1. 11 Sep, 2009 36 commits
  2. 10 Sep, 2009 4 commits
    • abarth@webkit.org's avatar
      2009-09-10 Adam Barth <abarth@webkit.org> · 0f9b3026
      abarth@webkit.org authored
              Reviewed by Sam Weinig.
      
              Detect mixed content
              https://bugs.webkit.org/show_bug.cgi?id=29003
      
              Add some tests for mixed content.  All but one of these tests pass
              currently.  The one that fails is pretty tricky, but I wanted to get it
              into the tree with a FIXME so we won't forget it.  I'll file a followup
              bug about fixing it.
      
              * http/tests/security/mixedContent/about-blank-iframe-in-main-frame-expected.txt: Added.
              * http/tests/security/mixedContent/about-blank-iframe-in-main-frame.html: Added.
              * http/tests/security/mixedContent/data-url-iframe-in-main-frame-expected.txt: Added.
              * http/tests/security/mixedContent/data-url-iframe-in-main-frame.html: Added.
              * http/tests/security/mixedContent/data-url-script-in-iframe-expected.txt: Added.
              * http/tests/security/mixedContent/data-url-script-in-iframe.html: Added.
              * http/tests/security/mixedContent/insecure-css-in-iframe-expected.txt: Added.
              * http/tests/security/mixedContent/insecure-css-in-iframe.html: Added.
              * http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt: Added.
              * http/tests/security/mixedContent/insecure-css-in-main-frame.html: Added.
              * http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt: Added.
              * http/tests/security/mixedContent/insecure-iframe-in-iframe.html: Added.
              * http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt: Added.
              * http/tests/security/mixedContent/insecure-iframe-in-main-frame.html: Added.
              * http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt: Added.
              * http/tests/security/mixedContent/insecure-image-in-iframe.html: Added.
              * http/tests/security/mixedContent/insecure-image-in-main-frame-expected.txt: Added.
              * http/tests/security/mixedContent/insecure-image-in-main-frame.html: Added.
              * http/tests/security/mixedContent/insecure-script-in-iframe-expected.txt: Added.
              * http/tests/security/mixedContent/insecure-script-in-iframe.html: Added.
              * http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt: Added.
              * http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame.html: Added.
              * http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-expected.txt: Added.
              * http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe.html: Added.
              * http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt: Added.
              * http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame.html: Added.
              * http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt: Added.
              * http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html: Added.
              * http/tests/security/mixedContent/resources/boring.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-about-blank-frame.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-data-url-frame.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-data-url-script.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-insecure-css.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-insecure-frame.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-insecure-image.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-insecure-script.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-redirect-http-to-https-frame.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-redirect-http-to-https-script.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-frame.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-script.html: Added.
              * http/tests/security/mixedContent/resources/script.js: Added.
              * http/tests/security/mixedContent/resources/style.css: Added.
      2009-09-10  Adam Barth  <abarth@webkit.org>
      
              Reviewed by Sam Weinig.
      
              Detect mixed content
              https://bugs.webkit.org/show_bug.cgi?id=29003
      
              Detect some basic kinds of mixed content (HTTP content loaded into an
              HTTPS context).  This new detection logic isn't perfect, but it's a
              place to start.
      
              Tests: http/tests/security/mixedContent/about-blank-iframe-in-main-frame.html
                     http/tests/security/mixedContent/data-url-iframe-in-main-frame.html
                     http/tests/security/mixedContent/data-url-script-in-iframe.html
                     http/tests/security/mixedContent/insecure-css-in-iframe.html
                     http/tests/security/mixedContent/insecure-css-in-main-frame.html
                     http/tests/security/mixedContent/insecure-iframe-in-iframe.html
                     http/tests/security/mixedContent/insecure-iframe-in-main-frame.html
                     http/tests/security/mixedContent/insecure-image-in-iframe.html
                     http/tests/security/mixedContent/insecure-image-in-main-frame.html
                     http/tests/security/mixedContent/insecure-script-in-iframe.html
                     http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame.html
                     http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe.html
                     http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame.html
                     http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html
      
              * loader/DocLoader.cpp:
              (WebCore::DocLoader::canRequest):
              (WebCore::DocLoader::requestResource):
              (WebCore::DocLoader::checkCacheObjectStatus):
              * loader/FrameLoader.cpp:
              (WebCore::FrameLoader::isMixedContent):
              (WebCore::FrameLoader::checkIfDisplayInsecureContent):
              (WebCore::FrameLoader::checkIfRunInsecureContent):
              * loader/FrameLoader.h:
              * loader/MainResourceLoader.cpp:
              (WebCore::MainResourceLoader::willSendRequest):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48284 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0f9b3026
    • bweinstein@apple.com's avatar
    • mrowe@apple.com's avatar
      Fix the Windows build. · ebb5e1a9
      mrowe@apple.com authored
      Restore platform/mock to the header search path after it was removed in r48270.
      
      * WebCore.vcproj/WebCoreCommon.vsprops:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48282 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ebb5e1a9
    • timothy@apple.com's avatar
      Web Inspector: Move the option to create a new style rule under the Styles' gear menu. · 3a50918f
      timothy@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=29039
      
      Reviewed by Sam Weinig.
      
      * inspector/front-end/StylesSidebarPane.js:
      (WebInspector.StylesSidebarPane): Add "New Style Rule" option to the gear menu.
      (WebInspector.StylesSidebarPane.prototype._update): Check instanceof BlankStylePropertiesSection instead.
      (WebInspector.StylesSidebarPane.prototype._changeSetting): Added. Keeps the color format setting selected
      while calling the correct action.
      (WebInspector.StylesSidebarPane.prototype._createNewRule): Creates a new section and edits the selector.
      (WebInspector.StylesSidebarPane.prototype.addBlankSection): Insert the section in a cleaner way.
      (WebInspector.StylesSidebarPane.prototype.removeSection): Added. Removes the passed in section.
      (WebInspector.StylesSidebarPane.prototype.appropriateSelectorForNode): Return an empty string if there is no node.
      (WebInspector.StylePropertiesSection.prototype.expand): Removed the check for _blank.
      (WebInspector.StylePropertiesSection.prototype.startEditingSelector): No need for the context, the original selector
      is remembered by the editing code.
      (WebInspector.StylePropertiesSection.prototype.editingSelectorCancelled): Do nothing. The original text is already
      restored by the editing code.
      (WebInspector.BlankStylePropertiesSection): Call the StylePropertiesSection constructor with appropriate data.
      Remove event listener code.
      (WebInspector.BlankStylePropertiesSection.prototype.expand): Added. Does nothing to prevent expanding.
      (WebInspector.BlankStylePropertiesSection.prototype.editingSelectorCommitted.callback): Correctly construct the
      WebInspector.CSSStyleDeclaration. Call editingSelectorCancelled instead of editingCancelled.
      (WebInspector.BlankStylePropertiesSection.prototype.editingSelectorCommitted): Renamed from editingCommitted to
      override the base class.
      (WebInspector.BlankStylePropertiesSection.prototype.editingSelectorCancelled): Remove the section.
      (WebInspector.BlankStylePropertiesSection.prototype.makeNormal): Removed event listener code. Removed the delete lines
      since they were doing nothing (deleting nonexistent properties that exist only on the prototype.) Change prototypes at
      the end to correctly swtich to a real StylePropertiesSection.
      * inspector/front-end/inspector.js:
      (WebInspector.startEditing.editingCancelled): Ceck for null/undefined callbacks.
      (WebInspector.startEditing.editingCommitted): Ditto.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48281 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3a50918f