Issue 854171 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	se...@yandex-team.ru
Closed:	Jul 16
Cc:	dvadym@chromium.org kolos@chromium.org █ nepper@chromium.org
Components:	UI>Browser>Passwords
EstimatedDays:	----
NextAction:	----
OS:	Linux , Android , Windows , Mac
Pri:	3
Type:	Bug

Blocking:
issue 777268

Invalid password save prompt on non password form submit

Project Member Reported by se...@yandex-team.ru, Jun 19 2018

Issue description

Chrome Version: 69.0.3466.0 (dev) (64 бит)
OS: Win10

What steps will reproduce the problem?
(1) Open mail.ru.
(2) Enter username/login.
(3) Submit SEARCH form.

What is the expected result?
No password save prompt.

What happens instead?
Password save prompt is shown.

Chrome Version: 69.0.3466.0 (dev) (64 бит)
OS: Win10

What steps will reproduce the problem?
(1) Open mail.ru.
(2) Enter username, password.
(3) Submit SEARCH form.

What is the expected result?
No password save prompt.

What happens instead?
Password save prompt is shown.

Chrome Version: 69.0.3466.0 (dev) (64 bit)
OS: Win10

What steps will reproduce the problem?
(1) Open mail.ru.
(2) Enter username, password.
(3) Submit SEARCH form.

What is the expected result?
No password save prompt.

What happens instead?
Password save prompt is shown.

Comment 1 by se...@yandex-team.ru, Jun 19 2018

Description: Show this description

Comment 2 by se...@yandex-team.ru, Jun 19 2018

Description: Show this description

Project Member

Comment 3 by bugdroid1@chromium.org, Jul 16

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8

commit 3b9b2cca707c28be23d0dc20cae189d44ae7d6d8
Author: Alexey Khoroshilov <sense@yandex-team.ru>
Date: Mon Jul 16 13:40:51 2018

Fix invalid password save offer in some cases.

Here we fix few password save flaws:
1. Invalid password save offer when a password form was filled and then a non
password form was submitted.
2. A proper password form handling when a form is submitted into about:blank
iframe using "target" attribute. This is a valid flow which some websites use to send private information via iframe.

The iframe test is implemented exactly for the #2 flaw.

Bug:  854171 
Change-Id: I39aec0d9b1f5fcbda551efb145f0c3be2456c0da
Reviewed-on: https://chromium-review.googlesource.com/1106137
Commit-Queue: Alexey Khoroshilov <sense@yandex-team.ru>
Reviewed-by: Vadym Doroshenko <dvadym@chromium.org>
Cr-Commit-Position: refs/heads/master@{#575239}
[modify] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/chrome/browser/password_manager/password_manager_interactive_uitest.cc
[add] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/chrome/test/data/password/done_redirect_parent.html
[add] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/chrome/test/data/password/iframe_target.html
[add] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/chrome/test/data/password/no_form_elements_with_additional_form.html
[add] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/chrome/test/data/password/password_form_with_simple_form.html
[modify] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/components/autofill/content/renderer/form_tracker.cc
[modify] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/components/autofill/content/renderer/password_autofill_agent.cc
[modify] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/components/autofill/content/renderer/password_autofill_agent.h
[modify] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/components/autofill/content/renderer/test_password_autofill_agent.cc
[modify] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/components/autofill/content/renderer/test_password_autofill_agent.h

Comment 4 by se...@yandex-team.ru, Jul 16

Status: Fixed (was: Assigned)

Comment 5 by battre@chromium.org, Jul 16

Cc: nepper@chromium.org

CCing nepper@ as this may have a noticeable impact on our statistics.

Project Member

Comment 6 by bugdroid1@chromium.org, Jul 16

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f6d0d007b215ca79e55d024f868de126b5765ebc

commit f6d0d007b215ca79e55d024f868de126b5765ebc
Author: Owen Min <zmin@chromium.org>
Date: Mon Jul 16 17:59:36 2018

Revert "Fix invalid password save offer in some cases."

This reverts commit 3b9b2cca707c28be23d0dc20cae189d44ae7d6d8.

Reason for revert: The test is flaky on Win 10 and Win 7

Original change's description:
> Fix invalid password save offer in some cases.
> 
> Here we fix few password save flaws:
> 1. Invalid password save offer when a password form was filled and then a non
> password form was submitted.
> 2. A proper password form handling when a form is submitted into about:blank
> iframe using "target" attribute. This is a valid flow which some websites use to send private information via iframe.
> 
> The iframe test is implemented exactly for the #2 flaw.
> 
> Bug:  854171 
> Change-Id: I39aec0d9b1f5fcbda551efb145f0c3be2456c0da
> Reviewed-on: https://chromium-review.googlesource.com/1106137
> Commit-Queue: Alexey Khoroshilov <sense@yandex-team.ru>
> Reviewed-by: Vadym Doroshenko <dvadym@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#575239}

TBR=dvadym@chromium.org,kolos@chromium.org,sense@yandex-team.ru

Change-Id: Ic89f7474943072def85f97f75033fa6ebe2ba736
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  854171 
Reviewed-on: https://chromium-review.googlesource.com/1138518
Reviewed-by: Owen Min <zmin@chromium.org>
Commit-Queue: Owen Min <zmin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#575341}
[modify] https://crrev.com/f6d0d007b215ca79e55d024f868de126b5765ebc/chrome/browser/password_manager/password_manager_interactive_uitest.cc
[delete] https://crrev.com/ebc96c6441c8c03dfde6ddd04b0b8465a83c858e/chrome/test/data/password/done_redirect_parent.html
[delete] https://crrev.com/ebc96c6441c8c03dfde6ddd04b0b8465a83c858e/chrome/test/data/password/iframe_target.html
[delete] https://crrev.com/ebc96c6441c8c03dfde6ddd04b0b8465a83c858e/chrome/test/data/password/no_form_elements_with_additional_form.html
[delete] https://crrev.com/ebc96c6441c8c03dfde6ddd04b0b8465a83c858e/chrome/test/data/password/password_form_with_simple_form.html
[modify] https://crrev.com/f6d0d007b215ca79e55d024f868de126b5765ebc/components/autofill/content/renderer/form_tracker.cc
[modify] https://crrev.com/f6d0d007b215ca79e55d024f868de126b5765ebc/components/autofill/content/renderer/password_autofill_agent.cc
[modify] https://crrev.com/f6d0d007b215ca79e55d024f868de126b5765ebc/components/autofill/content/renderer/password_autofill_agent.h
[modify] https://crrev.com/f6d0d007b215ca79e55d024f868de126b5765ebc/components/autofill/content/renderer/test_password_autofill_agent.cc
[modify] https://crrev.com/f6d0d007b215ca79e55d024f868de126b5765ebc/components/autofill/content/renderer/test_password_autofill_agent.h

Comment 7 by vabr@chromium.org, Nov 29

Cc: -vabr@chromium.org

►

Issue 854171 link

Issue metadata

Invalid password save prompt on non password form submit

Issue description

Comment 1 by se...@yandex-team.ru, Jun 19 2018

Comment 1 Deleted

Comment 2 by se...@yandex-team.ru, Jun 19 2018

Comment 2 Deleted

Comment 3 by bugdroid1@chromium.org, Jul 16

Comment 3 Deleted

Comment 4 by se...@yandex-team.ru, Jul 16

Comment 4 Deleted

Comment 5 by battre@chromium.org, Jul 16

Comment 5 Deleted

Comment 6 by bugdroid1@chromium.org, Jul 16

Comment 6 Deleted

Comment 7 by vabr@chromium.org, Nov 29

Comment 7 Deleted

Sign in to add a comment