diff options
| -rw-r--r-- | core/java/android/service/autofill/AutofillService.java | 15 | ||||
| -rw-r--r-- | core/java/android/webkit/WebView.java | 4 |
2 files changed, 18 insertions, 1 deletions
diff --git a/core/java/android/service/autofill/AutofillService.java b/core/java/android/service/autofill/AutofillService.java index 953501c7b9ab..cd362c712b3f 100644 --- a/core/java/android/service/autofill/AutofillService.java +++ b/core/java/android/service/autofill/AutofillService.java @@ -438,8 +438,21 @@ import com.android.internal.os.SomeArgs; * AutofillValue password = passwordNode.getAutofillValue().getTextValue().toString(); * * save(username, password); - * * </pre> + * + * + * <a name="Privacy"></a> + * <h3>Privacy</h3> + * + * <p>The {@link #onFillRequest(FillRequest, CancellationSignal, FillCallback)} method is called + * without the user content. The Android system strips some properties of the + * {@link android.app.assist.AssistStructure.ViewNode view nodes} passed to these calls, but not all + * of them. For example, the data provided in the {@link android.view.ViewStructure.HtmlInfo} + * objects set by {@link android.webkit.WebView} is never stripped out. + * + * <p>Because this data could contain PII (Personally Identifiable Information, such as username or + * email address), the service should only use it locally (i.e., in the app's process) for + * heuristics purposes, but it should not be sent to external servers. */ public abstract class AutofillService extends Service { private static final String TAG = "AutofillService"; diff --git a/core/java/android/webkit/WebView.java b/core/java/android/webkit/WebView.java index 665d694e492b..6f9925480a22 100644 --- a/core/java/android/webkit/WebView.java +++ b/core/java/android/webkit/WebView.java @@ -2758,7 +2758,9 @@ public class WebView extends AbsoluteLayout * <p>For example, an HTML form with 2 fields for username and password: * * <pre class="prettyprint"> + * <label>Username:</label> * <input type="text" name="username" id="user" value="Type your username" autocomplete="username" placeholder="Email or username"> + * <label>Password:</label> * <input type="password" name="password" id="pass" autocomplete="current-password" placeholder="Password"> * </pre> * @@ -2772,6 +2774,7 @@ public class WebView extends AbsoluteLayout * username.setHtmlInfo(username.newHtmlInfoBuilder("input") * .addAttribute("type", "text") * .addAttribute("name", "username") + * .addAttribute("label", "Username:") * .build()); * username.setHint("Email or username"); * username.setAutofillType(View.AUTOFILL_TYPE_TEXT); @@ -2785,6 +2788,7 @@ public class WebView extends AbsoluteLayout * password.setHtmlInfo(password.newHtmlInfoBuilder("input") * .addAttribute("type", "password") * .addAttribute("name", "password") + * .addAttribute("label", "Password:") * .build()); * password.setHint("Password"); * password.setAutofillType(View.AUTOFILL_TYPE_TEXT); |