New issue
Advanced search Search tips

Issue 675696 link

Starred by 1 user
Status: Fixed
Owner:
est...@chromium.org
Closed: Dec 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug



Sign in to add a comment

Form-not-secure warning should show up in username field as well as password field

Project Member Reported by est...@chromium.org, Dec 19 2016 
Right now the "Login not secure" warning shows up in the password suggestions, but not in username suggestions (see attachments). Per go/fns-ui-spec, the warning should show up in username suggestions as well.

Comment 1 by est...@chromium.org, Dec 19 2016 

Adding missing attachments.
password.png
33.2 KB View Download
username.png
32.3 KB View Download

Comment 2 by est...@chromium.org, Dec 19 2016 

Screenshot of the fix at https://codereview.chromium.org/2585173006/
Screenshot from 2016-12-19 12:55:36.png
61.7 KB View Download
Project Member

Comment 3 by bugdroid1@chromium.org, Dec 20 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c97dee453dac00aaf5a24441a3a371efee1d43ef

commit c97dee453dac00aaf5a24441a3a371efee1d43ef
Author: estark <estark@chromium.org>
Date: Tue Dec 20 17:39:33 2016

Don't limit 'Login not secure' warning to password fields

Per the specs at go/fns-ui-spec, the "Login not secure" warning should
show up in username fields as well as password fields. Which makes sense
because usernames are sensitive information too. Thus, this CL populates
the "Login not secure" warning in the suggestions dropdown of a password
form regardless of whether the field is a password field or not.

BUG= 675696 
TEST=Enable #enable-http-form-warning in chrome://flags and relaunch
Chrome. Save a username/password in the Name/Password form in
http://rsolomakhin.github.io/autofill/. Focus the "Name" field and
observe a "Login not secure" warning in the autofill dropdown.

Review-Url: https://codereview.chromium.org/2585173006
Cr-Commit-Position: refs/heads/master@{#439837}

[modify] https://crrev.com/c97dee453dac00aaf5a24441a3a371efee1d43ef/components/autofill_strings.grdp
[modify] https://crrev.com/c97dee453dac00aaf5a24441a3a371efee1d43ef/components/password_manager/core/browser/password_autofill_manager.cc
[modify] https://crrev.com/c97dee453dac00aaf5a24441a3a371efee1d43ef/components/password_manager/core/browser/password_autofill_manager_unittest.cc

Comment 4 by est...@chromium.org, Dec 20 2016

Status: Fixed (was: Assigned)

Comment 5 by ha...@opera.com, Feb 3 2017 

Why isn't the warning shown for 'username' fields if there isn't any autofill data stored for the field?

Comment 6 by est...@chromium.org, Feb 4 2017 

Re #5: the way the code is structured makes it hard to do that. Without stored autofill data, we don't know whether the field is a username field at the point that we add the Form-Not-Secure warning. There's a little bit of discussion on this in https://bugs.chromium.org/p/chromium/issues/detail?id=672663#c13.

I think we may be able to improve this in a future release. I'll file a bug to track that (will cc you).

Sign in to add a comment