Sets reader mode security indicator and bubble text.

Reader mode should have the (i) icon for security indicator
along with the text "reader mode". When clicked, it should
explain that you are viewing the source of a webpage.

Bug: 840191
Change-Id: I431a50447ea7efc6f854ac944f8db131d8241414
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2072471
Commit-Queue: Katie Dektar <katie@chromium.org>
Reviewed-by: Emily Stark <estark@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#751498}

chrome/browser/dom_distiller/tab_utils_browsertest.cc

@@ -10,6 +10,7 @@
 #include "build/build_config.h"
 #include "chrome/browser/dom_distiller/dom_distiller_service_factory.h"
 #include "chrome/browser/dom_distiller/tab_utils.h"
+#include "chrome/browser/ssl/security_state_tab_helper.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/test/base/in_process_browser_test.h"
@@ -20,6 +21,7 @@
 #include "components/dom_distiller/core/task_tracker.h"
 #include "components/dom_distiller/core/url_constants.h"
 #include "components/dom_distiller/core/url_utils.h"
+#include "components/security_state/core/security_state.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/web_contents.h"
@@ -124,8 +126,8 @@ class DomDistillerTabUtilsBrowserTest : public InProcessBrowserTest {
     if (!DistillerJavaScriptWorldIdIsSet()) {
       SetDistillerJavaScriptWorldId(content::ISOLATED_WORLD_ID_CONTENT_END);
     }
-    ASSERT_TRUE(embedded_test_server()->Start());
-    article_url_ = embedded_test_server()->GetURL(kSimpleArticlePath);
+    ASSERT_TRUE(https_server_->Start());
+    article_url_ = https_server_->GetURL(kSimpleArticlePath);
   }
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
@@ -133,6 +135,11 @@ class DomDistillerTabUtilsBrowserTest : public InProcessBrowserTest {
   }
 
  protected:
+  void SetUpInProcessBrowserTestFixture() override {
+    https_server_.reset(
+        new net::EmbeddedTestServer(net::EmbeddedTestServer::TYPE_HTTPS));
+    https_server_->ServeFilesFromSourceDirectory(GetChromeTestDataDir());
+  }
   const GURL& article_url() const { return article_url_; }
 
   std::string GetPageTitle(content::WebContents* web_contents) const {
@@ -141,6 +148,8 @@ class DomDistillerTabUtilsBrowserTest : public InProcessBrowserTest {
         .GetString();
   }
 
+  std::unique_ptr<net::EmbeddedTestServer> https_server_;
+
  private:
   GURL article_url_;
 };
@@ -239,7 +248,7 @@ IN_PROC_BROWSER_TEST_F(DomDistillerTabUtilsBrowserTest,
       browser()->tab_strip_model()->GetActiveWebContents()->GetMainFrame();
   int process_id = main_frame->GetProcess()->GetID();
   int frame_routing_id = main_frame->GetRoutingID();
-  GURL url2(embedded_test_server()->GetURL("/title1.html"));
+  GURL url2(https_server_->GetURL("/title1.html"));
 
   // Navigate to the page
   ui_test_utils::NavigateToURL(browser(), url1);
@@ -254,5 +263,25 @@ IN_PROC_BROWSER_TEST_F(DomDistillerTabUtilsBrowserTest,
       "browser::DomDistiller_SelfDeletingRequestDelegate"));
 }
 
+IN_PROC_BROWSER_TEST_F(DomDistillerTabUtilsBrowserTest, SecurityStateIsNone) {
+  content::WebContents* initial_web_contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  ui_test_utils::NavigateToURL(browser(), article_url());
+
+  // Check security state is not NONE.
+  SecurityStateTabHelper* helper =
+      SecurityStateTabHelper::FromWebContents(initial_web_contents);
+  ASSERT_NE(security_state::NONE, helper->GetSecurityLevel());
+
+  DistillCurrentPageAndView(initial_web_contents);
+  content::WebContents* after_web_contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  DistilledPageObserver(after_web_contents).WaitUntilFinishedLoading();
+
+  // Now security state should be NONE.
+  helper = SecurityStateTabHelper::FromWebContents(after_web_contents);
+  ASSERT_EQ(security_state::NONE, helper->GetSecurityLevel());
+}
+
 }  // namespace
 }  // namespace dom_distiller

