Don't autofill a read-only password field.

BUG=26416
TEST=PasswordManagerAutocompleteTests::OnBlur

Review URL: http://codereview.chromium.org/1856004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@46383 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 41 insertions, 10 deletions

diff --git a/webkit/glue/dom_operations.cc b/webkit/glue/dom_operations.cc
index f42270d..982bbba 100644
--- a/webkit/glue/dom_operations.cc
+++ b/webkit/glue/dom_operations.cc
@@ -183,6 +183,11 @@ static bool FillFormImpl(FormElements* fe, const FormData& data) {
        it != fe->input_elements.end(); ++it) {
     if (!it->second.value().isEmpty())  // Don't overwrite pre-filled values.
       continue;
+    if (it->second.inputType() == WebInputElement::Password) {
+       if (!it->second.isEnabledFormControl() ||
+           it->second.hasAttribute("readonly"))
+        continue;  // Don't fill uneditable password fields.
+    }
     it->second.setValue(data_map[it->first]);
     it->second.setAutofilled(true);
     it->second.dispatchFormControlChangeEvent();
diff --git a/webkit/glue/webpasswordautocompletelistener_impl.cc b/webkit/glue/webpasswordautocompletelistener_impl.cc
index 3415a22..60d46ee5 100644
--- a/webkit/glue/webpasswordautocompletelistener_impl.cc
+++ b/webkit/glue/webpasswordautocompletelistener_impl.cc
@@ -28,6 +28,10 @@ WebInputElementDelegate::WebInputElementDelegate(const WebInputElement& element)
 WebInputElementDelegate::~WebInputElementDelegate() {
 }
 
+bool WebInputElementDelegate::IsEditable() {
+  return element_.isEnabledFormControl() && !element_.hasAttribute("readonly");
+}
+
 void WebInputElementDelegate::SetValue(const string16& value) {
   element_.setValue(value);
 }
@@ -72,14 +76,16 @@ void WebPasswordAutocompleteListenerImpl::didBlurInputElement(
 
   string16 user_input16 = user_input;
 
-  // Set the password field to match the current username.
-  if (data_.basic_data.fields[0].value() == user_input16) {
-    // Preferred username/login is selected.
-    password_delegate_->SetValue(data_.basic_data.fields[1].value());
-  } else if (data_.additional_logins.find(user_input16) !=
-             data_.additional_logins.end()) {
-    // One of the extra username/logins is selected.
-    password_delegate_->SetValue(data_.additional_logins[user_input16]);
+  if (password_delegate_->IsEditable()) {
+    // If enabled, set the password field to match the current username.
+    if (data_.basic_data.fields[0].value() == user_input16) {
+      // Preferred username/login is selected.
+      password_delegate_->SetValue(data_.basic_data.fields[1].value());
+    } else if (data_.additional_logins.find(user_input16) !=
+               data_.additional_logins.end()) {
+      // One of the extra username/logins is selected.
+      password_delegate_->SetValue(data_.additional_logins[user_input16]);
+    }
   }
   password_delegate_->OnFinishedAutocompleting();
 }
@@ -138,7 +144,8 @@ bool WebPasswordAutocompleteListenerImpl::TryToMatch(const string16& input,
   username_delegate_->SetValue(username);
   username_delegate_->SetSelectionRange(input.length(), username.length());
   username_delegate_->OnFinishedAutocompleting();
-  password_delegate_->SetValue(password);
+  if (password_delegate_->IsEditable())
+    password_delegate_->SetValue(password);
   password_delegate_->OnFinishedAutocompleting();
   return true;
 }
diff --git a/webkit/glue/webpasswordautocompletelistener_impl.h b/webkit/glue/webpasswordautocompletelistener_impl.h
index 1d136c2..e307dc7 100644
--- a/webkit/glue/webpasswordautocompletelistener_impl.h
+++ b/webkit/glue/webpasswordautocompletelistener_impl.h
@@ -29,6 +29,7 @@ class WebInputElementDelegate {
   virtual ~WebInputElementDelegate();
 
   // These are virtual to support unit testing.
+  virtual bool IsEditable();
   virtual void SetValue(const string16& value);
   virtual void SetSelectionRange(size_t start, size_t end);
   virtual void OnFinishedAutocompleting();
diff --git a/webkit/glue/webpasswordautocompletelistener_unittest.cc b/webkit/glue/webpasswordautocompletelistener_unittest.cc
index db1ca32..c2bb758 100644
--- a/webkit/glue/webpasswordautocompletelistener_unittest.cc
+++ b/webkit/glue/webpasswordautocompletelistener_unittest.cc
@@ -26,10 +26,15 @@ class TestWebInputElementDelegate : public WebInputElementDelegate {
                                   did_set_value_(false),
                                   did_set_selection_(false),
                                   selection_start_(0),
-                                  selection_end_(0) {
+                                  selection_end_(0),
+                                  is_editable_(true) {
   }
 
   // Override those methods we implicitly invoke in the tests.
+  virtual bool IsEditable() {
+    return is_editable_;
+  }
+
   virtual void SetValue(const string16& value) {
     value_ = value;
     did_set_value_ = true;
@@ -52,6 +57,10 @@ class TestWebInputElementDelegate : public WebInputElementDelegate {
     did_set_selection_ = false;
   }
 
+  void set_is_editable(bool editable) {
+    is_editable_ = editable;
+  }
+
   string16 value() const {
     return value_;
   }
@@ -83,6 +92,7 @@ class TestWebInputElementDelegate : public WebInputElementDelegate {
   string16 value_;
   size_t selection_start_;
   size_t selection_end_;
+  bool is_editable_;
 };
 
 namespace {
@@ -126,6 +136,14 @@ TEST_F(PasswordManagerAutocompleteTests, OnBlur) {
 
   // Clear the password field.
   password_delegate->SetValue(string16());
+
+  // Make the password field read-only.
+  password_delegate->set_is_editable(false);
+  // Simulate a blur event on the username field, but r/o password won't fill.
+  listener->didBlurInputElement(username1_);
+  EXPECT_EQ(string16(), password_delegate->value());
+  password_delegate->set_is_editable(true);
+
   // Simulate a blur event on the username field and expect a password autofill.
   listener->didBlurInputElement(username1_);
   EXPECT_EQ(password1_, password_delegate->value());