1. 23 Jul, 2010 1 commit
  2. 10 Sep, 2009 1 commit
    • abarth@webkit.org's avatar
      2009-09-10 Adam Barth <abarth@webkit.org> · 0f9b3026
      abarth@webkit.org authored
              Reviewed by Sam Weinig.
      
              Detect mixed content
              https://bugs.webkit.org/show_bug.cgi?id=29003
      
              Add some tests for mixed content.  All but one of these tests pass
              currently.  The one that fails is pretty tricky, but I wanted to get it
              into the tree with a FIXME so we won't forget it.  I'll file a followup
              bug about fixing it.
      
              * http/tests/security/mixedContent/about-blank-iframe-in-main-frame-expected.txt: Added.
              * http/tests/security/mixedContent/about-blank-iframe-in-main-frame.html: Added.
              * http/tests/security/mixedContent/data-url-iframe-in-main-frame-expected.txt: Added.
              * http/tests/security/mixedContent/data-url-iframe-in-main-frame.html: Added.
              * http/tests/security/mixedContent/data-url-script-in-iframe-expected.txt: Added.
              * http/tests/security/mixedContent/data-url-script-in-iframe.html: Added.
              * http/tests/security/mixedContent/insecure-css-in-iframe-expected.txt: Added.
              * http/tests/security/mixedContent/insecure-css-in-iframe.html: Added.
              * http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt: Added.
              * http/tests/security/mixedContent/insecure-css-in-main-frame.html: Added.
              * http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt: Added.
              * http/tests/security/mixedContent/insecure-iframe-in-iframe.html: Added.
              * http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt: Added.
              * http/tests/security/mixedContent/insecure-iframe-in-main-frame.html: Added.
              * http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt: Added.
              * http/tests/security/mixedContent/insecure-image-in-iframe.html: Added.
              * http/tests/security/mixedContent/insecure-image-in-main-frame-expected.txt: Added.
              * http/tests/security/mixedContent/insecure-image-in-main-frame.html: Added.
              * http/tests/security/mixedContent/insecure-script-in-iframe-expected.txt: Added.
              * http/tests/security/mixedContent/insecure-script-in-iframe.html: Added.
              * http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt: Added.
              * http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame.html: Added.
              * http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-expected.txt: Added.
              * http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe.html: Added.
              * http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt: Added.
              * http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame.html: Added.
              * http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt: Added.
              * http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html: Added.
              * http/tests/security/mixedContent/resources/boring.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-about-blank-frame.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-data-url-frame.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-data-url-script.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-insecure-css.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-insecure-frame.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-insecure-image.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-insecure-script.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-redirect-http-to-https-frame.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-redirect-http-to-https-script.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-frame.html: Added.
              * http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-script.html: Added.
              * http/tests/security/mixedContent/resources/script.js: Added.
              * http/tests/security/mixedContent/resources/style.css: Added.
      2009-09-10  Adam Barth  <abarth@webkit.org>
      
              Reviewed by Sam Weinig.
      
              Detect mixed content
              https://bugs.webkit.org/show_bug.cgi?id=29003
      
              Detect some basic kinds of mixed content (HTTP content loaded into an
              HTTPS context).  This new detection logic isn't perfect, but it's a
              place to start.
      
              Tests: http/tests/security/mixedContent/about-blank-iframe-in-main-frame.html
                     http/tests/security/mixedContent/data-url-iframe-in-main-frame.html
                     http/tests/security/mixedContent/data-url-script-in-iframe.html
                     http/tests/security/mixedContent/insecure-css-in-iframe.html
                     http/tests/security/mixedContent/insecure-css-in-main-frame.html
                     http/tests/security/mixedContent/insecure-iframe-in-iframe.html
                     http/tests/security/mixedContent/insecure-iframe-in-main-frame.html
                     http/tests/security/mixedContent/insecure-image-in-iframe.html
                     http/tests/security/mixedContent/insecure-image-in-main-frame.html
                     http/tests/security/mixedContent/insecure-script-in-iframe.html
                     http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame.html
                     http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe.html
                     http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame.html
                     http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html
      
              * loader/DocLoader.cpp:
              (WebCore::DocLoader::canRequest):
              (WebCore::DocLoader::requestResource):
              (WebCore::DocLoader::checkCacheObjectStatus):
              * loader/FrameLoader.cpp:
              (WebCore::FrameLoader::isMixedContent):
              (WebCore::FrameLoader::checkIfDisplayInsecureContent):
              (WebCore::FrameLoader::checkIfRunInsecureContent):
              * loader/FrameLoader.h:
              * loader/MainResourceLoader.cpp:
              (WebCore::MainResourceLoader::willSendRequest):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48284 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0f9b3026