chrome/browser/ui/views/location_bar/location_icon_view.cc

@@ -12,6 +12,7 @@
 #include "chrome/browser/ui/views/page_info/page_info_bubble_view.h"
 #include "chrome/grit/chromium_strings.h"
 #include "chrome/grit/generated_resources.h"
+#include "components/dom_distiller/core/url_constants.h"
 #include "components/omnibox/browser/omnibox_edit_model.h"
 #include "components/omnibox/browser/omnibox_field_trial.h"
 #include "components/security_state/core/security_state.h"
@@ -133,7 +134,8 @@ bool LocationIconView::ShouldShowText() const {
   const GURL& url = location_bar_model->GetURL();
   if (url.SchemeIs(content::kChromeUIScheme) ||
       url.SchemeIs(extensions::kExtensionScheme) ||
-      url.SchemeIs(url::kFileScheme)) {
+      url.SchemeIs(url::kFileScheme) ||
+      url.SchemeIs(dom_distiller::kDomDistillerScheme)) {
     return true;
   }
 
@@ -155,6 +157,11 @@ base::string16 LocationIconView::GetText() const {
   if (delegate_->GetLocationBarModel()->GetURL().SchemeIs(url::kFileScheme))
     return l10n_util::GetStringUTF16(IDS_OMNIBOX_FILE);
 
+  if (delegate_->GetLocationBarModel()->GetURL().SchemeIs(
+          dom_distiller::kDomDistillerScheme)) {
+    return l10n_util::GetStringUTF16(IDS_OMNIBOX_READER_MODE);
+  }
+
   if (delegate_->GetWebContents()) {
     // On ChromeOS, this can be called using web_contents from
     // SimpleWebViewDialog::GetWebContents() which always returns null.

chrome/browser/ui/views/page_info/page_info_bubble_view.cc

@@ -46,6 +46,7 @@
 #include "chrome/browser/vr/vr_tab_helper.h"
 #include "chrome/common/url_constants.h"
 #include "components/content_settings/core/common/content_settings_types.h"
+#include "components/dom_distiller/core/url_constants.h"
 #include "components/safe_browsing/buildflags.h"
 #include "components/strings/grit/components_chromium_strings.h"
 #include "components/strings/grit/components_strings.h"
@@ -374,6 +375,11 @@ InternalPageInfoBubbleView::InternalPageInfoBubbleView(
     text = IDS_PAGE_INFO_FILE_PAGE;
   } else if (url.SchemeIs(content::kChromeDevToolsScheme)) {
     text = IDS_PAGE_INFO_DEVTOOLS_PAGE;
+  } else if (url.SchemeIs(dom_distiller::kDomDistillerScheme)) {
+    // TODO(crbug.com/840191): See if the original was secure or not, and adjust
+    // this string shown accordingly. This may be possible with virtual URLs,
+    // or by asking the distilled page what the original URL was.
+    text = IDS_PAGE_INFO_READER_MODE_PAGE;
   } else if (!url.SchemeIs(content::kChromeUIScheme)) {
     NOTREACHED();
   }
@@ -423,7 +429,8 @@ views::BubbleDialogDelegateView* PageInfoBubbleView::CreatePageInfoBubble(
       url.SchemeIs(content::kChromeDevToolsScheme) ||
       url.SchemeIs(extensions::kExtensionScheme) ||
       url.SchemeIs(content::kViewSourceScheme) ||
-      url.SchemeIs(url::kFileScheme)) {
+      url.SchemeIs(url::kFileScheme) ||
+      url.SchemeIs(dom_distiller::kDomDistillerScheme)) {
     return new InternalPageInfoBubbleView(anchor_view, anchor_rect, parent_view,
                                           web_contents, url);
   }

components/omnibox_strings.grdp

@@ -80,6 +80,9 @@
   <message name="IDS_OMNIBOX_FILE" desc="Text shown in the omnibox to indicate a user is viewing a file.">
     File
   </message>
+  <message name="IDS_OMNIBOX_READER_MODE" desc="Text shown in the omnibox to indicate a user is viewing the reader mode view of an article.">
+    Reader Mode
+  </message>
   <message name="IDS_DRIVE_SUGGESTION_DOCUMENT" desc="Google Docs product name, for use in omnibox Docs result descriptions.">
     Google Docs
   </message>

