Diff
Modified: trunk/LayoutTests/ChangeLog (185847 => 185848)
--- trunk/LayoutTests/ChangeLog 2015-06-22 22:07:20 UTC (rev 185847)
+++ trunk/LayoutTests/ChangeLog 2015-06-22 22:22:54 UTC (rev 185848)
@@ -1,3 +1,16 @@
+2015-06-22 Michael Catanzaro <mcatanz...@igalia.com>
+
+ Web sockets should be treated as active mixed content
+ https://bugs.webkit.org/show_bug.cgi?id=140624
+
+ Reviewed by Sam Weinig.
+
+ * http/tests/security/mixedContent/resources/frame-with-insecure-websocket.html: Added.
+ * http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe-expected.txt: Added.
+ * http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe.html: Added.
+ * http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame-expected.txt: Added.
+ * http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame.html: Added.
+
2015-06-22 Dean Jackson <d...@apple.com>
Element with blur backdrop-filter shows edge duplication and dark edges
Added: trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-websocket.html (0 => 185848)
--- trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-websocket.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-websocket.html 2015-06-22 22:22:54 UTC (rev 185848)
@@ -0,0 +1,30 @@
+<script src=""
+<script>
+window.jsTestIsAsync = true;
+
+function onSocketOpened() {
+ alert("WebSocket connection opened.");
+ finishJSTest();
+}
+
+function onSocketError() {
+ alert("WebSocket connection failed.");
+ finishJSTest();
+}
+
+function onSocketClosed() {
+ alert("WebSocket closed.");
+ finishJSTest();
+}
+
+try {
+ var ws = new WebSocket("ws://127.0.0.1:8880/websocket/tests/hybi/echo");
+ ws._onopen_ = onSocketOpened;
+ ws._onerror_ = onSocketError;
+ ws._onclose_ = onSocketClosed;
+} catch (e) {
+ alert("Test failed: exception thrown");
+ finishJSTest();
+}
+</script>
+<script src=""
Added: trunk/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe-expected.txt (0 => 185848)
--- trunk/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe-expected.txt 2015-06-22 22:22:54 UTC (rev 185848)
@@ -0,0 +1,6 @@
+CONSOLE MESSAGE: line 21: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-websocket.html was not allowed to run insecure content from ws://127.0.0.1:8880/websocket/tests/hybi/echo.
+
+ALERT: WebSocket connection failed.
+This test loads an iframe that creates an insecure WebSocket connection. We should block the connection and trigger a mixed content callback because the main frame is HTTPS, but the data sent over the socket could be recorded or controlled by an attacker.
+
+
Added: trunk/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe.html (0 => 185848)
--- trunk/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe.html 2015-06-22 22:22:54 UTC (rev 185848)
@@ -0,0 +1,9 @@
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+<p>This test loads an iframe that creates an insecure WebSocket connection. We
+should block the connection and trigger a mixed content callback because the
+main frame is HTTPS, but the data sent over the socket could be recorded or
+controlled by an attacker.</p>
+<iframe src=""
Added: trunk/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame-expected.txt (0 => 185848)
--- trunk/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame-expected.txt 2015-06-22 22:22:54 UTC (rev 185848)
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: line 21: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-websocket.html was not allowed to run insecure content from ws://127.0.0.1:8880/websocket/tests/hybi/echo.
+
+ALERT: WebSocket connection failed.
+This test opens a window that connects to an insecure ws:// WebSocket. We should block the connection and trigger a mixed content callback because the main frame is HTTPS, but the data sent over the socket could be recorded or controlled by an attacker.
Added: trunk/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame.html (0 => 185848)
--- trunk/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame.html 2015-06-22 22:22:54 UTC (rev 185848)
@@ -0,0 +1,27 @@
+<html>
+<body>
+<script>
+if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+ testRunner.setCanOpenWindows();
+ testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+
+window.addEventListener("message", function (e) {
+ if (window.testRunner)
+ testRunner.notifyDone();
+}, false);
+
+</script>
+<p>This test opens a window that connects to an insecure ws:// WebSocket. We
+should block the connection and trigger a mixed content callback because the
+main frame is HTTPS, but the data sent over the socket could be recorded or
+controlled by an attacker.</p>
+<script>
+_onload_ = function() {
+ window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-websocket.html");
+}
+</script>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (185847 => 185848)
--- trunk/Source/WebCore/ChangeLog 2015-06-22 22:07:20 UTC (rev 185847)
+++ trunk/Source/WebCore/ChangeLog 2015-06-22 22:22:54 UTC (rev 185848)
@@ -1,3 +1,19 @@
+2015-06-22 Michael Catanzaro <mcatanz...@igalia.com>
+
+ Web sockets should be treated as active mixed content
+ https://bugs.webkit.org/show_bug.cgi?id=140624
+
+ Reviewed by Sam Weinig.
+
+ Tests: http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe.html
+ http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame.html
+
+ * Modules/websockets/WebSocket.cpp:
+ (WebCore::WebSocket::connect): Block ws:// WebSocket connections from https:// pages, and
+ emit the onerror event after doing so.
+ * platform/SchemeRegistry.cpp:
+ (WebCore::secureSchemes): Add wss:// to the list of secure schemes.
+
2015-06-22 Dean Jackson <d...@apple.com>
Element with blur backdrop-filter shows edge duplication and dark edges
Modified: trunk/Source/WebCore/Modules/websockets/WebSocket.cpp (185847 => 185848)
--- trunk/Source/WebCore/Modules/websockets/WebSocket.cpp 2015-06-22 22:07:20 UTC (rev 185847)
+++ trunk/Source/WebCore/Modules/websockets/WebSocket.cpp 2015-06-22 22:22:54 UTC (rev 185848)
@@ -56,6 +56,7 @@
#include <runtime/ArrayBuffer.h>
#include <runtime/ArrayBufferView.h>
#include <wtf/HashSet.h>
+#include <wtf/RunLoop.h>
#include <wtf/StdLibExtras.h>
#include <wtf/text/CString.h>
#include <wtf/text/StringBuilder.h>
@@ -278,6 +279,23 @@
}
}
+ if (is<Document>(*scriptExecutionContext())) {
+ Document& document = downcast<Document>(*scriptExecutionContext());
+ if (!document.frame()->loader().mixedContentChecker().canRunInsecureContent(document.securityOrigin(), m_url)) {
+ // Balanced by the call to ActiveDOMObject::unsetPendingActivity() in WebSocket::stop().
+ ActiveDOMObject::setPendingActivity(this);
+ // We must block this connection. Instead of throwing an exception, we indicate this
+ // using the error event. But since this code executes as part of the WebSocket's
+ // constructor, we have to wait until the constructor has completed before firing the
+ // event; otherwise, users can't connect to the event.
+ RunLoop::main().dispatch([this]() {
+ dispatchEvent(Event::create(eventNames().errorEvent, false, false));
+ stop();
+ });
+ return;
+ }
+ }
+
String protocolString;
if (!protocols.isEmpty())
protocolString = joinStrings(protocols, subProtocolSeperator());
Modified: trunk/Source/WebCore/platform/SchemeRegistry.cpp (185847 => 185848)
--- trunk/Source/WebCore/platform/SchemeRegistry.cpp 2015-06-22 22:07:20 UTC (rev 185847)
+++ trunk/Source/WebCore/platform/SchemeRegistry.cpp 2015-06-22 22:22:54 UTC (rev 185848)
@@ -58,6 +58,7 @@
secureSchemes.add("https");
secureSchemes.add("about");
secureSchemes.add("data");
+ secureSchemes.add("wss");
}
return secureSchemes;
