Treat non-https actions on secure pages as mixed content
authorweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 22 Jan 2016 22:24:32 +0000 (22:24 +0000)
committerweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 22 Jan 2016 22:24:32 +0000 (22:24 +0000)
commit2a91f64c57e28d6dceca723b0a943bc35d0647db
treeec40bef2fb3d51a43f603024ca69cead0b5e2327
parentb6d719964e4ac6c38167ef7b7675d879c1a2d5f0
Treat non-https actions on secure pages as mixed content
<rdar://problem/23144492>
https://bugs.webkit.org/show_bug.cgi?id=153322
Source/WebCore:

Reviewed by Alexey Proskuryakov.

Tests:  http/tests/security/mixedContent/insecure-form-in-iframe.html
        http/tests/security/mixedContent/insecure-form-in-main-frame.html
        http/tests/security/mixedContent/javascript-url-form-in-main-frame.html

* html/HTMLFormElement.cpp:
(WebCore::HTMLFormElement::parseAttribute):
Check form actions for mixed content.

* loader/MixedContentChecker.cpp:
(WebCore::MixedContentChecker::checkFormForMixedContent):
* loader/MixedContentChecker.h:
Add new function to check and warn if a form's action is mixed content.

LayoutTests:

Reviewed by Alexey Proskuryakov.

* http/tests/security/mixedContent/insecure-form-in-iframe-expected.txt: Added.
* http/tests/security/mixedContent/insecure-form-in-iframe.html: Added.
* http/tests/security/mixedContent/insecure-form-in-main-frame-expected.txt: Added.
* http/tests/security/mixedContent/insecure-form-in-main-frame.html: Added.
* http/tests/security/mixedContent/javascript-url-form-in-main-frame-expected.txt: Added.
* http/tests/security/mixedContent/javascript-url-form-in-main-frame.html: Added.
* http/tests/security/mixedContent/resources/frame-with-insecure-form.html: Added.
* http/tests/security/mixedContent/resources/frame-with-javascript-url-form.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195477 268f45cc-cd09-0410-ab3c-d52691b4dbfc
14 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/mixedContent/insecure-form-in-iframe-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/insecure-form-in-iframe.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/insecure-form-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/insecure-form-in-main-frame.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/javascript-url-form-in-main-frame-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/javascript-url-form-in-main-frame.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-form.html [new file with mode: 0644]
LayoutTests/http/tests/security/mixedContent/resources/frame-with-javascript-url-form.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/HTMLFormElement.cpp
Source/WebCore/loader/MixedContentChecker.cpp
Source/WebCore/loader/MixedContentChecker.h
Tools/WebEditingTester/WK2WebDocumentController.m