[Password Manager] Offer to save when an iframe is detached

If the user has already entered data into a form and the frame containing it
is detached, prompt to save. This fixes password saving on Sears.com, as
they perform authentication by removing an iframe containing the login information when submission is successful.

BUG=450806

Review URL: https://codereview.chromium.org/1012093005

Cr-Commit-Position: refs/heads/master@{#321486}

chrome/browser/password_manager/password_manager_browsertest.cc

@@ -1774,3 +1774,30 @@ IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTest,
   observer.Wait();
   EXPECT_TRUE(prompt_observer->IsShowingPrompt());
 }
+
+IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTest,
+                       SaveWhenIFrameDestroyedOnFormSubmit) {
+  NavigateToFile("/password/frame_detached_on_submit.html");
+
+  // Need to pay attention for a message that XHR has finished since there
+  // is no navigation to wait for.
+  content::DOMMessageQueue message_queue;
+
+  scoped_ptr<PromptObserver> prompt_observer(
+      PromptObserver::Create(WebContents()));
+  std::string fill_and_submit =
+      "var iframe = document.getElementById('login_iframe');"
+      "var frame_doc = iframe.contentDocument;"
+      "frame_doc.getElementById('username_field').value = 'temp';"
+      "frame_doc.getElementById('password_field').value = 'random';"
+      "frame_doc.getElementById('submit_button').click();";
+
+  ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), fill_and_submit));
+  std::string message;
+  while (message_queue.WaitForMessage(&message)) {
+    if (message == "\"SUBMISSION_FINISHED\"")
+      break;
+  }
+
+  EXPECT_TRUE(prompt_observer->IsShowingPrompt());
+}

chrome/test/data/password/frame_detached_on_submit.html

+<html>
+<body>
+
+<script>
+
+function delayedUpload() {
+  window.domAutomationController.send("SUBMISSION_FINISHED");
+}
+
+function receiveMessage(event) {
+  var login_iframe = document.getElementById('login_iframe');
+  login_iframe.parentNode.removeChild(login_iframe);
+  window.domAutomationController.setAutomationId(0);
+  setTimeout(delayedUpload, 0);
+}
+
+window.addEventListener("message", receiveMessage, false);
+
+</script>
+
+<iframe src="inner_frame.html" id="login_iframe" name="login_iframe">
+</iframe>
+
+
+</body>
+</html>

chrome/test/data/password/inner_frame.html

+<html>
+<body>
+
+<script>
+function send_post() {
+  window.parent.postMessage("SignupComplete", "*");
+}
+</script>
+
+<form action="inner_frame.html" onsubmit="send_post(); return false;"
+      id="deleting_form">
+  <input type="text" id="username_field" name="username_field">
+  <input type="password" id="password_field" name="password_field">
+  <input type="submit" id="submit_button" name="submit_button">
+</form>
+
+</body>
+</html>

components/autofill/content/renderer/password_autofill_agent.cc

@@ -1030,6 +1030,14 @@ void PasswordAutofillAgent::DidStopLoading() {
 }
 
 void PasswordAutofillAgent::FrameDetached() {
+  // If a sub frame has been destroyed while the user was entering information
+  // into a password form, try to save the data. See https://crbug.com/450806
+  // for examples of sites that perform login using this technique.
+  if (render_frame()->GetWebFrame()->parent() &&
+      ProvisionallySavedPasswordIsValid()) {
+    Send(new AutofillHostMsg_InPageNavigation(routing_id(),
+                                              *provisionally_saved_form_));
+  }
   FrameClosing();
 }