[rAc Android] Refuse to show rAc dialog if cc info is not requested

BUG=362271 TEST=AutofillDialogControllerTest NOTRY=True Review URL: https://codereview.chromium.org/258543005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@266391 0039d316-1c4b-4281-b951-d872f2087c98

[rAc Android] Refuse to show rAc dialog if cc info is not requested
BUG=362271 TEST=AutofillDialogControllerTest NOTRY=True Review URL: https://codereview.chromium.org/258543005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@266391 0039d316-1c4b-4281-b951-d872f2087c98
fdc74404 · aruslan@chromium.org · cedc906a · fdc74404 · fdc74404
Commit fdc74404 authored Apr 26, 2014 by aruslan@chromium.org
2 changed files
--- a/chrome/android/javatests/src/org/chromium/chrome/browser/autofill/AutofillDialogControllerTest.java
+++ b/chrome/android/javatests/src/org/chromium/chrome/browser/autofill/AutofillDialogControllerTest.java
--- a/chrome/browser/ui/android/autofill/autofill_dialog_controller_android.cc
+++ b/chrome/browser/ui/android/autofill/autofill_dialog_controller_android.cc
@@ -190,10 +190,27 @@ void AutofillDialogControllerAndroid::Show() {
  JNIEnv* env = base::android::AttachCurrentThread();
  dialog_shown_timestamp_ = base::Time::Now();

+  // The Autofill dialog is shown in response to a message from the renderer and
+  // as such, it can only be made in the context of the current document. A call
+  // to GetActiveEntry would return a pending entry, if there was one, which
+  // would be a security bug. Therefore, we use the last committed URL for the
+  // access checks.
  const GURL& current_url = contents_->GetLastCommittedURL();
  invoked_from_same_origin_ =
      current_url.GetOrigin() == source_url_.GetOrigin();

+  // Fail if the dialog factory (e.g. SDK) doesn't support cross-origin calls.
+  if (!Java_AutofillDialogControllerAndroid_isDialogAllowed(
+          env,
+          invoked_from_same_origin_)) {
+    callback_.Run(
+        AutofillManagerDelegate::AutocompleteResultErrorDisabled,
+        base::ASCIIToUTF16("Cross-origin form invocations are not supported."),
+        NULL);
+    delete this;
+    return;
+  }
+
  // Determine what field types should be included in the dialog.
  bool has_types = false;
  bool has_sections = false;
@@ -202,10 +219,7 @@ void AutofillDialogControllerAndroid::Show() {

  // Fail if the author didn't specify autocomplete types, or
  // if the dialog shouldn't be shown in a given circumstances.
-  if (!has_types ||
-      !Java_AutofillDialogControllerAndroid_isDialogAllowed(
-          env,
-          invoked_from_same_origin_)) {
+  if (!has_types) {
    callback_.Run(
        AutofillManagerDelegate::AutocompleteResultErrorDisabled,
        base::ASCIIToUTF16("Form is missing autocomplete attributes."),
@@ -214,6 +228,27 @@ void AutofillDialogControllerAndroid::Show() {
    return;
  }

+  // Fail if the author didn't ask for at least some kind of credit card
+  // information.
+  bool has_credit_card_field = false;
+  for (size_t i = 0; i < form_structure_.field_count(); ++i) {
+    AutofillType type = form_structure_.field(i)->Type();
+    if (type.html_type() != HTML_TYPE_UNKNOWN && type.group() == CREDIT_CARD) {
+      has_credit_card_field = true;
+      break;
+    }
+  }
+
+  if (!has_credit_card_field) {
+    callback_.Run(
+        AutofillManagerDelegate::AutocompleteResultErrorDisabled,
+        base::ASCIIToUTF16("Form is not a payment form (must contain "
+                           "some autocomplete=\"cc-*\" fields). "),
+        NULL);
+    delete this;
+    return;
+  }
+
  // Log any relevant UI metrics and security exceptions.
  GetMetricLogger().LogDialogUiEvent(AutofillMetrics::DIALOG_UI_SHOWN);

@@ -378,7 +413,7 @@ void AutofillDialogControllerAndroid::DialogContinue(
      if (!last_used_card.empty())
        defaults->SetString(kLastUsedCreditCardGuid, last_used_card);
    } else {
-      LOG(ERROR) << "Failed to save AutofillDialog preferences";
+      DLOG(ERROR) << "Failed to save AutofillDialog preferences";
    }
  }