| // Copyright 2016 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| syntax = "proto2"; |
| |
| option optimize_for = LITE_RUNTIME; |
| |
| package autofill; |
| |
| import "password_requirements.proto"; |
| |
| // The message is sent when a client needs to autofill forms on web pages and |
| // asks the server about known field types. |
| // Next available id: 11 |
| message AutofillQueryContents { |
| required string client_version = 1; |
| repeated group Form = 2 { |
| required fixed64 signature = 3; |
| repeated group Field = 4 { |
| required fixed32 signature = 5; |
| optional string name = 8; |
| optional string type = 9; // Control type. |
| } |
| } |
| } |
| |
| // This message is the result of an Autofill query. It holds the field type |
| // information. |
| // Next available id: 10 |
| message AutofillQueryResponseContents { |
| optional bool upload_required = 1; |
| repeated group Field = 2 { |
| required fixed32 overall_type_prediction = 3; |
| // Detailed list of all possible predictions (including |
| // |overall_type_prediction| as the first item). |
| message FieldPrediction { |
| // The predicted field type. |
| optional fixed32 type = 1; |
| |
| // True if the serverside classification believes that the field |
| // may be pre-filled with a placeholder in the value attribute. |
| optional bool may_use_prefilled_placeholder = 2; |
| } |
| repeated FieldPrediction predictions = 7; |
| |
| // For fields of type NEW_PASSWORD and ACCOUNT_CREATION_PASSWORD, this may |
| // specify requirements for the generation of passwords. |
| optional PasswordRequirementsSpec password_requirements = 9; |
| } |
| } |
| |
| // This message contains a randomized encoding of a string, where each bit |
| // in the encoded string is randomly sent as either the true value seen by |
| // the client, or random noise. The mapping of specific bits in the encoded |
| // string back to bits in the original string is specified by the EncodingType. |
| message AutofillRandomizedValue { |
| enum EncodingType { |
| // Reserved default value. Should never be sent over the wire. |
| UNSPECIFIED_ENCODING_TYPE = -1; |
| |
| // This string encodes only one bit, bit N, for each byte. |
| BIT_0 = 0; |
| BIT_1 = 1; |
| BIT_2 = 2; |
| BIT_3 = 3; |
| BIT_4 = 4; |
| BIT_5 = 5; |
| BIT_6 = 6; |
| BIT_7 = 7; |
| |
| // For each byte, the encoded value contains even or odd bits only. |
| EVEN_BITS = 8; |
| ODD_BITS = 9; |
| |
| // The encoded value contains all of the bits. |
| ALL_BITS = 10; |
| } |
| |
| // Selector denoting the source bits to which the encoded bits correspond. |
| optional EncodingType encoding_type = 1 [default = UNSPECIFIED_ENCODING_TYPE]; |
| |
| // The encoded bits. Only the bits denoted by |encoding_type| are included in |
| // |encoded_bits|. |
| // |
| // BIT_K encodings: |
| // each randomized bit i in |encoded_bits| corresponds to bit k of the byte |
| // at the corresponsding offset i of the original metadata value, up to |
| // i=64 (8 bytes). |
| // |
| // EVEN_BITS encoding: |
| // each randomized bit i in |encoded_bits| corresponds to bit 2*i of the |
| // original metadata value, up to i=256 (32 bytes). |
| // |
| // ODD_BITS encoding: |
| // each randomized bit i in |encoded_bits| corresponds to bit 2*i+1 of the |
| // original metadata value, up to i=256 (32 bytes). |
| // |
| // ALL_BITS encding: |
| // each bit i in |encoded_bits| corresponds to bit i of the original |
| // metadata value, up to i=512 (64 bytes). |
| // |
| // The encoded data is generally not user data, however, it is possible that |
| // user visible metadata (like the Label for an input field) could be |
| // personalized and thus contains user data (possibly PII). For the ALL_BITS |
| // encoding, each randomized byte has a 10% probability of being encoded 1:1 |
| // as the true byte seen by the client, even if some of those bits were |
| // transmitted as noise. For all of the other encodings, the encoded bits |
| // does not encode any full bytes. |
| optional bytes encoded_bits = 2; |
| } |
| |
| // The collection of autofill field metadata to be sent using randomization. |
| message AutofillRandomizedFormMetadata { |
| // Form element id. Example: <form id="XXXXXXXX"> |
| optional AutofillRandomizedValue id = 1; |
| |
| // Form element name. Example: <form name="XXXXXXXX"> |
| optional AutofillRandomizedValue name = 2; |
| |
| // Form element action. Example: <form action="XXXXXXXX"> |
| optional AutofillRandomizedValue action = 3; |
| } |
| |
| // The collection of autofill field metadata to be sent using randomization. |
| message AutofillRandomizedFieldMetadata { |
| // Input element id. Example: <input id="XXXXXXXX"> |
| optional AutofillRandomizedValue id = 1; |
| |
| // Input element name. Example: <input name="XXXXXXXX"> |
| optional AutofillRandomizedValue name = 2; |
| |
| // Input element type. Example: <input type="XXXXXXXX"> |
| optional AutofillRandomizedValue type = 3; |
| |
| // Input field label value seen by the user, either explicitly annotated in |
| // the DOM or inferred by the client. |
