Implementing mixed content for forms posting to insecure location from secure ones

Source/core/html/HTMLFormElement.cpp

 /*
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
  * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
  *           (C) 2006 Alexey Proskuryakov (ap@nypop.com)
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
  * License as published by the Free Software Foundation; either
@@ skipping 54 matching lines @@
 #if !ENABLE(OILPAN)
     , m_weakPtrFactory(this)
 #endif
     , m_associatedElementsAreDirty(false)
     , m_imageElementsAreDirty(false)
     , m_hasElementsAssociatedByParser(false)
     , m_didFinishParsingChildren(false)
     , m_wasUserSubmitted(false)
     , m_isInResetFunction(false)
     , m_wasDemoted(false)
+    , m_insecureSubmissionReported(false)
     , m_pendingAutocompleteEventsQueue(GenericEventQueue::create(this))
 {
     ScriptWrappable::init(this);
 }
 
 PassRefPtrWillBeRawPtr<HTMLFormElement> HTMLFormElement::create(Document& document)
 {
     UseCounter::count(document, UseCounter::FormElement);
     return adoptRefWillBeRefCountedGarbageCollected(new HTMLFormElement(document));
 }
@@ skipping 254 matching lines @@
     }
 }
 
 void HTMLFormElement::submit(Event* event, bool activateSubmitButton, bool processingUserGesture, FormSubmissionTrigger formSubmissionTrigger)
 {
     FrameView* view = document().view();
     LocalFrame* frame = document().frame();
     if (!view || !frame || !frame->page())
         return;
 
+    // Mixed content with form submission to insecure "action"
+    KURL actionURL = document().completeURL(m_attributes.action().isEmpty() ? document().url().string() : m_attributes.action());

[jww, 2014/06/05 03:49:46]

You should probably factor all of this out into a utility method called
getActionURL() or something, since you're repeating this logic elsewhere.

[mhm, 2014/06/05 17:04:28]

Done.

+    if (!frame->loader().mixedContentChecker()->canDisplayInsecureContent(document().securityOrigin(), actionURL)) {
+        m_insecureSubmissionReported = true;
+        return;
+    }
+
     m_wasUserSubmitted = processingUserGesture;
 
     RefPtrWillBeRawPtr<HTMLFormControlElement> firstSuccessfulSubmitButton = nullptr;
     bool needButtonActivation = activateSubmitButton; // do we need to activate a submit button?
 
     const FormAssociatedElement::List& elements = associatedElements();
     for (unsigned i = 0; i < elements.size(); ++i) {
         FormAssociatedElement* associatedElement = elements[i];
         if (!associatedElement->isFormControlElement())
             continue;
@@ skipping 381 matching lines @@
 bool HTMLFormElement::shouldAutocomplete() const
 {
     return !equalIgnoringCase(fastGetAttribute(autocompleteAttr), "off");
 }
 
 void HTMLFormElement::finishParsingChildren()
 {
     HTMLElement::finishParsingChildren();
     document().formController().restoreControlStateIn(*this);
     m_didFinishParsingChildren = true;
+
+    // If the post is pointing to insecure "action" location from a secure page
+    // it is mixed content.
+    KURL actionURL = document().completeURL(m_attributes.action().isEmpty() ? document().url().string() : m_attributes.action());

[jww, 2014/06/05 03:49:46]

See comment above about factoring this logic out.

[mhm, 2014/06/05 17:04:28]

Done.

+    if (!m_insecureSubmissionReported && MixedContentChecker::isMixedContent(document().securityOrigin(), actionURL)) {

[jww, 2014/06/05 03:49:46]

Although it's technically not needed, for clarify, can you add a #include for
MixedContentChecker.h at the top of this file?

[mhm, 2014/06/05 17:04:28]

Done.

+        document().frame()->loader().mixedContentChecker()->canDisplayInsecureContent(document().securityOrigin(), actionURL);
+        m_insecureSubmissionReported = true;
+    }
 }
 
 void HTMLFormElement::copyNonAttributePropertiesFromElement(const Element& source)
 {
     m_wasDemoted = static_cast<const HTMLFormElement&>(source).m_wasDemoted;
     HTMLElement::copyNonAttributePropertiesFromElement(source);
 }
 
 void HTMLFormElement::anonymousNamedGetter(const AtomicString& name, bool& returnValue0Enabled, RefPtrWillBeRawPtr<RadioNodeList>& returnValue0, bool& returnValue1Enabled, RefPtrWillBeRawPtr<Element>& returnValue1)
 {
@@ skipping 24 matching lines @@
     returnValue0 = radioNodeList(name, onlyMatchImg);
 }
 
 void HTMLFormElement::setDemoted(bool demoted)
 {
     if (demoted)
         UseCounter::count(document(), UseCounter::DemotedFormElement);
     m_wasDemoted = demoted;
 }
 
+void HTMLFormElement::attributeChanged(const QualifiedName& name, const AtomicString& newValue, AttributeModificationReason)

[jww, 2014/06/05 03:49:46]

Does this get called when the object is initially created? That is, during
parsing, when the action attribute is set, does that call attributeChanged? If
so, then the logic in finishParsingChildren() is redundant and can be removed.

[mhm, 2014/06/05 17:04:28]

Done.

[mhm, 2014/06/05 17:04:28]

Yes it does get called :-)

Removed redundant code.

On 2014/06/05 03:49:46, jww wrote:

+{
+    Element::attributeChanged(name, newValue);
+
+    if (name == actionAttr) {
+        // If the new action attribute is pointing to insecure "action" location from a secure page
+        // it is mixed content.
+        KURL actionURL = document().completeURL(m_attributes.action().isEmpty() ? document().url().string() : m_attributes.action());

[jww, 2014/06/05 03:49:46]

Assuming you don't remove the logic in finishParsingChildren, this logic looks
identical to the logic there, so you probably want to factor this out into a
utility method as well.

[mhm, 2014/06/05 17:04:28]

Done.

+        if (!m_insecureSubmissionReported && MixedContentChecker::isMixedContent(document().securityOrigin(), actionURL)) {
+            document().frame()->loader().mixedContentChecker()->canDisplayInsecureContent(document().securityOrigin(), actionURL);
+            m_insecureSubmissionReported = true;
+        }
+    }
+}
+
 } // namespace