New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 854171 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Jul 16
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Mac
Pri: 3
Type: Bug

Blocking:
issue 777268



Sign in to add a comment

Invalid password save prompt on non password form submit

Project Member Reported by se...@yandex-team.ru, Jun 19 2018

Issue description

Chrome Version: 69.0.3466.0 (dev) (64 bit)
OS: Win10

What steps will reproduce the problem?
(1) Open mail.ru.
(2) Enter username, password.
(3) Submit SEARCH form.

What is the expected result?
No password save prompt.

What happens instead?
Password save prompt is shown.

 
Description: Show this description
Description: Show this description
Project Member

Comment 3 by bugdroid1@chromium.org, Jul 16

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8

commit 3b9b2cca707c28be23d0dc20cae189d44ae7d6d8
Author: Alexey Khoroshilov <sense@yandex-team.ru>
Date: Mon Jul 16 13:40:51 2018

Fix invalid password save offer in some cases.

Here we fix few password save flaws:
1. Invalid password save offer when a password form was filled and then a non
password form was submitted.
2. A proper password form handling when a form is submitted into about:blank
iframe using "target" attribute. This is a valid flow which some websites use to send private information via iframe.

The iframe test is implemented exactly for the #2 flaw.

Bug:  854171 
Change-Id: I39aec0d9b1f5fcbda551efb145f0c3be2456c0da
Reviewed-on: https://chromium-review.googlesource.com/1106137
Commit-Queue: Alexey Khoroshilov <sense@yandex-team.ru>
Reviewed-by: Vadym Doroshenko <dvadym@chromium.org>
Cr-Commit-Position: refs/heads/master@{#575239}
[modify] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/chrome/browser/password_manager/password_manager_interactive_uitest.cc
[add] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/chrome/test/data/password/done_redirect_parent.html
[add] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/chrome/test/data/password/iframe_target.html
[add] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/chrome/test/data/password/no_form_elements_with_additional_form.html
[add] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/chrome/test/data/password/password_form_with_simple_form.html
[modify] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/components/autofill/content/renderer/form_tracker.cc
[modify] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/components/autofill/content/renderer/password_autofill_agent.cc
[modify] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/components/autofill/content/renderer/password_autofill_agent.h
[modify] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/components/autofill/content/renderer/test_password_autofill_agent.cc
[modify] https://crrev.com/3b9b2cca707c28be23d0dc20cae189d44ae7d6d8/components/autofill/content/renderer/test_password_autofill_agent.h

Status: Fixed (was: Assigned)
Cc: nepper@chromium.org
CCing nepper@ as this may have a noticeable impact on our statistics.
Project Member

Comment 6 by bugdroid1@chromium.org, Jul 16

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f6d0d007b215ca79e55d024f868de126b5765ebc

commit f6d0d007b215ca79e55d024f868de126b5765ebc
Author: Owen Min <zmin@chromium.org>
Date: Mon Jul 16 17:59:36 2018

Revert "Fix invalid password save offer in some cases."

This reverts commit 3b9b2cca707c28be23d0dc20cae189d44ae7d6d8.

Reason for revert: The test is flaky on Win 10 and Win 7

Original change's description:
> Fix invalid password save offer in some cases.
> 
> Here we fix few password save flaws:
> 1. Invalid password save offer when a password form was filled and then a non
> password form was submitted.
> 2. A proper password form handling when a form is submitted into about:blank
> iframe using "target" attribute. This is a valid flow which some websites use to send private information via iframe.
> 
> The iframe test is implemented exactly for the #2 flaw.
> 
> Bug:  854171 
> Change-Id: I39aec0d9b1f5fcbda551efb145f0c3be2456c0da
> Reviewed-on: https://chromium-review.googlesource.com/1106137
> Commit-Queue: Alexey Khoroshilov <sense@yandex-team.ru>
> Reviewed-by: Vadym Doroshenko <dvadym@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#575239}

TBR=dvadym@chromium.org,kolos@chromium.org,sense@yandex-team.ru

Change-Id: Ic89f7474943072def85f97f75033fa6ebe2ba736
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  854171 
Reviewed-on: https://chromium-review.googlesource.com/1138518
Reviewed-by: Owen Min <zmin@chromium.org>
Commit-Queue: Owen Min <zmin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#575341}
[modify] https://crrev.com/f6d0d007b215ca79e55d024f868de126b5765ebc/chrome/browser/password_manager/password_manager_interactive_uitest.cc
[delete] https://crrev.com/ebc96c6441c8c03dfde6ddd04b0b8465a83c858e/chrome/test/data/password/done_redirect_parent.html
[delete] https://crrev.com/ebc96c6441c8c03dfde6ddd04b0b8465a83c858e/chrome/test/data/password/iframe_target.html
[delete] https://crrev.com/ebc96c6441c8c03dfde6ddd04b0b8465a83c858e/chrome/test/data/password/no_form_elements_with_additional_form.html
[delete] https://crrev.com/ebc96c6441c8c03dfde6ddd04b0b8465a83c858e/chrome/test/data/password/password_form_with_simple_form.html
[modify] https://crrev.com/f6d0d007b215ca79e55d024f868de126b5765ebc/components/autofill/content/renderer/form_tracker.cc
[modify] https://crrev.com/f6d0d007b215ca79e55d024f868de126b5765ebc/components/autofill/content/renderer/password_autofill_agent.cc
[modify] https://crrev.com/f6d0d007b215ca79e55d024f868de126b5765ebc/components/autofill/content/renderer/password_autofill_agent.h
[modify] https://crrev.com/f6d0d007b215ca79e55d024f868de126b5765ebc/components/autofill/content/renderer/test_password_autofill_agent.cc
[modify] https://crrev.com/f6d0d007b215ca79e55d024f868de126b5765ebc/components/autofill/content/renderer/test_password_autofill_agent.h

Cc: -vabr@chromium.org

Sign in to add a comment