Diff
Modified: trunk/LayoutTests/ChangeLog (121296 => 121297)
--- trunk/LayoutTests/ChangeLog 2012-06-26 23:08:09 UTC (rev 121296)
+++ trunk/LayoutTests/ChangeLog 2012-06-26 23:18:31 UTC (rev 121297)
@@ -1,3 +1,23 @@
+2012-06-26 Tom Sepez <tse...@chromium.org>
+
+ [chromium] HTML5 audio/video tags - loading http content from https page doesn't trigger warning.
+ https://bugs.webkit.org/show_bug.cgi?id=89906
+
+ Reviewed by Nate Chapin.
+
+ This patch treats mixed CachedRawResources as affecting the display of insecure content.
+
+ * http/tests/security/mixedContent/insecure-audio-video-in-main-frame-expected.txt: Added.
+ * http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html: Added.
+ * http/tests/security/mixedContent/insecure-xhr-in-main-frame-expected.txt: Added.
+ * http/tests/security/mixedContent/insecure-xhr-in-main-frame.html: Added.
+ * http/tests/security/mixedContent/resources/frame-with-insecure-audio-video.html: Added.
+ * platform/efl/TestExpectations:
+ * platform/gtk/TestExpectations:
+ * platform/mac/TestExpectations:
+ * platform/qt/TestExpectations:
+ * platform/win/TestExpectations:
+
2012-06-26 Joe Thomas <joetho...@motorola.com>
background-size:0 shows as 1px instead of invisible
Added: trunk/LayoutTests/http/tests/security/mixedContent/insecure-audio-video-in-main-frame-expected.txt (0 => 121297)
--- trunk/LayoutTests/http/tests/security/mixedContent/insecure-audio-video-in-main-frame-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedContent/insecure-audio-video-in-main-frame-expected.txt 2012-06-26 23:18:31 UTC (rev 121297)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-audio-video.html displayed insecure content from http://127.0.0.1:8080/resources/test.mp4.
+
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-audio-video.html displayed insecure content from http://127.0.0.1:8080/resources/test.mp4.
+
+This test opens a window that loads insecure HTML5 audio and video. We should trigger a mixed content callback because the main frame in the window is HTTPS but is displaying insecure content.
Added: trunk/LayoutTests/http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html (0 => 121297)
--- trunk/LayoutTests/http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html 2012-06-26 23:18:31 UTC (rev 121297)
@@ -0,0 +1,24 @@
+<html>
+<body>
+<script>
+if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+ testRunner.setCanOpenWindows();
+ testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+
+window.addEventListener("message", function (e) {
+ if (window.testRunner)
+ testRunner.notifyDone();
+}, false);
+
+</script>
+<p>This test opens a window that loads insecure HTML5 audio and video. We should
+trigger a mixed content callback because the main frame in the window is HTTPS but is
+displaying insecure content.</p>
+<script>
+window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-audio-video.html");
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/mixedContent/insecure-xhr-in-main-frame-expected.txt (0 => 121297)
--- trunk/LayoutTests/http/tests/security/mixedContent/insecure-xhr-in-main-frame-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedContent/insecure-xhr-in-main-frame-expected.txt 2012-06-26 23:18:31 UTC (rev 121297)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/xmlhttprequest/access-control-response-with-body.html displayed insecure content from http://localhost:8000/xmlhttprequest/resources/access-control-allow-with-body.php.
+
+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/xmlhttprequest/access-control-response-with-body.html displayed insecure content from http://localhost:8000/xmlhttprequest/resources/access-control-allow-with-body.php.
+
+This test opens a HTTPS window that loads insecure data via XHR. We should trigger a mixed content callback because the main frame in the window is HTTPS but now has insecure data.
