Bug 38014

Summary: [chromium] Autofill ignores forms without 'action' attribute
Product: WebKit Reporter: Jens Alfke <jens>
Component: WebKit APIAssignee: Jens Alfke <jens>
Severity: Normal CC: commit-queue, levin, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: OS X 10.5   
Description Flags
now, with less whitespace
now with changelog entry!!
eric: review-
updated changelog entry none

Description Jens Alfke 2010-04-22 16:59:51 PDT
Chrome's password autofill doesn't handle forms where the <form> element has no 'action' attribute.
The bug is in Chrome's WebKit API implementation, specifically WebPasswordFormData. When it derives the form's actual action URL it ends up with a null URL if there's no action attribute, when instead it should default to the same URL as the page. And when it has a null URL it assumes the form is invalid and ignores it for autofill purposes.
Comment 1 Jens Alfke 2010-04-22 17:03:36 PDT
Created attachment 54110 [details]
Comment 2 WebKit Review Bot 2010-04-22 17:06:39 PDT
Attachment 54110 [details] did not pass style-queue:

Failed to run "['WebKitTools/Scripts/check-webkit-style']" exit_code: 1
WebKit/chromium/src/WebPasswordFormData.cpp:167:  One space before end of line comments  [whitespace/comments] [5]
Total errors found: 1 in 1 files

If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 3 Jens Alfke 2010-04-22 17:51:05 PDT
Created attachment 54114 [details]
now, with less whitespace

OK, WebKit only wants one space before a comment. Here it is. FML.
Comment 4 Jens Alfke 2010-04-23 13:01:55 PDT
Created attachment 54184 [details]
now with changelog entry!!

Sorry, forgot the changelog entry. I haven't touched WebKit in a few months and am getting rusty ...
Comment 5 Eric Seidel (no email) 2010-04-27 12:11:35 PDT
Comment on attachment 54184 [details]
now with changelog entry!!

Autosave code is outside the scope of webkit historically.  However is Chromium's in webkit's repo?

Either way, how do we test this?
Comment 6 Eric Seidel (no email) 2010-04-27 12:12:42 PDT
Comment on attachment 54184 [details]
now with changelog entry!!

Also, your ChangeLog is wrong.  You should leave the "Reviewed by" line as-is, and the scripts will automatically fill in the reviewer.  it's confusing, but that's how it works.

The ChangeLog shoudl also explain what testing there is or why testing is impossible.  See:
Comment 7 Jens Alfke 2010-04-27 12:32:04 PDT
Created attachment 54444 [details]
updated changelog entry

OK, fixed the reviewer name glitch and added info about (the lack of) tests.
Comment 8 Eric Seidel (no email) 2010-04-27 12:37:20 PDT
Comment on attachment 54444 [details]
updated changelog entry

Thank you.  The test explanation update is helpful.  One more question though:

Why fix this here, by mapping the null string to "" instead of changing completeURL()?
Comment 9 Jens Alfke 2010-04-27 12:51:24 PDT
FrameLoader::completeURL is just a call-through wrapper for Document::completeURL), which explicitly states in a comment, "Always return a null URL when passed a null string." So this behavior appears to be intentional, and it seems likely that something would probably break, possibly in very subtle ways, if I changed it.

It just happens that _in this particular case_ a missing 'action' attribute in an HTML <form> element defaults to the document's URL.
Comment 10 Eric Seidel (no email) 2010-04-27 17:57:18 PDT
Comment on attachment 54444 [details]
updated changelog entry

Comment 11 WebKit Commit Bot 2010-04-27 23:00:12 PDT
Comment on attachment 54444 [details]
updated changelog entry

Clearing flags on attachment: 54444

Committed r58382: <http://trac.webkit.org/changeset/58382>
Comment 12 WebKit Commit Bot 2010-04-27 23:00:17 PDT
All reviewed patches have been landed.  Closing bug.