2011-04-29 Chris Evans <cevans@chromium.org>

        Reviewed by Adam Barth.

        Add WebCore::Setting to block displaying and/or running insecure content on secure pages
        https://bugs.webkit.org/show_bug.cgi?id=58378

        Test: To follow in subsequent patch, including the wiring to expose the new settings to LayoutTests.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::checkIfDisplayInsecureContent): Return whether or not the load should be blocked, and tweak the message upon blocking.
        (WebCore::FrameLoader::checkIfRunInsecureContent): Return whether or not the load should be blocked, and tweak the message upon blocking.
        * loader/FrameLoader.h:
        * loader/MainResourceLoader.cpp:
        (WebCore::MainResourceLoader::willSendRequest): Check if the frame load is blocked due to mixed content and cancel it if so. The check was moved up so that it occurs before firing the load callbacks, to avoid any outgoing network hits or accounting. Redirects are handled because willSendRequest is called for each one in the chain.
        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::loadMediaPlayerProxyPlugin): Handle the blocking of mixed-content plug-in loads.
        (WebCore::SubframeLoader::loadPlugin): Handle the blocking of mixed-content plug-in loads.
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::canRequest): Handle the blocking of various loads due to mixed content conditions.
        * page/Settings.cpp:
        (WebCore::Settings::Settings): Permit mixed-content loads by default to avoid a change in behavior by default.
        * page/Settings.h: Add two new booleans to control blocking of mixed content (displaying and running thereof).
        (WebCore::Settings::setAllowDisplayOfInsecureContent):
        (WebCore::Settings::allowDisplayOfInsecureContent):
        (WebCore::Settings::setAllowRunningOfInsecureContent):
        (WebCore::Settings::allowRunningOfInsecureContent):
2011-04-29  Chris Evans  <cevans@chromium.org>

        Reviewed by Adam Barth.

        Add WebCore::Setting to block displaying and/or running insecure content on secure pages
        https://bugs.webkit.org/show_bug.cgi?id=58378

