Diff
Modified: trunk/LayoutTests/ChangeLog (88376 => 88377)
--- trunk/LayoutTests/ChangeLog 2011-06-08 20:04:37 UTC (rev 88376)
+++ trunk/LayoutTests/ChangeLog 2011-06-08 20:05:01 UTC (rev 88377)
@@ -1,3 +1,23 @@
+2011-06-08 Tom Sepez <[email protected]>
+
+ Reviewed by Adam Barth.
+
+ Chromium mixed content blocking, ensure that both preferences and web permissions
+ control the outcome. Ensure notify callback gets invoked even with insecure content.
+ https://bugs.webkit.org/show_bug.cgi?id=61946
+
+ * http/tests/security/mixedContent/resources/frame-with-insecure-image.html:
+ * http/tests/security/mixedContent/resources/frame-with-insecure-script.html:
+ * platform/chromium/http/tests/security/mixedContent: Added.
+ * platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed-expected.txt: Added.
+ * platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html: Added.
+ * platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-blocked-expected.txt: Added.
+ * platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-blocked.html: Added.
+ * platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-allowed-expected.txt: Added.
+ * platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-allowed.html: Added.
+ * platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-blocked-expected.txt: Added.
+ * platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-blocked.html: Added.
+
2011-06-08 James Simonsen <[email protected]>
[Chromium] Unreviewed, mark two flaky tests. Bug filed.
Modified: trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-image.html (88376 => 88377)
--- trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-image.html 2011-06-08 20:04:37 UTC (rev 88376)
+++ trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-image.html 2011-06-08 20:05:01 UTC (rev 88377)
@@ -1,8 +1,11 @@
+<html>
+<body _onload_="frameLoaded()">
<script>
-function imgLoaded() {
+function frameLoaded() {
if (window.opener)
window.opener.postMessage('done', '*');
}
</script>
-<img _onload_="imgLoaded()"
- src=""
+<img src=""
+</body>
+</html>
Modified: trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-script.html (88376 => 88377)
--- trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-script.html 2011-06-08 20:04:37 UTC (rev 88376)
+++ trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-script.html 2011-06-08 20:05:01 UTC (rev 88377)
@@ -1 +1,9 @@
+<body _onload_="frameLoaded()">
+<script>
+function frameLoaded() {
+ if (window.opener)
+ window.opener.postMessage('done', '*');
+}
+</script>
<script src=""
+</body>
Added: trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed-expected.txt (0 => 88377)
--- trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed-expected.txt 2011-06-08 20:05:01 UTC (rev 88377)
@@ -0,0 +1,17 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+CONSOLE MESSAGE: line 1: The page at about:blank displayed insecure content from http://127.0.0.1:8080/security/mixedContent/resources/boring.html.
+
+didDisplayInsecureContent
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that loads an insecure image. We should trigger a mixed content callback even though we've set the preference to block this, because we've overriden the preference via a web permission client callback.
Added: trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html (0 => 88377)
--- trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html 2011-06-08 20:05:01 UTC (rev 88377)
@@ -0,0 +1,27 @@
+<html>
+<body>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpFrameLoadCallbacks();
+ layoutTestController.setCanOpenWindows();
+ layoutTestController.setCloseRemainingWindowsWhenComplete(true);
+ layoutTestController.overridePreference("WebKitAllowDisplayingInsecureContent", false);
+ layoutTestController.setAllowDisplayOfInsecureContent(true);
+}
+
+window.addEventListener("message", function (e) {
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}, false);
+
+</script>
+<p>This test opens a window that loads an insecure image. We should trigger
+a mixed content callback even though we've set the preference to block this,
+because we've overriden the preference via a web permission client callback.</p>
+<script>
+window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-frame.html");
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-blocked-expected.txt (0 => 88377)
--- trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-blocked-expected.txt 2011-06-08 20:05:01 UTC (rev 88377)
@@ -0,0 +1,11 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didCommitLoadForFrame
+CONSOLE MESSAGE: line 1: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image.html displayed insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
+
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that loads an insecure image. We should not trigger a mixed content callback even though the main frame in the window is HTTPS and is displaying insecure content, because we've set the preference to block this.
