Diff
Modified: branches/safari-534.54-branch/LayoutTests/ChangeLog (105357 => 105358)
--- branches/safari-534.54-branch/LayoutTests/ChangeLog 2012-01-19 00:55:07 UTC (rev 105357)
+++ branches/safari-534.54-branch/LayoutTests/ChangeLog 2012-01-19 00:56:46 UTC (rev 105358)
@@ -1,5 +1,10 @@
2011-01-18 Lucas Forschler <lforsch...@apple.com>
+ Merge 89155
+
+paste
+2011-01-18 Lucas Forschler <lforsch...@apple.com>
+
Merge 98935
2011-10-31 Jeremy Apthorp <jere...@google.com>
Modified: branches/safari-534.54-branch/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt (105357 => 105358)
--- branches/safari-534.54-branch/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt 2012-01-19 00:55:07 UTC (rev 105357)
+++ branches/safari-534.54-branch/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt 2012-01-19 00:56:46 UTC (rev 105358)
@@ -1,6 +1,9 @@
frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
main frame - didFinishDocumentLoadForFrame
frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+CONSOLE MESSAGE: line 1: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-https-to-http-script.html ran insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
+
+didRunInsecureContent
frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
main frame - didHandleOnloadEventsForFrame
@@ -8,6 +11,4 @@
main frame - didFinishLoadForFrame
This test loads a secure iframe that loads an insecure script (but with a tricky redirect). We should trigger a mixed content callback because an active network attacker can end up controling the script.
-FIXME: This test current does not trigger a mixed content callback!
-
Modified: branches/safari-534.54-branch/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html (105357 => 105358)
--- branches/safari-534.54-branch/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html 2012-01-19 00:55:07 UTC (rev 105357)
+++ branches/safari-534.54-branch/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html 2012-01-19 00:56:46 UTC (rev 105358)
@@ -9,8 +9,6 @@
<p>This test loads a secure iframe that loads an insecure script (but with a
tricky redirect). We should trigger a mixed content callback because an active
network attacker can end up controling the script.</p>
-
-<p>FIXME: This test current does not trigger a mixed content callback!</p>
<iframe src=""
></iframe>
</body>
Modified: branches/safari-534.54-branch/Source/WebCore/ChangeLog (105357 => 105358)
--- branches/safari-534.54-branch/Source/WebCore/ChangeLog 2012-01-19 00:55:07 UTC (rev 105357)
+++ branches/safari-534.54-branch/Source/WebCore/ChangeLog 2012-01-19 00:56:46 UTC (rev 105358)
@@ -1,5 +1,10 @@
2011-01-18 Lucas Forschler <lforsch...@apple.com>
+ Merge 89155
+
+paste
+2011-01-18 Lucas Forschler <lforsch...@apple.com>
+
Merge 98935
2011-10-31 Jeremy Apthorp <jere...@google.com>
Modified: branches/safari-534.54-branch/Source/WebCore/loader/cache/CachedResourceLoader.cpp (105357 => 105358)
--- branches/safari-534.54-branch/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2012-01-19 00:55:07 UTC (rev 105357)
+++ branches/safari-534.54-branch/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2012-01-19 00:56:46 UTC (rev 105358)
@@ -195,6 +195,41 @@
}
#endif
+bool CachedResourceLoader::checkInsecureContent(CachedResource::Type type, const KURL& url) const
+{
+ switch (type) {
+ case CachedResource::Script:
+#if ENABLE(XSLT)
+ case CachedResource::XSLStyleSheet:
+#endif
+ case CachedResource::CSSStyleSheet:
+ // These resource can inject script into the current document (Script,
+ // XSL) or exfiltrate the content of the current document (CSS).
+ if (Frame* f = frame())
+ if (!f->loader()->checkIfRunInsecureContent(m_document->securityOrigin(), url))
+ return false;
+ break;
+ case CachedResource::ImageResource:
+ case CachedResource::FontResource: {
+ // These resources can corrupt only the frame's pixels.