        * public/WebSettings.h:
        * src/WebSettingsImpl.cpp:
        (WebKit::WebSettingsImpl::setAllowDisplayOfInsecureContent):
        (WebKit::WebSettingsImpl::setAllowRunningOfInsecureContent):
        * src/WebSettingsImpl.h:
        Simple plumbing for the new boolean settings.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@85378 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent fb14d769
2011-04-29 Chris Evans <cevans@chromium.org>
Reviewed by Adam Barth.
Add WebCore::Setting to block displaying and/or running insecure content on secure pages
https://bugs.webkit.org/show_bug.cgi?id=58378
Test: To follow in subsequent patch, including the wiring to expose the new settings to LayoutTests.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::checkIfDisplayInsecureContent): Return whether or not the load should be blocked, and tweak the message upon blocking.
(WebCore::FrameLoader::checkIfRunInsecureContent): Return whether or not the load should be blocked, and tweak the message upon blocking.
* loader/FrameLoader.h:
* loader/MainResourceLoader.cpp:
(WebCore::MainResourceLoader::willSendRequest): Check if the frame load is blocked due to mixed content and cancel it if so. The check was moved up so that it occurs before firing the load callbacks, to avoid any outgoing network hits or accounting. Redirects are handled because willSendRequest is called for each one in the chain.
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadMediaPlayerProxyPlugin): Handle the blocking of mixed-content plug-in loads.
(WebCore::SubframeLoader::loadPlugin): Handle the blocking of mixed-content plug-in loads.
* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::canRequest): Handle the blocking of various loads due to mixed content conditions.
* page/Settings.cpp:
(WebCore::Settings::Settings): Permit mixed-content loads by default to avoid a change in behavior by default.
* page/Settings.h: Add two new booleans to control blocking of mixed content (displaying and running thereof).
(WebCore::Settings::setAllowDisplayOfInsecureContent):
(WebCore::Settings::allowDisplayOfInsecureContent):
(WebCore::Settings::setAllowRunningOfInsecureContent):
(WebCore::Settings::allowRunningOfInsecureContent):
2011-04-29 Ryosuke Niwa <rniwa@webkit.org>
Reviewed by Eric Seidel.
......@@ -1051,26 +1051,32 @@ bool FrameLoader::isMixedContent(SecurityOrigin* context, const KURL& url)
return true;
}
void FrameLoader::checkIfDisplayInsecureContent(SecurityOrigin* context, const KURL& url)
bool FrameLoader::checkIfDisplayInsecureContent(SecurityOrigin* context, const KURL& url)
{
if (!isMixedContent(context, url))
return;
return true;
String message = makeString("The page at ", m_frame->document()->url().string(), " displayed insecure content from ", url.string(), ".\n");
Settings* settings = m_frame->settings();
bool allowed = settings && settings->allowDisplayOfInsecureContent();
String message = makeString((allowed ? "" : "[blocked] "), "The page at ", m_frame->document()->url().string(), " displayed insecure content from ", url.string(), ".\n");
m_frame->domWindow()->console()->addMessage(HTMLMessageSource, LogMessageType, WarningMessageLevel, message, 1, String());
m_client->didDisplayInsecureContent();
return allowed;
}
void FrameLoader::checkIfRunInsecureContent(SecurityOrigin* context, const KURL& url)
bool FrameLoader::checkIfRunInsecureContent(SecurityOrigin* context, const KURL& url)
{
if (!isMixedContent(context, url))
return;
return true;
String message = makeString("The page at ", m_frame->document()->url().string(), " ran insecure content from ", url.string(), ".\n");
Settings* settings = m_frame->settings();
bool allowed = settings && settings->allowRunningOfInsecureContent();
String message = makeString((allowed ? "" : "[blocked] "), "The page at ", m_frame->document()->url().string(), " ran insecure content from ", url.string(), ".\n");
m_frame->domWindow()->console()->addMessage(HTMLMessageSource, LogMessageType, WarningMessageLevel, message, 1, String());
m_client->didRunInsecureContent(context, url);
return allowed;
}
Frame* FrameLoader::opener()
......
......@@ -256,8 +256,8 @@ public:
// Mixed content related functions.
static bool isMixedContent(SecurityOrigin* context, const KURL&);
void checkIfDisplayInsecureContent(SecurityOrigin* context, const KURL&);
void checkIfRunInsecureContent(SecurityOrigin* context, const KURL&);
bool checkIfDisplayInsecureContent(SecurityOrigin* context, const KURL&);
bool checkIfRunInsecureContent(SecurityOrigin* context, const KURL&);
Frame* opener();
void setOpener(Frame*);
......
......@@ -207,15 +207,19 @@ void MainResourceLoader::willSendRequest(ResourceRequest& newRequest, const Reso
if (newRequest.cachePolicy() == UseProtocolCachePolicy && isPostOrRedirectAfterPost(newRequest, redirectResponse))
newRequest.setCachePolicy(ReloadIgnoringCacheData);
Frame* top = m_frame->tree()->top();
if (top != m_frame) {
if (!frameLoader()->checkIfDisplayInsecureContent(top->document()->securityOrigin(), newRequest.url())) {
cancel();
return;
}
}
ResourceLoader::willSendRequest(newRequest, redirectResponse);
// Don't set this on the first request. It is set when the main load was started.
m_documentLoader->setRequest(newRequest);
Frame* top = m_frame->tree()->top();