Added: trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-blocked.html (0 => 88377)
--- trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-blocked.html (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-blocked.html 2011-06-08 20:05:01 UTC (rev 88377)
@@ -0,0 +1,27 @@
+<html>
+<body>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpFrameLoadCallbacks();
+ layoutTestController.setCanOpenWindows();
+ layoutTestController.setCloseRemainingWindowsWhenComplete(true);
+ layoutTestController.overridePreference("WebKitAllowDisplayingInsecureContent", false);
+}
+
+window.addEventListener("message", function (e) {
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}, false);
+
+</script>
+<p>This test opens a window that loads an insecure image. We should not
+trigger a mixed content callback even though the main frame in the window
+is HTTPS and is displaying insecure content, because we've set the preference
+to block this.</p>
+<script>
+window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image.html");
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-allowed-expected.txt (0 => 88377)
--- trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-allowed-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-allowed-expected.txt 2011-06-08 20:05:01 UTC (rev 88377)
@@ -0,0 +1,12 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didCommitLoadForFrame
+CONSOLE MESSAGE: line 1: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-script.html ran insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
+
+didRunInsecureContent
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that loads an insecure script. We should trigger a mixed content callback even though we've set the preference to block this, because we've overriden the preference via a web permission client callback.
Added: trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-allowed.html (0 => 88377)
--- trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-allowed.html (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-allowed.html 2011-06-08 20:05:01 UTC (rev 88377)
@@ -0,0 +1,27 @@
+<html>
+<body>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpFrameLoadCallbacks();
+ layoutTestController.setCanOpenWindows();
+ layoutTestController.setCloseRemainingWindowsWhenComplete(true);
+ layoutTestController.overridePreference("WebKitAllowRunningInsecureContent", false);
+ layoutTestController.setAllowRunningOfInsecureContent(true);
+}
+
+window.addEventListener("message", function (e) {
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}, false);
+
+</script>
+<p>This test opens a window that loads an insecure script. We should trigger
+a mixed content callback even though we've set the preference to block this,
+because we've overriden the preference via a web permission client callback.</p>
+<script>
+window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-script.html");
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-blocked-expected.txt (0 => 88377)
--- trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-blocked-expected.txt 2011-06-08 20:05:01 UTC (rev 88377)
@@ -0,0 +1,11 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didCommitLoadForFrame
+CONSOLE MESSAGE: line 1: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-script.html ran insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
+
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that loads an insecure script. We should not trigger a mixed content callback even though the main frame in the window is HTTPS and is running insecure scripts, because we've set the preference to block this.
Added: trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-blocked.html (0 => 88377)
--- trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-blocked.html (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-blocked.html 2011-06-08 20:05:01 UTC (rev 88377)
@@ -0,0 +1,27 @@
+<html>
+<body>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpFrameLoadCallbacks();
+ layoutTestController.setCanOpenWindows();
+ layoutTestController.setCloseRemainingWindowsWhenComplete(true);
+ layoutTestController.overridePreference("WebKitAllowRunningInsecureContent", false);
+}
+
+window.addEventListener("message", function (e) {
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}, false);
+
+</script>
+<p>This test opens a window that loads an insecure script. We should not
+trigger a mixed content callback even though the main frame in the window
+is HTTPS and is running insecure scripts, because we've set the preference
+to block this.</p>
+<script>
+window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-script.html");
+</script>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (88376 => 88377)
--- trunk/Source/WebCore/ChangeLog 2011-06-08 20:04:37 UTC (rev 88376)
+++ trunk/Source/WebCore/ChangeLog 2011-06-08 20:05:01 UTC (rev 88377)
@@ -1,3 +1,21 @@
+2011-06-08 Tom Sepez <[email protected]>
+
+ Reviewed by Adam Barth.
