager.cc
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/components/password_manager/core/browser/password_autofill_manager_unittest.cc
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/ios/chrome/browser/ui/autofill/autofill_client_ios.h
[modify] https://crrev.com/b0cb5e4ea319515a8de9c9e9720fd9a79beeb882/ios/chrome/browser/ui/autofill/autofill_client_ios.mm

Comment 6 by raymes@chromium.org, Nov 30 2016

Components: -Security>UX
Labels: Team-Security-UX
Project Member

Comment 7 by bugdroid1@chromium.org, Dec 1 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/833bf5f37ae5a52da4669ecd9a8cc60b838d8d25

commit 833bf5f37ae5a52da4669ecd9a8cc60b838d8d25
Author: lshang <lshang@chromium.org>
Date: Thu Dec 01 21:39:11 2016

Http Bad: Put icon on the left of http warning message on Views

The order of elements in http bad warning message is: icon, value, label. So this
CL puts icon on the left of autofill entry when drawing it. It also adjusts label
font size, name padding and icon padding accordingly.

specs: go/fns-ui-spec
screenshots: https://screenshot.googleplex.com/bD2gRETFRPo
             https://screenshot.googleplex.com/t81q78qYwLk

BUG= 662298 

Review-Url: https://codereview.chromium.org/2517843002
Cr-Commit-Position: refs/heads/master@{#435722}

[modify] https://crrev.com/833bf5f37ae5a52da4669ecd9a8cc60b838d8d25/chrome/browser/ui/autofill/autofill_popup_controller_impl.cc
[modify] https://crrev.com/833bf5f37ae5a52da4669ecd9a8cc60b838d8d25/chrome/browser/ui/autofill/autofill_popup_controller_unittest.cc
[modify] https://crrev.com/833bf5f37ae5a52da4669ecd9a8cc60b838d8d25/chrome/browser/ui/autofill/autofill_popup_layout_model.cc
[modify] https://crrev.com/833bf5f37ae5a52da4669ecd9a8cc60b838d8d25/chrome/browser/ui/autofill/autofill_popup_layout_model.h
[modify] https://crrev.com/833bf5f37ae5a52da4669ecd9a8cc60b838d8d25/chrome/browser/ui/autofill/autofill_popup_layout_model_unittest.cc
[modify] https://crrev.com/833bf5f37ae5a52da4669ecd9a8cc60b838d8d25/chrome/browser/ui/cocoa/autofill/autofill_popup_view_cocoa.mm
[modify] https://crrev.com/833bf5f37ae5a52da4669ecd9a8cc60b838d8d25/chrome/browser/ui/views/autofill/autofill_popup_view_views.cc

Comment 9 by est...@chromium.org, Dec 5 2016

Components: UI>Browser>Autofill
Labels: -M-56 M-57

Comment 10 by est...@chromium.org, Dec 10 2016

Labels: Hotlist-HttpBadFormNotSecure

Comment 11 by lshang@chromium.org, Jan 9 2017

Status: Fixed (was: Assigned)
Mark this as fixed since base implementation has been done. Bugs and future improvement requests are tracked in separate issues.

Sign in to add a comment