| // |
| // The value encountered by the client may be personalized (for example: |
| // "Please enter the password for foo@bar.net"). The system will learn the |
| // common/static prefix and determine that the personalized substring is |
| // noise. That said, for a given upload using the ALL_BITS encoding, each |
| // byte has a 10% probability or matching the original plaintext byte and |
| // a 1 in 10^m chance of the full m-character string being uploaded as |
| // plaintext. The other encodings only send partial bytes. |
| // |
| // Example: <label for="id">XXXXXXX</label> |
| optional AutofillRandomizedValue label = 4; |
| |
| // Input field label value exposed to the user via ARIA. |
| // Example 1: <input aria-label="XXXXXX> |
| // Example 2: <div id="foo">XXXXXXX</div> |
| // <input aria-labelledby="foo"> |
| optional AutofillRandomizedValue aria_label = 5; |
| |
| // Input field description exposed to the user via ARIA. |
| // Example: |
| // <div id="foo">XXXXXXX</div> |
| // <input aria-describedby="foo"> |
| optional AutofillRandomizedValue aria_description = 6; |
| |
| // CSS class for the input element. |
| // Example: <input class="XXXXXXXX"> |
| optional AutofillRandomizedValue css_class = 7; |
| |
| // Placeholder text for the input element. |
| // Example: <input placeholder="XXXXXXXX"> |
| optional AutofillRandomizedValue placeholder = 8; |
| |
| // Hash of the initial value of the field. We want to learn if the initial |
| // value of this field is personalized to the user (we will learn that the |
| // value is noise) or if it is a placeholder in disguise (we will learn a |
| // constant hash). |
| // |
| // Example: <input value="VVVVVVV"> |
| // XXXXXXXX = hash("VVVVVVV"") |
| optional AutofillRandomizedValue initial_value_hash = 9; |
| } |
| |
| // This message contains information about the field types in a single form. |
| // It is sent by the toolbar to contribute to the field type statistics. |
| // Next available id: 34 |
| message AutofillUploadContents { |
| required string client_version = 1; |
| required fixed64 form_signature = 2; |
| |
| // True if the autofill feature was used to fill this form, false otherwise. |
| required bool autofill_used = 3; |
| |
| // A string representing a bit array of what personal information items |
| // the user has entered in the autofill settings dialog. |
| // The corresponding bit is set if the user has that particular |
| // item entered and is not set otherwise. |
| required string data_present = 4; |
| |
| // List of the fields in the form and their types. |
| repeated group Field = 5 { |
| // Field identification inside the current form. |
| required fixed32 signature = 6; |
| |
| // Type of the field, e.g. what type of personal information did the user |
| // enter in that field before form submission. There is a predefined |
| // enum of types located at |
| // components/autofill/core/browser/field_types.h |
| // AutoFillFieldType |
| repeated fixed32 autofill_type = 7; |
| |
| // The value of the name attribute on the field, if present. Otherwise, the |
| // value of the id attribute. See HTMLFormControlElement::nameForAutofill. |
| // TODO(850606): Deprecate once randomized metadata is launched. |
| optional string name = 8; |
| |
| // The value of the autocomplete attribute on the field, if present. |
| // TODO(850606): Deprecate once randomized metadata is launched. |
| optional string autocomplete = 9; |
| |
| // The type of input control for this field (e.g. text, textarea, email). |
| // TODO(850606): Deprecate once randomized metadata is launched. |
| optional string type = 10; |
| |
| // The field-level metadata associated with this field, randomized. |
| optional AutofillRandomizedFieldMetadata randomized_field_metadata = 33; |
| |
| enum PasswordGenerationType { |
| NO_GENERATION = 0; |
| AUTOMATICALLY_TRIGGERED_GENERATION_ON_SIGN_UP_FORM = 1; |
| AUTOMATICALLY_TRIGGERED_GENERATION_ON_CHANGE_PASSWORD_FORM = 2; |
| MANUALLY_TRIGGERED_GENERATION_ON_SIGN_UP_FORM = 3; |
| MANUALLY_TRIGGERED_GENERATION_ON_CHANGE_PASSWORD_FORM = 4; |
| IGNORED_GENERATION_POPUP = 5; |
| } |
| // The type of password generation, if it happened. |
| optional PasswordGenerationType generation_type = 17; |
| |
| // The value of the class attribute on the field, if present. |
| // TODO(850606): Deprecate once randomized metadata is launched. |
| optional string css_classes = 19; |
| |
| // The properties mask (i.e. whether the field was autofilled, user |
| // modified, etc.) See FieldPropertiesFlags. |
| optional uint32 properties_mask = 20; |
| |
| // The value of the id attribute, if it differs from the name attribute. |
| // Otherwise, this field is absent. |
| // TODO(850606): Deprecate once randomized metadata is launched. |
| optional string id = 21; |
| |
| // True iff the user changed generated password. If there was no generation, |
| // the field is absent. |
| optional bool generated_password_changed = 22; |
| |
| enum VoteType { |
| NO_INFORMATION = 0; |