+
+ Cause checks for insecure content blocking policy to callback to client.
+ https://bugs.webkit.org/show_bug.cgi?id=61946
+ Tests: platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html
+ platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-blocked.html
+ platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-allowed.html
+ platform/chromium/http/tests/security/mixedContent/insecure-script-in-main-frame-blocked.html
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::checkIfDisplayInsecureContent):
+ (WebCore::FrameLoader::checkIfRunInsecureContent):
+ * loader/FrameLoaderClient.h:
+ (WebCore::FrameLoaderClient::allowDisplayingInsecureContent):
+ (WebCore::FrameLoaderClient::allowRunningInsecureContent):
+
2011-06-08 Kevin Ollivier <[email protected]>
[wx] Build fix after introduction of FontCache::ShouldRetain
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (88376 => 88377)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2011-06-08 20:04:37 UTC (rev 88376)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2011-06-08 20:05:01 UTC (rev 88377)
@@ -1118,11 +1118,15 @@
return true;
Settings* settings = m_frame->settings();
- bool allowed = settings && settings->allowDisplayOfInsecureContent();
- String message = (allowed ? emptyString() : "[blocked] ") + "The page at " + m_frame->document()->url().string() + " displayed insecure content from " + url.string() + ".\n";
+ bool allowed = m_client->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), context, url);
+ String message = (allowed ? emptyString() : "[blocked] ") + "The page at " +
+ m_frame->document()->url().string() + " displayed insecure content from " + url.string() + ".\n";
+
m_frame->domWindow()->console()->addMessage(HTMLMessageSource, LogMessageType, WarningMessageLevel, message, 1, String());
- m_client->didDisplayInsecureContent();
+ if (allowed)
+ m_client->didDisplayInsecureContent();
+
return allowed;
}
@@ -1132,11 +1136,15 @@
return true;
Settings* settings = m_frame->settings();
- bool allowed = settings && settings->allowRunningOfInsecureContent();
- String message = (allowed ? emptyString() : "[blocked] ") + "The page at " + m_frame->document()->url().string() + " ran insecure content from " + url.string() + ".\n";
+ bool allowed = m_client->allowRunningInsecureContent(settings && settings->allowRunningOfInsecureContent(), context, url);
+ String message = (allowed ? emptyString() : "[blocked] ") + "The page at " +
+ m_frame->document()->url().string() + " ran insecure content from " + url.string() + ".\n";
+
m_frame->domWindow()->console()->addMessage(HTMLMessageSource, LogMessageType, WarningMessageLevel, message, 1, String());
- m_client->didRunInsecureContent(context, url);
+ if (allowed)
+ m_client->didRunInsecureContent(context, url);
+
return allowed;
}
Modified: trunk/Source/WebCore/loader/FrameLoaderClient.h (88376 => 88377)
--- trunk/Source/WebCore/loader/FrameLoaderClient.h 2011-06-08 20:04:37 UTC (rev 88376)
+++ trunk/Source/WebCore/loader/FrameLoaderClient.h 2011-06-08 20:05:01 UTC (rev 88377)
@@ -300,7 +300,9 @@
virtual bool allowJavaScript(bool enabledPerSettings) { return enabledPerSettings; }
virtual bool allowPlugins(bool enabledPerSettings) { return enabledPerSettings; }
virtual bool allowImages(bool enabledPerSettings) { return enabledPerSettings; }
-
+ virtual bool allowDisplayingInsecureContent(bool enabledPerSettings, SecurityOrigin*, const KURL&) { return enabledPerSettings; }
+ virtual bool allowRunningInsecureContent(bool enabledPerSettings, SecurityOrigin*, const KURL&) { return enabledPerSettings; }
+
// This callback notifies the client that the frame was about to run
// _javascript_ but did not because allowJavaScript returned false. We
// have a separate callback here because there are a number of places
Modified: trunk/Source/WebKit/chromium/ChangeLog (88376 => 88377)
--- trunk/Source/WebKit/chromium/ChangeLog 2011-06-08 20:04:37 UTC (rev 88376)
+++ trunk/Source/WebKit/chromium/ChangeLog 2011-06-08 20:05:01 UTC (rev 88377)
@@ -1,3 +1,18 @@
+2011-06-08 Tom Sepez <[email protected]>
+
+ Reviewed by Adam Barth.
