[Passwords] Include Link in Password Check Removal Confirmation

This change adds a link to the origin to the dialog shown when removing a compromised credential. Since injecting links to insecure domains is not allowed due to the risk of XSS, this is limited to HTTPS origins. Fixed: 1066790 Change-Id: I297c3e49b4388bed5c229959345741565b1d2092 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2133966Reviewed-by: dpapad <dpapad@chromium.org> Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Cr-Commit-Position: refs/heads/master@{#817525}

[Passwords] Include Link in Password Check Removal Confirmation
This change adds a link to the origin to the dialog shown when removing a compromised credential. Since injecting links to insecure domains is not allowed due to the risk of XSS, this is limited to HTTPS origins. Fixed: 1066790 Change-Id: I297c3e49b4388bed5c229959345741565b1d2092 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2133966Reviewed-by: dpapad <dpapad@chromium.org> Commit-Queue: Jan Wilken Dörrie <jdoerrie@chromium.org> Cr-Commit-Position: refs/heads/master@{#817525}
4e93b4cd · Jan Wilken Dörrie · Commit Bot · 678eb60a · 4e93b4cd · 4e93b4cd
Commit 4e93b4cd authored Oct 15, 2020 by Jan Wilken Dörrie Committed by Commit Bot Oct 15, 2020
3 changed files
--- a/chrome/browser/resources/settings/autofill_page/password_remove_confirmation_dialog.html
+++ b/chrome/browser/resources/settings/autofill_page/password_remove_confirmation_dialog.html
+    <!-- We have to include the shared settings style in order to properly -->
+    <!-- style the contained link in the dialog. -->
+    <style include="settings-shared"></style>
    <cr-dialog id="dialog" close-text="$i18n{close}"
        ignore-popstate ignore-enter-key>
      <div slot="title">
        $i18n{removeCompromisedPasswordConfirmationTitle}
      </div>
      <div slot="body">
-        <span id="description">
-          [[getRemovePasswordDescription_(item.formattedOrigin)]]
+        <span id="link" hidden="[[!hasSecureChangePasswordUrl_(item)]]"
+            inner-h-t-m-l="[[getRemovePasswordDescriptionHtml_(item)]]">
+        </span>
+        <span id="text" hidden="[[hasSecureChangePasswordUrl_(item)]]">
+          [[getRemovePasswordDescriptionText_(item)]]
        </span>
      </div>
      <div slot="button-container">

--- a/chrome/browser/resources/settings/autofill_page/password_remove_confirmation_dialog.js
+++ b/chrome/browser/resources/settings/autofill_page/password_remove_confirmation_dialog.js
@@ -52,12 +52,43 @@ Polymer({
  },

  /**
+   * @private
+   * @return {boolean}
+   */
+  hasSecureChangePasswordUrl_() {
+    const url = this.item.changePasswordUrl;
+    return !!url && (url.startsWith('https://') || url.startsWith('chrome://'));
+  },
+
+  /**
+   * Returns the remove password description with a linkified change password
+   * URL. Requires the change password URL to be present and secure.
+   * @private
   * @return {string}
+   */
+  getRemovePasswordDescriptionHtml_() {
+    if (!this.hasSecureChangePasswordUrl_()) {
+      return '';
+    }
+
+    const url = assert(this.item.changePasswordUrl);
+    const origin = this.item.formattedOrigin;
+    return this.i18nAdvanced(
+        'removeCompromisedPasswordConfirmationDescription', {
+          substitutions:
+              [origin, `<a href='${url}' target='_blank'>${origin}</a>`],
+        });
+  },
+
+  /**
+   * Returns the remove password description as a plain text.
+   * Used when the change password URL is not present or insecure.
   * @private
+   * @return {string}
   */
-  getRemovePasswordDescription_() {
+  getRemovePasswordDescriptionText_() {
+    const origin = this.item.formattedOrigin;
    return this.i18n(
-        'removeCompromisedPasswordConfirmationDescription',
-        this.item.formattedOrigin, this.item.formattedOrigin);
-  }
+        'removeCompromisedPasswordConfirmationDescription', origin, origin);
+  },
 });
--- a/chrome/test/data/webui/settings/password_check_test.js
+++ b/chrome/test/data/webui/settings/password_check_test.js
@@ -534,6 +534,26 @@ suite('PasswordsCheckSection', function() {
    assertEquals('one.com', formattedOrigin);
  });

+  // Tests that a secure change password URL gets linkified in the remove
+  // password confirmation dialog.
+  test('secureChangePasswordUrlInRemovePasswordConfirmationDialog', () => {
+    const entry = makeCompromisedCredential('one.com', 'test4', 'LEAKED', 0);
+    entry.changePasswordUrl = 'https://one.com';
+    const removeDialog = createRemovePasswordDialog(entry);
+    assertTrue(isElementVisible(removeDialog.$.link));
+    assertFalse(isElementVisible(removeDialog.$.text));
+  });
+
+  // Tests that an insecure change password URL does not get linkified in the
+  // remove password confirmation dialog.
+  test('insecureChangePasswordUrlInRemovePasswordConfirmationDialog', () => {
+    const entry = makeCompromisedCredential('one.com', 'test4', 'LEAKED', 0);
+    entry.changePasswordUrl = 'http://one.com';
+    const removeDialog = createRemovePasswordDialog(entry);
+    assertFalse(isElementVisible(removeDialog.$.link));
+    assertTrue(isElementVisible(removeDialog.$.text));
+  });
+
  // A changing status is immediately reflected in title, icon and banner.
  test('updatesNumberOfCheckedPasswordsWhileRunning', async function() {
    passwordManager.data.checkStatus = makePasswordCheckStatus(