components/omnibox_strings_grdp/IDS_OMNIBOX_READER_MODE.png.sha1

+cf66635d988ea53b988eaff7245d962326664c68
\ No newline at end of file

components/page_info_strings.grdp

@@ -31,6 +31,9 @@
   <message name="IDS_PAGE_INFO_DEVTOOLS_PAGE" desc="Message to display in the page info bubble when the page you are on is a devtools:// page.">
     You're viewing a developer tools page
   </message>
+  <message name="IDS_PAGE_INFO_READER_MODE_PAGE" desc="Message to display in the page info bubble when the page you are viewing is the reader mode version of an article.">
+    Chrome simplified this page to make it easier to read.
+  </message>
 
   <!-- Safety Tip summary strings -->
   <message name="IDS_PAGE_INFO_SAFETY_TIP_BAD_REPUTATION_TITLE" desc="Message to display in the page info bubble when the page you are on triggered a safety tip.">

components/page_info_strings_grdp/IDS_PAGE_INFO_READER_MODE_PAGE.png.sha1

+cf66635d988ea53b988eaff7245d962326664c68
\ No newline at end of file

components/security_state/content/BUILD.gn

@@ -19,6 +19,7 @@ jumbo_static_library("content") {
 
   deps = [
     "//base",
+    "//components/dom_distiller/core",
     "//components/strings",
     "//content/public/browser",
     "//content/public/common",

components/security_state/content/DEPS

 include_rules = [
+  "+components/dom_distiller/core",
   "+components/strings",
   "+components/security_interstitials/core",
   "+content/public/browser",

components/security_state/content/content_utils.cc

@@ -12,6 +12,7 @@
 #include "base/strings/string16.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
+#include "components/dom_distiller/core/url_constants.h"
 #include "components/security_interstitials/core/common_string_util.h"
 #include "components/security_state/content/ssl_status_input_event_data.h"
 #include "components/security_state/core/security_state.h"
@@ -430,6 +431,8 @@ std::unique_ptr<security_state::VisibleSecurityState> GetVisibleSecurityState(
       entry->GetVirtualURL().SchemeIs(content::kViewSourceScheme);
   state->is_devtools =
       entry->GetVirtualURL().SchemeIs(content::kChromeDevToolsScheme);
+  state->is_reader_mode =
+      entry->GetURL().SchemeIs(dom_distiller::kDomDistillerScheme);
   state->url = entry->GetURL();
 
   if (!entry->GetSSL().initialized)

components/security_state/core/security_state.cc

@@ -179,6 +179,14 @@ SecurityLevel GetSecurityLevel(
     if (!visible_security_state.is_error_page &&
         !network::IsUrlPotentiallyTrustworthy(url) &&
         (url.IsStandard() || url.SchemeIs(url::kBlobScheme))) {
+      // Display ReaderMode pages as neutral even if the original URL was
+      // secure, because Chrome has modified the content so we don't want to
+      // present it as the actual content that the server sent. Distilled pages
+      // do not contain forms, payment handlers, or other JS from the original
+      // URL, so they won't be affected by a downgraded security level.
+      if (visible_security_state.is_reader_mode) {
+        return NONE;
+      }
       return GetSecurityLevelForNonSecureFieldTrial(
           visible_security_state.is_error_page,
           visible_security_state.insecure_input_events);
@@ -276,6 +284,7 @@ VisibleSecurityState::VisibleSecurityState()
       is_error_page(false),
       is_view_source(false),
       is_devtools(false),
+      is_reader_mode(false),
       connection_used_legacy_tls(false),
       should_suppress_legacy_tls_warning(false),
       should_suppress_mixed_content_warning(false) {}

components/security_state/core/security_state.h

@@ -197,6 +197,8 @@ struct VisibleSecurityState {
   bool is_view_source;
   // True if the page is a devtools page.
   bool is_devtools;
+  // True if the page is a reader mode page.
+  bool is_reader_mode;
   // True if the page was loaded over a legacy TLS version.
   bool connection_used_legacy_tls;
   // True if the page should be excluded from a UI treatment for legacy TLS