Added: trunk/LayoutTests/http/tests/security/mixedContent/insecure-xhr-in-main-frame.html (0 => 121297)
--- trunk/LayoutTests/http/tests/security/mixedContent/insecure-xhr-in-main-frame.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedContent/insecure-xhr-in-main-frame.html 2012-06-26 23:18:31 UTC (rev 121297)
@@ -0,0 +1,24 @@
+<html>
+<body>
+<script>
+if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+ testRunner.setCanOpenWindows();
+ testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+
+window.addEventListener("message", function (e) {
+ if (window.testRunner)
+ testRunner.notifyDone();
+}, false);
+
+</script>
+<p>This test opens a HTTPS window that loads insecure data via XHR. We should
+trigger a mixed content callback because the main frame in the window is HTTPS but
+now has insecure data.</p>
+<script>
+window.open("https://127.0.0.1:8443/xmlhttprequest/access-control-response-with-body.html");
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-audio-video.html (0 => 121297)
--- trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-audio-video.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-audio-video.html 2012-06-26 23:18:31 UTC (rev 121297)
@@ -0,0 +1,10 @@
+<body _onload_="loaded()">
+<audio src=""
+<video src=""
+<script>
+function loaded() {
+ if (window.opener)
+ window.opener.postMessage('done', '*');
+}
+</script>
+</body>
Modified: trunk/LayoutTests/platform/efl/TestExpectations (121296 => 121297)
--- trunk/LayoutTests/platform/efl/TestExpectations 2012-06-26 23:08:09 UTC (rev 121296)
+++ trunk/LayoutTests/platform/efl/TestExpectations 2012-06-26 23:18:31 UTC (rev 121297)
@@ -714,3 +714,5 @@
// Failing after r121121 on both GTK and EFL
BUGWK89845 : fast/forms/input-set-composition-scroll.html = TEXT
+
+BUGWK90007 : http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html = TEXT
Modified: trunk/LayoutTests/platform/gtk/TestExpectations (121296 => 121297)
--- trunk/LayoutTests/platform/gtk/TestExpectations 2012-06-26 23:08:09 UTC (rev 121296)
+++ trunk/LayoutTests/platform/gtk/TestExpectations 2012-06-26 23:18:31 UTC (rev 121297)
@@ -1244,6 +1244,8 @@
// Failing after r121121 on both GTK and EFL
BUGWK89845 : fast/forms/input-set-composition-scroll.html = TEXT
+BUGWK90007 : http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html = TEXT
+
//////////////////////////////////////////////////////////////////////////////////////////
// End of Tests failing
//////////////////////////////////////////////////////////////////////////////////////////
Modified: trunk/LayoutTests/platform/mac/TestExpectations (121296 => 121297)
--- trunk/LayoutTests/platform/mac/TestExpectations 2012-06-26 23:08:09 UTC (rev 121296)
+++ trunk/LayoutTests/platform/mac/TestExpectations 2012-06-26 23:18:31 UTC (rev 121297)
@@ -279,3 +279,4 @@
// Disable webaudio codec tests, including proprietary codecs.
BUGWK88794 SKIP : webaudio/codec-tests = PASS
+BUGWK90007 : http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html = TEXT
Modified: trunk/LayoutTests/platform/qt/TestExpectations (121296 => 121297)
--- trunk/LayoutTests/platform/qt/TestExpectations 2012-06-26 23:08:09 UTC (rev 121296)
+++ trunk/LayoutTests/platform/qt/TestExpectations 2012-06-26 23:18:31 UTC (rev 121297)
@@ -102,3 +102,5 @@
// Disable webaudio codec tests, including proprietary codecs.
BUGWK88794 SKIP : webaudio/codec-tests = PASS
+
+BUGWK90007 : http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html = TEXT
Modified: trunk/LayoutTests/platform/win/TestExpectations (121296 => 121297)
--- trunk/LayoutTests/platform/win/TestExpectations 2012-06-26 23:08:09 UTC (rev 121296)
+++ trunk/LayoutTests/platform/win/TestExpectations 2012-06-26 23:18:31 UTC (rev 121297)
@@ -4,3 +4,5 @@
// Requires rebaseline after bug 85031
BUGWK85565 : fast/block/float/016.html = IMAGE
BUGWK85565 : fast/css/border-solid-single-edge-antialias.html = IMAGE
+
+BUGWK90007 : http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html = TEXT
\ No newline at end of file
Modified: trunk/Source/WebCore/ChangeLog (121296 => 121297)
--- trunk/Source/WebCore/ChangeLog 2012-06-26 23:08:09 UTC (rev 121296)
+++ trunk/Source/WebCore/ChangeLog 2012-06-26 23:18:31 UTC (rev 121297)
@@ -1,3 +1,18 @@
+2012-06-26 Tom Sepez <tse...@chromium.org>
+
+ [chromium] HTML5 audio/video tags - loading http content from https page doesn't trigger warning.
+ https://bugs.webkit.org/show_bug.cgi?id=89906
+
+ Reviewed by Nate Chapin.
+
+ This patch treats mixed CachedRawResources as affecting the display of insecure content.
+
+ Tests: http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html
+ http/tests/security/mixedContent/insecure-xhr-in-main-frame.html
+
+ * loader/cache/CachedResourceLoader.cpp:
+ (WebCore::CachedResourceLoader::checkInsecureContent):
+
2012-06-26 Joe Thomas <joetho...@motorola.com>
background-size:0 shows as 1px instead of invisible
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (121296 => 121297)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2012-06-26 23:08:09 UTC (rev 121296)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2012-06-26 23:18:31 UTC (rev 121297)
@@ -267,6 +267,7 @@
#if ENABLE(CSS_SHADERS)
case CachedResource::ShaderResource:
#endif
+ case CachedResource::RawResource:
case CachedResource::ImageResource:
case CachedResource::FontResource: {
// These resources can corrupt only the frame's pixels.
@@ -277,7 +278,6 @@
}
break;
}
- case CachedResource::RawResource:
#if ENABLE(LINK_PREFETCH)
case CachedResource::LinkPrefetch:
case CachedResource::LinkSubresource: