[Autofill] Truncate filled credit card number part to intended length.

Currently, autofill::FillCreditCardNumberField() fills the complete
rest of the credit card number from an offset calculated from the
previous field's |max_length| attribute.
The logic relies on the automatic truncation of the value. If the
|max_length| value is changed in by JS in the meantime, autofill would
fill the whole rest of the number and not only the intended portion.

With this change, the value is already truncated by autofill.

Change-Id: I7eef43d8abd83081e903bbdb0b12dc78846c9b4c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2190214
Auto-Submit: Matthias Körber <koerber@google.com>
Commit-Queue: Dominic Battré <battre@chromium.org>
Reviewed-by: Dominic Battré <battre@chromium.org>
Reviewed-by: Matthias Körber <koerber@google.com>
Cr-Commit-Position: refs/heads/master@{#768765}

components/autofill/core/browser/field_filler.cc

@@ -5,6 +5,7 @@
 #include "components/autofill/core/browser/field_filler.h"
 
 #include <stdint.h>
+#include <vector>
 
 #include "base/feature_list.h"
 #include "base/i18n/case_conversion.h"
@@ -421,10 +422,13 @@ void FillCreditCardNumberField(const AutofillField& field,
   base::string16 value = number;
 
   // |field|'s max_length truncates credit card number to fit within.
-  if (field.credit_card_number_offset() < value.length())
-    value = value.substr(field.credit_card_number_offset());
-
-  field_data->value = value;
+  if (field.credit_card_number_offset() < number.length()) {
+    field_data->value = number.substr(
+        field.credit_card_number_offset(),
+        field.max_length > 0 ? field.max_length : base::string16::npos);
+  } else {
+    field_data->value = base::string16();
+  }
 }
 
 // Fills in the select control |field| with |value|. If an exact match is not

components/autofill/core/browser/field_filler_unittest.cc

@@ -7,6 +7,7 @@
 #include <stddef.h>
 
 #include <memory>
+#include <vector>
 
 #include "base/base_paths.h"
 #include "base/files/file_path.h"
@@ -411,6 +412,79 @@ TEST_F(AutofillFieldFillerTest, FillFormField_AutocompleteOff_CreditCardField) {
   EXPECT_EQ(ASCIIToUTF16("4111111111111111"), field.value);
 }
 
+// Verify that an empty credit card value is returned if the offset exceeds the
+// length.
+TEST_F(AutofillFieldFillerTest,
+       FillFormField_MaxLength_CreditCardField_MaxLenghtExceedsLength) {
+  AutofillField field;
+  field.max_length = 30;
+  field.set_credit_card_number_offset(2);
+  field.set_heuristic_type(CREDIT_CARD_NUMBER);
+
+  // Credit card related field.
+  credit_card()->SetNumber(ASCIIToUTF16("0123456789999999"));
+  FieldFiller filler(/*app_locale=*/"en-US", /*address_normalizer=*/nullptr);
+  filler.FillFormField(field, *credit_card(), &field, /*cvc=*/base::string16());
+
+  // Verify that the field is filled with the fourth digit of the credit card
+  // number.
+  EXPECT_EQ(ASCIIToUTF16("23456789999999"), field.value);
+}
+
+// Verify that an empty credit card value is returned if the offset exceeds the
+// length.
+TEST_F(AutofillFieldFillerTest,
+       FillFormField_MaxLength_CreditCardField_OffsetExceedsLength) {
+  AutofillField field;
+  field.max_length = 1;
+  field.set_credit_card_number_offset(18);
+  field.set_heuristic_type(CREDIT_CARD_NUMBER);
+
+  // Credit card related field.
+  credit_card()->SetNumber(ASCIIToUTF16("0123456789999999"));
+  FieldFiller filler(/*app_locale=*/"en-US", /*address_normalizer=*/nullptr);
+  filler.FillFormField(field, *credit_card(), &field, /*cvc=*/base::string16());
+
+  // Verify that the field is filled with an empty value.
+  // number.
+  EXPECT_EQ(ASCIIToUTF16(""), field.value);
+}
+
+// Verify that only the truncated and offsetted value of the credit card number
+// is set.
+TEST_F(AutofillFieldFillerTest,
+       FillFormField_MaxLength_CreditCardField_WithOffset) {
+  AutofillField field;
+  field.max_length = 1;
+  field.set_credit_card_number_offset(3);
+  field.set_heuristic_type(CREDIT_CARD_NUMBER);
+
+  // Credit card related field.
+  credit_card()->SetNumber(ASCIIToUTF16("0123456789999999"));
+  FieldFiller filler(/*app_locale=*/"en-US", /*address_normalizer=*/nullptr);
+  filler.FillFormField(field, *credit_card(), &field, /*cvc=*/base::string16());
+
+  // Verify that the field is filled with the third digit of the credit card
+  // number.
+  EXPECT_EQ(ASCIIToUTF16("3"), field.value);
+}
+
+// Verify that only the truncated value of the credit card number is set.
+TEST_F(AutofillFieldFillerTest, FillFormField_MaxLength_CreditCardField) {
+  AutofillField field;
+  field.max_length = 1;
+  field.set_heuristic_type(CREDIT_CARD_NUMBER);
+
+  // Credit card related field.
+  credit_card()->SetNumber(ASCIIToUTF16("4111111111111111"));
+  FieldFiller filler(/*app_locale=*/"en-US", /*address_normalizer=*/nullptr);
+  filler.FillFormField(field, *credit_card(), &field, /*cvc=*/base::string16());
+
+  // Verify that the field is filled with only the first digit of the credit
+  // card number.
+  EXPECT_EQ(ASCIIToUTF16("4"), field.value);
+}
+
 // Verify that when the relevant feature is enabled, the invalid fields don't
 // get filled.
 TEST_F(AutofillFieldFillerTest, FillFormField_Validity_ServerClient) {