Show mixed form warning for mixed forms that submit to new tab Previously forms on secure sites that submit to an insecure target, but that submitted on a new tab (with target=_blank) showed the on form warning but not the on-submit one. This CL fixes it. Pending work: Like other interstitials for navigations on new tabs, this will go back to the NTP if Go Back is selected, it might make more sense to close the new tab in this case, but in the interest of keeping the CL simple for merging, this will be done on a separate CL, which won't be merged. Bug: 1134466 Change-Id: I6169fef6bd368f9c8ca054d7bbd8f96e50490956 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2451549 Commit-Queue: Carlos IL <[email protected]> Commit-Queue: Emily Stark <[email protected]> Reviewed-by: Emily Stark <[email protected]> Auto-Submit: Carlos IL <[email protected]> Cr-Commit-Position: refs/heads/master@{#814059} (cherry picked from commit 2f64d2afed25c2a549874342e2186f4447253312) TBR: [email protected] Change-Id: I6169fef6bd368f9c8ca054d7bbd8f96e50490956 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2482324 Commit-Queue: Carlos IL <[email protected]> Reviewed-by: Carlos IL <[email protected]> Cr-Commit-Position: refs/branch-heads/4280@{#459} Cr-Branched-From: ea420fb963f9658c9969b6513c56b8f47efa1a2a-refs/heads/master@{#812852}

commit: 4528444c43cb53a93043abac800aace2bd0565a0 [log] [tgz]
author: Carlos IL <[email protected]> Sat Oct 17 01:21:59 2020
committer: Commit Bot <[email protected]> Sat Oct 17 01:21:59 2020
tree: 9921659d7021a147ee4fd64d586dc2f627c27f67
parent: e7224346db628a05dd16e2b6bbcc513f75011907 [diff]
diff --git a/chrome/browser/ssl/ssl_browsertest.cc b/chrome/browser/ssl/ssl_browsertest.cc
index 281b835..1e4953b 100644
--- a/chrome/browser/ssl/ssl_browsertest.cc
+++ b/chrome/browser/ssl/ssl_browsertest.cc

@@ -6234,6 +6234,33 @@
             security_interstitials::InsecureFormBlockingPage::kTypeForTesting);
 }
 
+// Checks insecure form warning works for forms that submit on a new tab.
+IN_PROC_BROWSER_TEST_F(SSLUITestWithInsecureFormsWarningEnabled,
+                       TestDisplaysInsecureFormSubmissionWarningTargetBlank) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+  ASSERT_TRUE(https_server_.Start());
+
+  std::string replacement_path = GetFilePathWithHostAndPortReplacement(
+      "/ssl/page_displays_insecure_form_target_blank.html",
+      embedded_test_server()->host_port_pair());
+
+  ui_test_utils::NavigateToURL(browser(),
+                               https_server_.GetURL(replacement_path));
+  WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+  content::TestNavigationObserver nav_observer(tab, 1);
+  nav_observer.StartWatchingNewWebContents();
+  ASSERT_TRUE(content::ExecuteScript(tab, "submitForm();"));
+  nav_observer.Wait();
+  tab = browser()->tab_strip_model()->GetActiveWebContents();
+  security_interstitials::SecurityInterstitialTabHelper* helper =
+      security_interstitials::SecurityInterstitialTabHelper::FromWebContents(
+          tab);
+  EXPECT_TRUE(helper->IsDisplayingInterstitial());
+  EXPECT_EQ(helper->GetBlockingPageForCurrentlyCommittedNavigationForTesting()
+                ->GetTypeForTesting(),
+            security_interstitials::InsecureFormBlockingPage::kTypeForTesting);
+}
+
 // Check proceed works correctly on insecure form warning.
 IN_PROC_BROWSER_TEST_F(SSLUITestWithInsecureFormsWarningEnabled,
                        ProceedThroughInsecureFormWarning) {

diff --git a/chrome/test/data/ssl/page_displays_insecure_form_target_blank.html b/chrome/test/data/ssl/page_displays_insecure_form_target_blank.html
new file mode 100644
index 0000000..4e1c7979
--- /dev/null
+++ b/chrome/test/data/ssl/page_displays_insecure_form_target_blank.html

@@ -0,0 +1,18 @@
+<html>
+<head><title>Page that displays an insecure form with target=_blank</title>
+<script>
+ function submitForm() {
+   form = document.getElementById("insecureForm");
+   form.submit();
+ }
+</script>
+</head>
+<body>
+This page contains an form which targets a non-secure URL on a new tab,
+causing insecure content (when this page is loaded over https).<br>
+<form id="insecureForm" target="_blank" action="http://does-not-exist.test/ssl/google_files/logo.gif">
+<input type="submit" />
+</form>
+
+</body>
+</html>

diff --git a/components/security_interstitials/content/insecure_form_navigation_throttle.cc b/components/security_interstitials/content/insecure_form_navigation_throttle.cc
index 0221421..9da53694 100644
--- a/components/security_interstitials/content/insecure_form_navigation_throttle.cc
+++ b/components/security_interstitials/content/insecure_form_navigation_throttle.cc

@@ -42,8 +42,11 @@
   if (!handle->IsFormSubmission())
     return content::NavigationThrottle::PROCEED;
   content::WebContents* contents = handle->GetWebContents();
+
+  url::Origin form_originating_origin =
+      handle->GetInitiatorOrigin().value_or(url::Origin());
   if (!IsInsecureFormAction(handle->GetURL()) ||
-      !contents->GetLastCommittedURL().SchemeIs(url::kHttpsScheme)) {
+      !(form_originating_origin.scheme() == url::kHttpsScheme)) {
     // Currently we only warn for insecure forms in secure pages.
     return content::NavigationThrottle::PROCEED;
   }
commit	4528444c43cb53a93043abac800aace2bd0565a0	[log] [tgz]
author	Carlos IL <[email protected]>	Sat Oct 17 01:21:59 2020
committer	Commit Bot <[email protected]>	Sat Oct 17 01:21:59 2020
tree	9921659d7021a147ee4fd64d586dc2f627c27f67
parent	e7224346db628a05dd16e2b6bbcc513f75011907 [diff]