+
+ Add new permission callbacks for mixed content blocking.
+ https://bugs.webkit.org/show_bug.cgi?id=61946
+
+ * public/WebPermissionClient.h:
+ (WebKit::WebPermissionClient::allowDisplayingInsecureContent):
+ (WebKit::WebPermissionClient::allowRunningInsecureContent):
+ * src/FrameLoaderClientImpl.cpp:
+ (WebKit::FrameLoaderClientImpl::allowDisplayingInsecureContent):
+ (WebKit::FrameLoaderClientImpl::allowRunningInsecureContent):
+ * src/FrameLoaderClientImpl.h:
+
2011-06-08 Ryosuke Niwa <[email protected]>
Added new entries for skia/third_party/glu.
Modified: trunk/Source/WebKit/chromium/public/WebPermissionClient.h (88376 => 88377)
--- trunk/Source/WebKit/chromium/public/WebPermissionClient.h 2011-06-08 20:04:37 UTC (rev 88376)
+++ trunk/Source/WebKit/chromium/public/WebPermissionClient.h 2011-06-08 20:05:01 UTC (rev 88377)
@@ -36,6 +36,7 @@
class WebFrame;
class WebSecurityOrigin;
class WebString;
+class WebURL;
class WebPermissionClient {
public:
@@ -57,6 +58,12 @@
// Controls whether scripts are allowed to execute for this frame.
virtual bool allowScript(WebFrame*, bool enabledPerSettings) { return enabledPerSettings; }
+ // Controls whether insecrure content is allowed to display for this frame.
+ virtual bool allowDisplayingInsecureContent(WebFrame*, bool enabledPerSettings, const WebSecurityOrigin&, const WebURL&) { return enabledPerSettings; }
+
+ // Controls whether insecrure scripts are allowed to execute for this frame.
+ virtual bool allowRunningInsecureContent(WebFrame*, bool enabledPerSettings, const WebSecurityOrigin&, const WebURL&) { return enabledPerSettings; }
+
// Controls whether the given script extension should run in a new script
// context in this frame. If extensionGroup is 0, the script context is the
// frame's main context. Otherwise, it is a context created by
Modified: trunk/Source/WebKit/chromium/src/FrameLoaderClientImpl.cpp (88376 => 88377)
--- trunk/Source/WebKit/chromium/src/FrameLoaderClientImpl.cpp 2011-06-08 20:04:37 UTC (rev 88376)
+++ trunk/Source/WebKit/chromium/src/FrameLoaderClientImpl.cpp 2011-06-08 20:05:01 UTC (rev 88377)
@@ -202,6 +202,24 @@
return enabledPerSettings;
}
+bool FrameLoaderClientImpl::allowDisplayingInsecureContent(bool enabledPerSettings, SecurityOrigin* context, const KURL& url)
+{
+ WebViewImpl* webview = m_webFrame->viewImpl();
+ if (webview && webview->permissionClient())
+ return webview->permissionClient()->allowDisplayingInsecureContent(m_webFrame, enabledPerSettings, WebSecurityOrigin(context), WebURL(url));
+
+ return enabledPerSettings;
+}
+
+bool FrameLoaderClientImpl::allowRunningInsecureContent(bool enabledPerSettings, SecurityOrigin* context, const KURL& url)
+{
+ WebViewImpl* webview = m_webFrame->viewImpl();
+ if (webview && webview->permissionClient())
+ return webview->permissionClient()->allowRunningInsecureContent(m_webFrame, enabledPerSettings, WebSecurityOrigin(context), WebURL(url));
+
+ return enabledPerSettings;
+}
+
void FrameLoaderClientImpl::didNotAllowScript()
{
WebViewImpl* webview = m_webFrame->viewImpl();
Modified: trunk/Source/WebKit/chromium/src/FrameLoaderClientImpl.h (88376 => 88377)
--- trunk/Source/WebKit/chromium/src/FrameLoaderClientImpl.h 2011-06-08 20:04:37 UTC (rev 88376)
+++ trunk/Source/WebKit/chromium/src/FrameLoaderClientImpl.h 2011-06-08 20:05:01 UTC (rev 88377)
@@ -206,6 +206,8 @@
virtual bool allowJavaScript(bool enabledPerSettings);
virtual bool allowPlugins(bool enabledPerSettings);
virtual bool allowImages(bool enabledPerSettings);
+ virtual bool allowDisplayingInsecureContent(bool enabledPerSettings, WebCore::SecurityOrigin*, const WebCore::KURL&);
+ virtual bool allowRunningInsecureContent(bool enabledPerSettings, WebCore::SecurityOrigin*, const WebCore::KURL&);
virtual void didNotAllowScript();
virtual void didNotAllowPlugins();
Modified: trunk/Tools/ChangeLog (88376 => 88377)
--- trunk/Tools/ChangeLog 2011-06-08 20:04:37 UTC (rev 88376)
+++ trunk/Tools/ChangeLog 2011-06-08 20:05:01 UTC (rev 88377)
@@ -1,3 +1,22 @@
+2011-06-08 Tom Sepez <[email protected]>
+
+ Reviewed by Adam Barth.
+
+ Add web permissions callbacks for mixed content blocking.
+ https://bugs.webkit.org/show_bug.cgi?id=61946
+
+ * DumpRenderTree/chromium/LayoutTestController.cpp:
+ (LayoutTestController::setAllowDisplayOfInsecureContent):
+ (LayoutTestController::setAllowRunningOfInsecureContent):
+ (LayoutTestController::overridePreference):
+ * DumpRenderTree/chromium/WebPermissions.cpp:
+ (WebPermissions::allowDisplayingInsecureContent):
+ (WebPermissions::allowRunningInsecureContent):
+ (WebPermissions::setDisplayingInsecureContentAllowed):
+ (WebPermissions::setRunningInsecureContentAllowed):
+ (WebPermissions::reset):
+ * DumpRenderTree/chromium/WebPermissions.h:
+
2011-06-08 Dirk Pranke <[email protected]>
Reviewed by Tony Chang.
Modified: trunk/Tools/DumpRenderTree/chromium/LayoutTestController.cpp (88376 => 88377)
--- trunk/Tools/DumpRenderTree/chromium/LayoutTestController.cpp 2011-06-08 20:04:37 UTC (rev 88376)
+++ trunk/Tools/DumpRenderTree/chromium/LayoutTestController.cpp 2011-06-08 20:05:01 UTC (rev 88377)
@@ -1355,10 +1355,9 @@
void LayoutTestController::setAllowDisplayOfInsecureContent(const CppArgumentList& arguments, CppVariant* result)
{
- if (arguments.size() > 0 && arguments[0].isBool()) {
- m_shell->preferences()->allowDisplayOfInsecureContent = arguments[0].value.boolValue;
- m_shell->applyPreferences();
- }
+ if (arguments.size() > 0 && arguments[0].isBool())
+ m_shell->webPermissions()->setDisplayingInsecureContentAllowed(arguments[0].toBoolean());
+
result->setNull();
}
@@ -1373,10 +1372,9 @@
void LayoutTestController::setAllowRunningOfInsecureContent(const CppArgumentList& arguments, CppVariant* result)
{
- if (arguments.size() > 0 && arguments[0].isBool()) {
- m_shell->preferences()->allowRunningOfInsecureContent = arguments[0].value.boolValue;
- m_shell->applyPreferences();
- }
+ if (arguments.size() > 0 && arguments[0].isBool())
+ m_shell->webPermissions()->setRunningInsecureContentAllowed(arguments[0].value.boolValue);
+
result->setNull();
}
@@ -1493,6 +1491,10 @@
prefs->hyperlinkAuditingEnabled = cppVariantToBool(value);
else if (key == "WebKitEnableCaretBrowsing")
prefs->caretBrowsingEnabled = cppVariantToBool(value);
+ else if (key == "WebKitAllowDisplayingInsecureContent")
+ prefs->allowDisplayOfInsecureContent = cppVariantToBool(value);
+ else if (key == "WebKitAllowRunningInsecureContent")
+ prefs->allowRunningOfInsecureContent = cppVariantToBool(value);
else {
string message("Invalid name for preference: ");
message.append(key);
Modified: trunk/Tools/DumpRenderTree/chromium/WebPermissions.cpp (88376 => 88377)
--- trunk/Tools/DumpRenderTree/chromium/WebPermissions.cpp 2011-06-08 20:04:37 UTC (rev 88376)
+++ trunk/Tools/DumpRenderTree/chromium/WebPermissions.cpp 2011-06-08 20:05:01 UTC (rev 88377)
@@ -50,6 +50,18 @@
return m_storageAllowed;
}
+bool WebPermissions::allowDisplayingInsecureContent(WebKit::WebFrame*, bool enabledPerSettings,
+ const WebKit::WebSecurityOrigin&, const WebKit::WebURL&)
+{
+ return enabledPerSettings || m_displayingInsecureContentAllowed;
+}
+
+bool WebPermissions::allowRunningInsecureContent(WebKit::WebFrame*, bool enabledPerSettings,
+ const WebKit::WebSecurityOrigin&, const WebKit::WebURL&)
+{
+ return enabledPerSettings || m_runningInsecureContentAllowed;
+}
+
void WebPermissions::setImagesAllowed(bool imagesAllowed)
{
m_imagesAllowed = imagesAllowed;
@@ -60,8 +72,20 @@
m_storageAllowed = storageAllowed;
}
+void WebPermissions::setDisplayingInsecureContentAllowed(bool allowed)
+{
+ m_displayingInsecureContentAllowed = allowed;
+}
+
+void WebPermissions::setRunningInsecureContentAllowed(bool allowed)
+{
+ m_runningInsecureContentAllowed = allowed;
+}
+
void WebPermissions::reset()
{
m_imagesAllowed = true;
m_storageAllowed = true;
+ m_displayingInsecureContentAllowed = false;
+ m_runningInsecureContentAllowed = false;
}
Modified: trunk/Tools/DumpRenderTree/chromium/WebPermissions.h (88376 => 88377)
--- trunk/Tools/DumpRenderTree/chromium/WebPermissions.h 2011-06-08 20:04:37 UTC (rev 88376)
+++ trunk/Tools/DumpRenderTree/chromium/WebPermissions.h 2011-06-08 20:05:01 UTC (rev 88377)
@@ -38,19 +38,28 @@
WebPermissions();
virtual ~WebPermissions();
+ // Override WebPermissionClient methods.
virtual bool allowImages(WebKit::WebFrame*, bool enabledPerSettings);
virtual bool allowStorage(WebKit::WebFrame*, bool local);
+ virtual bool allowDisplayingInsecureContent(WebKit::WebFrame*, bool enabledPerSettings,
+ const WebKit::WebSecurityOrigin&, const WebKit::WebURL&);
+ virtual bool allowRunningInsecureContent(WebKit::WebFrame*, bool enabledPerSettings,
+ const WebKit::WebSecurityOrigin&, const WebKit::WebURL&);
- // Sets the different policies.
+ // Hooks to set the different policies.
void setImagesAllowed(bool);
void setStorageAllowed(bool);
+ void setDisplayingInsecureContentAllowed(bool);
+ void setRunningInsecureContentAllowed(bool);
- // Resets the policy to allow all access.
+ // Resets the policy to allow images, storage, displaying insecure, but not running insecure.
void reset();
private:
bool m_imagesAllowed;
bool m_storageAllowed;
+ bool m_displayingInsecureContentAllowed;
+ bool m_runningInsecureContentAllowed;
};
#endif