+ if (Frame* f = frame()) {
+ Frame* top = f->tree()->top();
+ if (!top->loader()->checkIfDisplayInsecureContent(top->document()->securityOrigin(), url))
+ return false;
+ }
+ break;
+ }
+#if ENABLE(LINK_PREFETCH)
+ case CachedResource::LinkPrefetch:
+ case CachedResource::LinkPrerender:
+ case CachedResource::LinkSubresource:
+ // Prefetch cannot affect the current document.
+ break;
+#endif
+ }
+ return true;
+}
+
bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url, bool forPreload)
{
if (!document()->securityOrigin()->canDisplay(url)) {
@@ -231,40 +266,10 @@
// Given that the load is allowed by the same-origin policy, we should
// check whether the load passes the mixed-content policy.
//
- // Note: Currently, we always allow mixed content, but we generate a
- // callback to the FrameLoaderClient in case the embedder wants to
- // update any security indicators.
- //
// FIXME: Should we consider forPreload here?
- //
- switch (type) {
- case CachedResource::Script:
-#if ENABLE(XSLT)
- case CachedResource::XSLStyleSheet:
-#endif
- case CachedResource::CSSStyleSheet:
- // These resource can inject script into the current document (Script,
- // XSL) or exfiltrate the content of the current document (CSS).
- if (Frame* f = frame())
- if (!f->loader()->checkIfRunInsecureContent(m_document->securityOrigin(), url))
- return false;
- break;
- case CachedResource::ImageResource:
- case CachedResource::FontResource: {
- // These resources can corrupt only the frame's pixels.
- if (Frame* f = frame()) {
- Frame* top = f->tree()->top();
- if (!top->loader()->checkIfDisplayInsecureContent(top->document()->securityOrigin(), url))
- return false;
- }
- break;
- }
-#if ENABLE(LINK_PREFETCH)
- case CachedResource::LinkResource:
- // Prefetch cannot affect the current document.
- break;
-#endif
- }
+ if (!checkInsecureContent(type, url))
+ return false;
+
// FIXME: Consider letting the embedder block mixed content loads.
switch (type) {
Modified: branches/safari-534.54-branch/Source/WebCore/loader/cache/CachedResourceLoader.h (105357 => 105358)
--- branches/safari-534.54-branch/Source/WebCore/loader/cache/CachedResourceLoader.h 2012-01-19 00:55:07 UTC (rev 105357)
+++ branches/safari-534.54-branch/Source/WebCore/loader/cache/CachedResourceLoader.h 2012-01-19 00:56:46 UTC (rev 105358)
@@ -106,6 +106,7 @@
void preload(CachedResource::Type, const String& url, const String& charset, bool referencedFromBody);
void checkForPendingPreloads();
void printPreloadStats();
+ bool checkInsecureContent(CachedResource::Type, const KURL&) const;
private:
CachedResource* requestResource(CachedResource::Type, const String& url, const String& charset, ResourceLoadPriority priority = ResourceLoadPriorityUnresolved, bool isPreload = false);
Modified: branches/safari-534.54-branch/Source/WebCore/loader/cache/CachedResourceRequest.cpp (105357 => 105358)
--- branches/safari-534.54-branch/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2012-01-19 00:55:07 UTC (rev 105357)
+++ branches/safari-534.54-branch/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2012-01-19 00:56:46 UTC (rev 105358)
@@ -139,8 +139,12 @@
return request.release();
}
-void CachedResourceRequest::willSendRequest(SubresourceLoader*, ResourceRequest&, const ResourceResponse&)
+void CachedResourceRequest::willSendRequest(SubresourceLoader* loader, ResourceRequest& req, const ResourceResponse&)
{
+ if (!m_cachedResourceLoader->checkInsecureContent(m_resource->type(), req.url())) {
+ loader->cancel();
+ return;
+ }
m_resource->setRequestedFromNetworkingLayer();
}