| // A credential saved on one form (typically a signup form) was used on a |
| // login form. The vote applies to the first (signup) form. |
| CREDENTIALS_REUSED = 1; |
| // When reusing a credential, the username value is not the saved |
| // username, but another value, which appeared on the form where we saved. |
| // The correct field is voted for. |
| USERNAME_OVERWRITTEN = 2; |
| // In the save prompt, the user corrected the username value to another |
| // value from the form. The new field is voted for. |
| USERNAME_EDITED = 3; |
| // The username field was detected by the base heuristic (take the last |
| // non-password field before the first password field). The value is not |
| // used at this point. |
| BASE_HEURISTIC = 4; |
| // The username field was detected by HTML-based detector. The value is |
| // not used at this point. |
| HTML_CLASSIFIER = 5; |
| // A saved credential was used for the first time on a submitted form. The |
| // vote applies to the form being submitted. |
| FIRST_USE = 6; |
| } |
| |
| // The type of password-related vote. If |autofill_type| is not a USERNAME |
| // or any PASSWORD vote, then the field is absent. This field describes the |
| // context of the vote. |
| optional VoteType vote_type = 23; |
| |
| message AutofillTypeValiditiesPair { |
| required fixed32 type = 1; |
| repeated fixed32 validity = 2; |
| } |
| repeated AutofillTypeValiditiesPair autofill_type_validities = 24; |
| } |
| // Signature of the form action host (e.g. Hash64Bit("example.com")). |
| optional fixed64 action_signature = 13; |
| |
| // Signature of the form which is used for password generation debugging. |
| // Currently is used when password generated on a password field of a |
| // registration form is used on a password field of a login form. |
| optional fixed64 login_form_signature = 14; |
| |
| // Whether a form submission event was observed. |
| optional bool submission = 15; |
| |
| // The form name. |
| optional string form_name = 16; |
| |
| // True iff the the non-obfuscated password values were shown to the user. |
| optional bool passwords_revealed = 24; |
| |
| // The section of noisified data about password. |
| // Upload only one of character class attributes (|password_has_*|). Noisified |
| // length is always uploaded. |
| // Upload only when a password is saved. |
| // Used to adjust the password generator's settings to site's requirements. |
| |
| // Whether the password has any lowercase letter. |
| optional bool password_has_lowercase_letter = 25; |
| |
| // Whether the password has any uppercase letter. |
| optional bool password_has_uppercase_letter = 26; |
| |
| // Whether the password has any digit. |
| optional bool password_has_numeric = 27; |
| |
| // Whether the password has any special symbol. |
| optional bool password_has_special_symbol = 28; |
| |
| // Noisifed password length. |
| optional uint32 password_length = 29; |
| // The end of the section of password attributes. |
| |
| // Event observed by the password manager which indicated that the form was |
| // successfully submitted. Corresponds to |
| // |PasswordForm::SubmissionIndicatorEvent|. |
| enum SubmissionIndicatorEvent { |
| NONE = 0; |
| HTML_FORM_SUBMISSION = 1; |
| SAME_DOCUMENT_NAVIGATION = 2; |
| XHR_SUCCEEDED = 3; |
| FRAME_DETACHED = 4; |
| DEPRECATED_MANUAL_SAVE = 5; // obsolete |
| DOM_MUTATION_AFTER_XHR = 6; |
| PROVISIONALLY_SAVED_FORM_ON_START_PROVISIONAL_LOAD = 7; |
| DEPRECATED_FILLED_FORM_ON_START_PROVISIONAL_LOAD = 8; // unused |
| DEPRECATED_FILLED_INPUT_ELEMENTS_ON_START_PROVISIONAL_LOAD = 9; // unused |
| } |
| |
| // The type of the event that was taken as an indication that the form has |
| // been successfully submitted. |
| optional SubmissionIndicatorEvent submission_event = 30; |
| |
| // The language of the page on which this form appears. |
| optional string language = 31; |
| |
| // Form-level metadata observed by the client, randomized. |
| optional AutofillRandomizedFormMetadata randomized_form_metadata = 32; |
| } |
| |
| // This proto contains information about the validity of each field in an |
| // autofill profile. It is used to transfer the results of running the profile |
| // validation pipeline on the server side to the client via ChromeSync |
| // PriorityPreferences. An identical copy of this proto is maintained in |
| // the server code base. |
| message ProfileValidityMap { |
| // Map from autofill type to the validity of its value in the profile. |
| // |
| // Key should be one of the enum values from ServerFieldType. Values should be |
| // from the AutofillProfile::ValidityState. Plain integers are used |
| // instead of enums because proto2 treats unknown enum values as unknown |
| // fields, which is confusing when the enums are in maps. |
| map<fixed32, fixed32> field_validity_states = 1; |
| } |
| |
| // Map from profile GUIDs to profile validity maps for that profile. Each |
| // message should contain entries for all profiles from a single user. |
| message UserProfileValidityMap { |
| map<string, ProfileValidityMap> profile_validity = 1; |
| } |