Bug 1330228 - Use hasBeenTypePassword in FormData.jsm to not save former password fields. r=Felipe

Differential Revision: https://phabricator.services.mozilla.com/D15208

--HG--
extra : moz-landing-system : lando

browser/components/sessionstore/test/browser.ini

@@ -100,6 +100,8 @@ skip-if = (os == 'win') # bug 1331853
 skip-if = (verify && debug)
 [browser_formdata_cc.js]
 [browser_formdata_format.js]
+[browser_formdata_password.js]
+support-files = file_formdata_password.html
 [browser_formdata_xpath.js]
 [browser_frametree.js]
 [browser_frame_history.js]

browser/components/sessionstore/test/browser_formdata_password.js

@@ -0,0 +1,51 @@
+"use strict";
+
+/**
+ * Ensures that <input>s that are/were type=password are not saved.
+ */
+
+const URL = "https://example.com/browser/browser/components/" +
+            "sessionstore/test/file_formdata_password.html";
+
+add_task(async function test_hasBeenTypePassword() {
+  let tab = BrowserTestUtils.addTab(gBrowser, URL);
+  let browser = tab.linkedBrowser;
+  await promiseBrowserLoaded(browser);
+
+  await ContentTask.spawn(browser, {}, async function fillFields() {
+    let doc = content.document;
+
+    doc.getElementById("TextValue").setUserInput("abc");
+
+    doc.getElementById("TextValuePassword").setUserInput("def");
+    doc.getElementById("TextValuePassword").type = "password";
+
+    doc.getElementById("TextPasswordValue").type = "password";
+    doc.getElementById("TextPasswordValue").setUserInput("ghi");
+
+    doc.getElementById("PasswordValueText").setUserInput("jkl");
+    doc.getElementById("PasswordValueText").type = "text";
+
+    doc.getElementById("PasswordTextValue").type = "text";
+    doc.getElementById("PasswordTextValue").setUserInput("mno");
+
+    doc.getElementById("PasswordValue").setUserInput("pqr");
+  });
+
+  // Remove the tab.
+  await promiseRemoveTabAndSessionState(tab);
+
+  let [{state: {formdata}}] = JSON.parse(ss.getClosedTabData(window));
+  let expected = [
+    ["TextValue", "abc"],
+    ["TextValuePassword", undefined],
+    ["TextPasswordValue", undefined],
+    ["PasswordValueText", undefined],
+    ["PasswordTextValue", undefined],
+    ["PasswordValue", undefined],
+  ];
+
+  for (let [id, expectedValue] of expected) {
+    is(formdata.id[id], expectedValue, `Value should be ${expectedValue} for ${id}`);
+  }
+});

browser/components/sessionstore/test/file_formdata_password.html

@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+  </head>
+  <body>
+    <!-- Text/Password in the name indicates the type and the position of 'Value'
+         indicates when the value gets set relative to the type changes. -->
+    <input id="TextValue">
+    <input id="TextValuePassword">
+    <input id="TextPasswordValue">
+
+    <input id="PasswordValueText" type="password">
+    <input id="PasswordTextValue" type="password">
+    <input id="PasswordValue" type="password">
+  </body>
+</html>

toolkit/modules/sessionstore/FormData.jsm

@@ -161,9 +161,9 @@ var FormDataInternal = {
         continue;
       }
 
-      // We do not want to collect credit card numbers.
+      // We do not want to collect credit card numbers or past/current password fields.
       if (ChromeUtils.getClassName(node) === "HTMLInputElement") {
-        if (CreditCard.isValidNumber(node.value)) {
+        if (CreditCard.isValidNumber(node.value) || node.hasBeenTypePassword) {
           continue;
         }
       }