New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 904908 link

Starred by 0 users

Issue metadata

Status: Fixed
Owner:
hobby only
Closed: Nov 19
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , iOS , Chrome , Mac
Pri: 1
Type: Bug

Blocking:
issue 770175



Sign in to add a comment

No manual fallback for password saving on https://www.typing.com/

Project Member Reported by vabr@chromium.org, Nov 13

Issue description

Chrome Version       : 72.0.3610.0

What steps will reproduce the problem?
0. Enable chrome://flags/#new-password-form-parsing and chrome://flags/#new-password-form-parsing-for-saving
1. Go to https://www.typing.com/ >> Student Login
2. Type the username "henry"
3. Type something in the password field

What is the expected result?
The key icon in the right-hand corner of the Omnibox appears and allows to save the password.

What happens instead of that?
No key icon.

Note: This works well with the flags from step 0. disabled.

What happens:
The page has a username-first flow and two forms. The first form contains just the username. The second contains just the password.
None of those forms is ever parsed successfully (I'm not sure yet why this is also true for the latter form).

However, there is a special hack in PasswordAutofillAgent [1] which creates a dummy form if there are any password fields and sends it to browser just so PasswordManager creates a (New)PasswordFormManager for it and fetches stored credentials for filling on demand. This dummy form has no unique renderer ID.

Then when the user types into the password field, Chrome parses that form and checks if there already is a (New)PasswordFormManager for it. If so, it clones it and displays the key icon.

This is done via the DoesManage method of the (New)PasswordFormManager class. The old one compares origin etc., and finds the new form and the dummy form matching -> key icon displayed. The new one compares unique renderer IDs; the new password form does have a unique renderer id, so it is not matched -> no key icon.

It seems like the key for a fix is to figure out why a dummy form is created when there is a form with a password field on the page.


[1] https://cs.chromium.org/chromium/src/components/autofill/content/renderer/password_autofill_agent.cc?l=1222&rcl=95852cba4a77c5a9bb5c1ffae5bc9e7e785fe0de
 
Mystery solved: this is actually caused by the old parser!

The old parser ignores disabled fields. The new one does not, by design [1].

However, there is interference as follows:
In renderer, HTML forms are translated into FormData.
Further, the old parser translates that FormData into PasswordForm.
PasswordForm contains FormData and this whole package is sent to the browser.
There the new parser ignores the PasswordForm except for its FormData payload and re-parses it to create a new PasswordForm.
(The idea is that once the old parser is gone, only FormData is transferred to browser process, but we kept the bundle for now to minimize code changes.)

Now, the password field on typing.com is disabled. The old parser refuses to create a PasswordForm, so nothing is sent over to the browser. Therefore also the new parser won't be able to parse the FormData, even though that would otherwise succeed (I verified).


[1] https://docs.google.com/document/d/1KxWnt3-Pykz4ut4P1IHxNhn6Ef64v3VMyGobUWyLnDg/edit#heading=h.azxb6xacxjq2
We have some alternatives to fix that.

My favourite is: decouple sending FormData to browser from parsing PasswordForms in the renderer, i.e., send it over even if the old parser fails.

Another option is: make the old parser ignore the "disabled" status.

The drawback of the latter is that we don't know the impact. The former does not impact the old parser, only the new one, which is desired.
Labels: -Pri-3 OS-Android OS-Chrome OS-iOS OS-Mac OS-Windows Pri-1
Owner: vabr@chromium.org
Status: Started (was: Available)
I talked to dvadym@ about the first proposal from #2 and we both think it is worth doing. If we keep only running the new parser on forms which the old parser could parsed, then we might get a surprise once the old parser is gone, because some forms will not have been seen by the new parser before.

Also, the current situation prevents efficient evaluation of cases when the parsing looks broken.
Project Member

Comment 4 by bugdroid1@chromium.org, Nov 19

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d446be5b4ceca4d3a42395a5094075026c674af8

commit d446be5b4ceca4d3a42395a5094075026c674af8
Author: Vaclav Brozek <vabr@chromium.org>
Date: Mon Nov 19 10:11:56 2018

Run new PasswordForm parser even if old one fails

The old FormData -> PasswordForm parser runs in renderer process,
before the data about forms is passed on to the browser process.

The new parser runs in browser, after it receives the data from the
renderer.

For legacy reasons, the FormData (parsing input) is enclosed inside
PasswordForm (output) during the inter-process transport.

As a result, if the old parser fails to parse completely, the new one
has no chance to run at all, because there is no valid PasswordForm to
encapsulate its input FormData during the inter-process transport.

The important case when this matters is if there are password fields
present, but none of them is enabled. The old parser gives up, the
new does not care about enabled vs. disabled, so can parse.

This CL allows the old parser to produce a minimal PasswordForm
if only disabled password fields are present, to allow transporting
the FormData to the new parser. In PasswordManager, all these
minimal PasswordForms are managed by at most one PasswordFormManager
and only used as a fallback, so the functionality of Chrome under
the old parser is not affected.

Bug:  904908 
Change-Id: Idaf569d39884375dc5942dea4349aeec41355c76
Reviewed-on: https://chromium-review.googlesource.com/c/1337497
Commit-Queue: Vaclav Brozek <vabr@chromium.org>
Reviewed-by: Vadym Doroshenko <dvadym@chromium.org>
Cr-Commit-Position: refs/heads/master@{#609225}
[modify] https://crrev.com/d446be5b4ceca4d3a42395a5094075026c674af8/components/autofill/content/renderer/password_form_conversion_utils.cc
[modify] https://crrev.com/d446be5b4ceca4d3a42395a5094075026c674af8/components/autofill/content/renderer/password_form_conversion_utils_browsertest.cc

Status: Fixed (was: Started)

Sign in to add a comment