if (top != m_frame)
frameLoader()->checkIfDisplayInsecureContent(top->document()->securityOrigin(), newRequest.url());
#if ENABLE(OFFLINE_WEB_APPLICATIONS)
if (!redirectResponse.isNull()) {
// We checked application cache for initial URL, now we need to check it for redirected one.
......
......@@ -173,7 +173,8 @@ PassRefPtr<Widget> SubframeLoader::loadMediaPlayerProxyPlugin(Node* node, const
else if (mediaElement->isVideo())
size = RenderVideo::defaultSize();
m_frame->loader()->checkIfRunInsecureContent(m_frame->document()->securityOrigin(), completedURL);
if (!m_frame->loader()->checkIfRunInsecureContent(m_frame->document()->securityOrigin(), completedURL))
return 0;
RefPtr<Widget> widget = m_frame->loader()->client()->createMediaPlayerProxyPlugin(size, mediaElement, completedURL,
paramNames, paramValues, "application/x-media-element-proxy-plugin");
......@@ -352,7 +353,8 @@ bool SubframeLoader::loadPlugin(HTMLPlugInImageElement* pluginElement, const KUR
return false;
FrameLoader* frameLoader = m_frame->loader();
frameLoader->checkIfRunInsecureContent(document()->securityOrigin(), url);
if (!frameLoader->checkIfRunInsecureContent(document()->securityOrigin(), url))
return false;
IntSize contentSize(renderer->contentWidth(), renderer->contentHeight());
bool loadManually = document()->isPluginDocument() && !m_containsPlugins && toPluginDocument(document())->shouldLoadPluginManually();
......
......@@ -246,14 +246,16 @@ bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url
// These resource can inject script into the current document (Script,
// XSL) or exfiltrate the content of the current document (CSS).
if (Frame* f = frame())
f->loader()->checkIfRunInsecureContent(m_document->securityOrigin(), url);
if (!f->loader()->checkIfRunInsecureContent(m_document->securityOrigin(), url))
return false;
break;
case CachedResource::ImageResource:
case CachedResource::FontResource: {
// These resources can corrupt only the frame's pixels.
if (Frame* f = frame()) {
Frame* top = f->tree()->top();
top->loader()->checkIfDisplayInsecureContent(top->document()->securityOrigin(), url);
if (!top->loader()->checkIfDisplayInsecureContent(top->document()->securityOrigin(), url))
return false;
}
break;
}
......
......@@ -178,6 +178,8 @@ Settings::Settings(Page* page)
, m_useQuickLookResourceCachingQuirks(false)
, m_forceCompositingMode(false)
, m_shouldInjectUserScriptsInInitialEmptyDocument(false)
, m_allowDisplayOfInsecureContent(true)
, m_allowRunningOfInsecureContent(true)
{
// A Frame may not have been created yet, so we initialize the AtomicString
// hash before trying to use it.
......
......@@ -399,6 +399,11 @@ namespace WebCore {
void setShouldInjectUserScriptsInInitialEmptyDocument(bool flag) { m_shouldInjectUserScriptsInInitialEmptyDocument = flag; }
bool shouldInjectUserScriptsInInitialEmptyDocument() { return m_shouldInjectUserScriptsInInitialEmptyDocument; }
void setAllowDisplayOfInsecureContent(bool flag) { m_allowDisplayOfInsecureContent = flag; }
bool allowDisplayOfInsecureContent() const { return m_allowDisplayOfInsecureContent; }
void setAllowRunningOfInsecureContent(bool flag) { m_allowRunningOfInsecureContent = flag; }
bool allowRunningOfInsecureContent() const { return m_allowRunningOfInsecureContent; }
private:
Page* m_page;
......@@ -502,6 +507,8 @@ namespace WebCore {
bool m_useQuickLookResourceCachingQuirks : 1;
bool m_forceCompositingMode : 1;
bool m_shouldInjectUserScriptsInInitialEmptyDocument : 1;
bool m_allowDisplayOfInsecureContent : 1;
bool m_allowRunningOfInsecureContent : 1;
#if USE(AVFOUNDATION)
static bool gAVFoundationEnabled;
......
2011-04-29 Chris Evans <cevans@chromium.org>
Reviewed by Adam Barth.
Add WebCore::Setting to block displaying and/or running insecure content on secure pages
https://bugs.webkit.org/show_bug.cgi?id=58378
* public/WebSettings.h:
* src/WebSettingsImpl.cpp:
(WebKit::WebSettingsImpl::setAllowDisplayOfInsecureContent):
(WebKit::WebSettingsImpl::setAllowRunningOfInsecureContent):
* src/WebSettingsImpl.h:
Simple plumbing for the new boolean settings.
2011-04-29 Kenneth Russell <kbr@google.com>
Unreviewed build fix. Skip WebPageNewSerializerTest.cpp in Windows multi-DLL build.
......
......@@ -119,6 +119,8 @@ public:
virtual void setValidationMessageTimerMagnification(int) = 0;
virtual void setMinimumTimerInterval(double) = 0;
virtual void setFullScreenEnabled(bool) = 0;
virtual void setAllowDisplayOfInsecureContent(bool) = 0;
virtual void setAllowRunningOfInsecureContent(bool) = 0;
protected:
~WebSettings() { }
......
......@@ -397,4 +397,14 @@ void WebSettingsImpl::setFullScreenEnabled(bool enabled)
#endif
}
void WebSettingsImpl::setAllowDisplayOfInsecureContent(bool enabled)
{
m_settings->setAllowDisplayOfInsecureContent(enabled);
}
void WebSettingsImpl::setAllowRunningOfInsecureContent(bool enabled)
{
m_settings->setAllowRunningOfInsecureContent(enabled);
}
} // namespace WebKit
......@@ -112,6 +112,8 @@ public:
virtual void setValidationMessageTimerMagnification(int);
virtual void setMinimumTimerInterval(double);
virtual void setFullScreenEnabled(bool);
virtual void setAllowDisplayOfInsecureContent(bool);
virtual void setAllowRunningOfInsecureContent(bool);
private:
WebCore::Settings* m_settings;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment