Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(39)

Side by Side Diff: Source/core/html/HTMLFormElement.cpp

Issue 311033003: Implementing mixed content for forms posting to insecure location from secure ones (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Fixed the error when action attribute is empty. Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/frame/UseCounter.h ('k') | Source/core/loader/FormSubmission.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserv ed. 5 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserv ed.
6 * (C) 2006 Alexey Proskuryakov (ap@nypop.com) 6 * (C) 2006 Alexey Proskuryakov (ap@nypop.com)
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Library General Public 9 * modify it under the terms of the GNU Library General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 19 matching lines...) Expand all
30 #include "bindings/v8/ScriptController.h" 30 #include "bindings/v8/ScriptController.h"
31 #include "bindings/v8/ScriptEventListener.h" 31 #include "bindings/v8/ScriptEventListener.h"
32 #include "core/dom/Attribute.h" 32 #include "core/dom/Attribute.h"
33 #include "core/dom/Document.h" 33 #include "core/dom/Document.h"
34 #include "core/dom/ElementTraversal.h" 34 #include "core/dom/ElementTraversal.h"
35 #include "core/dom/IdTargetObserverRegistry.h" 35 #include "core/dom/IdTargetObserverRegistry.h"
36 #include "core/events/AutocompleteErrorEvent.h" 36 #include "core/events/AutocompleteErrorEvent.h"
37 #include "core/events/Event.h" 37 #include "core/events/Event.h"
38 #include "core/events/GenericEventQueue.h" 38 #include "core/events/GenericEventQueue.h"
39 #include "core/events/ScopedEventQueue.h" 39 #include "core/events/ScopedEventQueue.h"
40 #include "core/frame/DOMWindow.h"
41 #include "core/frame/LocalFrame.h"
42 #include "core/frame/UseCounter.h"
43 #include "core/frame/csp/ContentSecurityPolicy.h"
40 #include "core/html/HTMLCollection.h" 44 #include "core/html/HTMLCollection.h"
41 #include "core/html/HTMLDialogElement.h" 45 #include "core/html/HTMLDialogElement.h"
42 #include "core/html/HTMLImageElement.h" 46 #include "core/html/HTMLImageElement.h"
43 #include "core/html/HTMLInputElement.h" 47 #include "core/html/HTMLInputElement.h"
44 #include "core/html/HTMLObjectElement.h" 48 #include "core/html/HTMLObjectElement.h"
45 #include "core/html/RadioNodeList.h" 49 #include "core/html/RadioNodeList.h"
46 #include "core/html/forms/FormController.h" 50 #include "core/html/forms/FormController.h"
47 #include "core/loader/FrameLoader.h" 51 #include "core/loader/FrameLoader.h"
48 #include "core/loader/FrameLoaderClient.h" 52 #include "core/loader/FrameLoaderClient.h"
49 #include "core/frame/DOMWindow.h" 53 #include "core/loader/MixedContentChecker.h"
50 #include "core/frame/LocalFrame.h"
51 #include "core/frame/UseCounter.h"
52 #include "core/frame/csp/ContentSecurityPolicy.h"
53 #include "core/rendering/RenderTextControl.h" 54 #include "core/rendering/RenderTextControl.h"
54 #include "platform/UserGestureIndicator.h" 55 #include "platform/UserGestureIndicator.h"
56 #include "wtf/text/AtomicString.h"
55 57
56 using namespace std; 58 using namespace std;
57 59
58 namespace WebCore { 60 namespace WebCore {
59 61
60 using namespace HTMLNames; 62 using namespace HTMLNames;
61 63
62 HTMLFormElement::HTMLFormElement(Document& document) 64 HTMLFormElement::HTMLFormElement(Document& document)
63 : HTMLElement(formTag, document) 65 : HTMLElement(formTag, document)
64 #if !ENABLE(OILPAN) 66 #if !ENABLE(OILPAN)
(...skipping 320 matching lines...) Expand 10 before | Expand all | Expand 10 after
385 ASSERT(submission->state()); 387 ASSERT(submission->state());
386 if (submission->action().isEmpty()) 388 if (submission->action().isEmpty())
387 return; 389 return;
388 if (document().isSandboxed(SandboxForms)) { 390 if (document().isSandboxed(SandboxForms)) {
389 // FIXME: This message should be moved off the console once a solution t o https://bugs.webkit.org/show_bug.cgi?id=103274 exists. 391 // FIXME: This message should be moved off the console once a solution t o https://bugs.webkit.org/show_bug.cgi?id=103274 exists.
390 document().addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, " Blocked form submission to '" + submission->action().elidedString() + "' because the form's frame is sandboxed and the 'allow-forms' permission is not set."); 392 document().addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, " Blocked form submission to '" + submission->action().elidedString() + "' because the form's frame is sandboxed and the 'allow-forms' permission is not set.");
391 return; 393 return;
392 } 394 }
393 395
394 if (protocolIsJavaScript(submission->action())) { 396 if (protocolIsJavaScript(submission->action())) {
395 if (!document().contentSecurityPolicy()->allowFormAction(KURL(submission ->action()))) 397 if (!document().contentSecurityPolicy()->allowFormAction(submission->act ion()))
396 return; 398 return;
397 document().frame()->script().executeScriptIfJavaScriptURL(submission->ac tion()); 399 document().frame()->script().executeScriptIfJavaScriptURL(submission->ac tion());
398 return; 400 return;
399 } 401 }
400 402
401 LocalFrame* targetFrame = document().frame()->loader().findFrameForNavigatio n(submission->target(), submission->state()->sourceDocument()); 403 LocalFrame* targetFrame = document().frame()->loader().findFrameForNavigatio n(submission->target(), submission->state()->sourceDocument());
402 if (!targetFrame) { 404 if (!targetFrame) {
403 if (!DOMWindow::allowPopUp(*document().frame()) && !UserGestureIndicator ::processingUserGesture()) 405 if (!DOMWindow::allowPopUp(*document().frame()) && !UserGestureIndicator ::processingUserGesture())
404 return; 406 return;
405 targetFrame = document().frame(); 407 targetFrame = document().frame();
406 } else { 408 } else {
407 submission->clearTarget(); 409 submission->clearTarget();
408 } 410 }
409 if (!targetFrame->page()) 411 if (!targetFrame->page())
410 return; 412 return;
411 413
414 if (MixedContentChecker::isMixedContent(document().securityOrigin(), submiss ion->action())) {
415 UseCounter::count(document(), UseCounter::MixedContentFormsSubmitted);
416 if (!document().frame()->loader().mixedContentChecker()->canSubmitToInse cureForm(document().securityOrigin(), submission->action()))
417 return;
418 } else {
419 UseCounter::count(document(), UseCounter::FormsSubmitted);
420 }
421
412 submission->setReferrer(Referrer(document().outgoingReferrer(), document().r eferrerPolicy())); 422 submission->setReferrer(Referrer(document().outgoingReferrer(), document().r eferrerPolicy()));
413 submission->setOrigin(document().outgoingOrigin()); 423 submission->setOrigin(document().outgoingOrigin());
414 424
415 targetFrame->navigationScheduler().scheduleFormSubmission(submission); 425 targetFrame->navigationScheduler().scheduleFormSubmission(submission);
416 } 426 }
417 427
418 void HTMLFormElement::reset() 428 void HTMLFormElement::reset()
419 { 429 {
420 LocalFrame* frame = document().frame(); 430 LocalFrame* frame = document().frame();
421 if (m_isInResetFunction || !frame) 431 if (m_isInResetFunction || !frame)
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
469 event = AutocompleteErrorEvent::create("invalid"); 479 event = AutocompleteErrorEvent::create("invalid");
470 else 480 else
471 ASSERT_NOT_REACHED(); 481 ASSERT_NOT_REACHED();
472 482
473 event->setTarget(this); 483 event->setTarget(this);
474 m_pendingAutocompleteEventsQueue->enqueueEvent(event.release()); 484 m_pendingAutocompleteEventsQueue->enqueueEvent(event.release());
475 } 485 }
476 486
477 void HTMLFormElement::parseAttribute(const QualifiedName& name, const AtomicStri ng& value) 487 void HTMLFormElement::parseAttribute(const QualifiedName& name, const AtomicStri ng& value)
478 { 488 {
479 if (name == actionAttr) 489 if (name == actionAttr) {
480 m_attributes.parseAction(value); 490 m_attributes.parseAction(document(), value);
481 else if (name == targetAttr) 491 // If the new action attribute is pointing to insecure "action" location from a secure page
492 // it is marked as "passive" mixed content.
493 KURL actionURL = m_attributes.action().isEmpty() ? document().url() : m_ attributes.action();
494 if (MixedContentChecker::isMixedContent(document().securityOrigin(), act ionURL))
495 document().frame()->loader().mixedContentChecker()->canSubmitToInsec ureForm(document().securityOrigin(), actionURL);
496 } else if (name == targetAttr)
482 m_attributes.setTarget(value); 497 m_attributes.setTarget(value);
483 else if (name == methodAttr) 498 else if (name == methodAttr)
484 m_attributes.updateMethodType(value); 499 m_attributes.updateMethodType(value);
485 else if (name == enctypeAttr) 500 else if (name == enctypeAttr)
486 m_attributes.updateEncodingType(value); 501 m_attributes.updateEncodingType(value);
487 else if (name == accept_charsetAttr) 502 else if (name == accept_charsetAttr)
488 m_attributes.setAcceptCharset(value); 503 m_attributes.setAcceptCharset(value);
489 else if (name == onautocompleteAttr) 504 else if (name == onautocompleteAttr)
490 setAttributeEventListener(EventTypeNames::autocomplete, createAttributeE ventListener(this, name, value)); 505 setAttributeEventListener(EventTypeNames::autocomplete, createAttributeE ventListener(this, name, value));
491 else if (name == onautocompleteerrorAttr) 506 else if (name == onautocompleteerrorAttr)
(...skipping 292 matching lines...) Expand 10 before | Expand all | Expand 10 after
784 } 799 }
785 800
786 void HTMLFormElement::setDemoted(bool demoted) 801 void HTMLFormElement::setDemoted(bool demoted)
787 { 802 {
788 if (demoted) 803 if (demoted)
789 UseCounter::count(document(), UseCounter::DemotedFormElement); 804 UseCounter::count(document(), UseCounter::DemotedFormElement);
790 m_wasDemoted = demoted; 805 m_wasDemoted = demoted;
791 } 806 }
792 807
793 } // namespace 808 } // namespace
OLDNEW
« no previous file with comments | « Source/core/frame/UseCounter.h ('k') | Source/core/loader/FormSubmission.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698