New issue
Advanced search Search tips

Issue 759095 link

Starred by 1 user
Status: Fixed
Owner:
elawrence@chromium.org
Closed: Oct 2017
Cc:
est...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 3
Type: Bug
Team-Security-UX



Sign in to add a comment

Move password and credit card flags into SSLStatus user data

Project Member Reported by est...@chromium.org, Aug 25 2017 
We originally stored password and credit card information as SSLStatus flags with associated WebContents methods. However, this information doesn't really belong in the content public API because it is specific to the Chrome HTTP-bad effort. We introduced SSLStatus user data to store even more Chrome-specific HTTP-bad info (form editing), so we should move password and credit card handling into the SSLStatus user data as well.
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 13 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a0e7e264d58308ef1aa5de7dd5165cc715fd702f

commit a0e7e264d58308ef1aa5de7dd5165cc715fd702f
Author: Eric Lawrence <elawrence@chromium.org>
Date: Fri Oct 13 21:06:23 2017

Move HTTPBad flags into SSLStatus user data

Previously, HTTPBad-related flags for sensitive input fields like
passwords and credit cards shown on non-secure pages were stored
directly in the SSLStatus. This is an architectural violation because
this data is not generated or consumed by the content layer.

For HTTPBad Phase 2, we created a new abstraction that attaches a
|user_data| object to SSLStatus. Chrome populates that object with a
flag indicating if a sensitive input editing operation was taken on
a non-secure page.

This CL moves the two flags from HTTPBad Phase 1 into the new object.

Bug:  759095 
Change-Id: I1ba25d4e600682d2d126d98dba5439fdf50c31fc
Reviewed-on: https://chromium-review.googlesource.com/709458
Reviewed-by: Mathieu Perreault <mathp@chromium.org>
Reviewed-by: Moe Ahmadi <mahmadi@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Emily Stark <estark@chromium.org>
Reviewed-by: Richard Coles <torne@chromium.org>
Commit-Queue: Eric Lawrence <elawrence@chromium.org>
Cr-Commit-Position: refs/heads/master@{#508818}
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/android_webview/browser/aw_autofill_client.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/android_webview/browser/aw_autofill_client.h
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/chrome/browser/BUILD.gn
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/chrome/browser/ssl/insecure_sensitive_input_driver.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/chrome/browser/ssl/insecure_sensitive_input_driver.h
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/chrome/browser/ssl/insecure_sensitive_input_driver_factory.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/chrome/browser/ssl/insecure_sensitive_input_driver_factory.h
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/chrome/browser/ssl/insecure_sensitive_input_driver_unittest.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/chrome/browser/ssl/security_state_tab_helper.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/chrome/browser/ssl/security_state_tab_helper_unittest.cc
[delete] https://crrev.com/68c4cdbe80c1a578c9321d2a98f61939fc54c39d/chrome/browser/ssl/visible_password_observer.cc
[delete] https://crrev.com/68c4cdbe80c1a578c9321d2a98f61939fc54c39d/chrome/browser/ssl/visible_password_observer.h
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/chrome/browser/ui/autofill/chrome_autofill_client.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/chrome/browser/ui/autofill/chrome_autofill_client.h
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/components/autofill/content/browser/content_autofill_driver.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/components/autofill/content/browser/content_autofill_driver_unittest.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/components/autofill/core/browser/autofill_client.h
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/components/autofill/core/browser/test_autofill_client.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/components/autofill/core/browser/test_autofill_client.h
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/components/autofill/ios/browser/autofill_client_ios.h
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/components/autofill/ios/browser/autofill_client_ios.mm
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/components/security_state/content/content_utils.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/components/security_state/content/content_utils_browsertest.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/components/security_state/content/content_utils_unittest.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/components/security_state/core/insecure_input_event_data.h
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/components/security_state/core/security_state.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/components/security_state/core/security_state.h
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/components/security_state/core/security_state_unittest.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/content/browser/ssl/ssl_manager.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/content/browser/ssl/ssl_manager.h
[delete] https://crrev.com/68c4cdbe80c1a578c9321d2a98f61939fc54c39d/content/browser/ssl/ssl_manager_unittest.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/content/browser/web_contents/web_contents_impl.cc
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/content/browser/web_contents/web_contents_impl.h
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/content/public/browser/ssl_status.h
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/content/public/browser/web_contents.h
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/content/test/BUILD.gn
[modify] https://crrev.com/a0e7e264d58308ef1aa5de7dd5165cc715fd702f/ios/chrome/browser/ssl/ios_security_state_tab_helper.mm

Comment 2 by elawrence@chromium.org, Oct 16 2017

Status: Fixed (was: Assigned)

Sign in to add a comment