-
commit-queue@webkit.org authored
https://bugs.webkit.org/show_bug.cgi?id=84054 Loading a blob: or filesystem: URL into an iframe or image that's contained on an HTTPS page shouldn't generate a mixed content warning. This change adds a SecurityOrigin::isSecure to check both against a URLs protocol, and the protocol of it's so-called "inner URL" if it's the type of URL that has such a thing. These sorts of URLs which are generated from secure sources will themselves be treated as secure. Patch by Mike West <mkwst@chromium.org> on 2012-06-08 Reviewed by Adam Barth. Tests: http/tests/security/mixedContent/blob-url-in-iframe.html http/tests/security/mixedContent/filesystem-url-in-iframe.html * loader/FrameLoader.cpp: (WebCore::FrameLoader::isMixedContent): * page/SecurityOrigin.cpp: (WebCore): (WebCore::SecurityOrigin::isSecure): * page/SecurityOrigin.h: (SecurityOrigin): LayoutTests: Excluding blob: and filesystem: schemes from the mixed content check. https://bugs.webkit.org/show_bug.cgi?id=84054 Patch by Mike West <mkwst@chromium.org> on 2012-06-08 Reviewed by Adam Barth. * http/tests/security/mixedContent/blob-url-in-iframe-expected.txt: Added. * http/tests/security/mixedContent/blob-url-in-iframe.html: Added. * http/tests/security/mixedContent/filesystem-url-in-iframe-expected.txt: Added. * http/tests/security/mixedContent/filesystem-url-in-iframe.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119883 268f45cc-cd09-0410-ab3c-d52691b4dbfc
55e5bfb0