Allow autofill on all non-dangerous pages.

This CL allows autofill on pages with valid TLS, but using legacy TLS
certs or other non-fatal certificate errors.

Bug: 1029906
Change-Id: I3676919fe7aa13c1aad82920f4cb74cb137af21b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1946984Reviewed-by: Evan Stade <estade@chromium.org>
Commit-Queue: Joe DeBlasio <jdeblasio@chromium.org>
Cr-Commit-Position: refs/heads/master@{#720654}

chrome/browser/ui/autofill/chrome_autofill_client.cc

@@ -511,14 +511,15 @@ bool ChromeAutofillClient::IsContextSecure() {
     return false;
 
   const auto security_level = helper->GetSecurityLevel();
+  content::NavigationEntry* entry =
+      web_contents()->GetController().GetVisibleEntry();
 
-  // Cases with mixed passive content are safe enough to allow autofill, so
-  // allow NONE in addition to the secure cases.
+  // Only dangerous security states should prevent autofill.
   //
-  // TODO(crbug.com/701018): Once passive mixed content is less common, just use
-  // IsSslCertificateValid().
-  return security_state::IsSslCertificateValid(security_level) ||
-         security_level == security_state::NONE;
+  // TODO(crbug.com/701018): Once passive mixed content and legacy TLS are less
+  // common, just use IsSslCertificateValid().
+  return entry->GetURL().SchemeIsCryptographic() &&
+         security_level != security_state::DANGEROUS;
 }
 
 bool ChromeAutofillClient::ShouldShowSigninPromo() {