Implementing mixed content for forms posting to insecure location from secure ones

Source/core/html/HTMLFormElement.cpp

Index: Source/core/html/HTMLFormElement.cpp
diff --git a/Source/core/html/HTMLFormElement.cpp b/Source/core/html/HTMLFormElement.cpp
index 566e8c19e40f2aa73d99201f720d2b2f8ff7090b..1c76f4382917e5960a57774afa612542b9beb631 100644
--- a/Source/core/html/HTMLFormElement.cpp
+++ b/Source/core/html/HTMLFormElement.cpp
@@ -37,6 +37,10 @@
 #include "core/events/Event.h"
 #include "core/events/GenericEventQueue.h"
 #include "core/events/ScopedEventQueue.h"
+#include "core/frame/DOMWindow.h"
+#include "core/frame/LocalFrame.h"
+#include "core/frame/UseCounter.h"
+#include "core/frame/csp/ContentSecurityPolicy.h"
 #include "core/html/HTMLCollection.h"
 #include "core/html/HTMLDialogElement.h"
 #include "core/html/HTMLImageElement.h"
@@ -46,12 +50,10 @@
 #include "core/html/forms/FormController.h"
 #include "core/loader/FrameLoader.h"
 #include "core/loader/FrameLoaderClient.h"
-#include "core/frame/DOMWindow.h"
-#include "core/frame/LocalFrame.h"
-#include "core/frame/UseCounter.h"
-#include "core/frame/csp/ContentSecurityPolicy.h"
+#include "core/loader/MixedContentChecker.h"
 #include "core/rendering/RenderTextControl.h"
 #include "platform/UserGestureIndicator.h"
+#include "wtf/text/AtomicString.h"
 
 using namespace std;
 
@@ -59,6 +61,15 @@ namespace WebCore {
 
 using namespace HTMLNames;
 
+namespace {
+
+    KURL getActionURL(const Document& document, const String& action)
+    {
+        return (action.isEmpty() ? document.url() : document.completeURL(action));

[abarth-chromium, 2014/06/06 22:49:48]

No need for the outer ( )

[mhm, 2014/06/07 01:21:26]

Done.

+    }

[abarth-chromium, 2014/06/06 22:49:48]

No indent for namespaces, please.

[mhm, 2014/06/07 01:21:26]

Done.

+
+} // namespace
+
 HTMLFormElement::HTMLFormElement(Document& document)
     : HTMLElement(formTag, document)
 #if !ENABLE(OILPAN)
@@ -347,6 +358,10 @@ void HTMLFormElement::submit(Event* event, bool activateSubmitButton, bool proce
 
     m_wasUserSubmitted = processingUserGesture;
 
+    KURL actionURL = getActionURL(document(), m_attributes.action());
+    if (MixedContentChecker::isMixedContent(document().securityOrigin(), actionURL))
+        UseCounter::count(document(), UseCounter::MixedContentSubmittedForm);
+
     RefPtrWillBeRawPtr<HTMLFormControlElement> firstSuccessfulSubmitButton = nullptr;
     bool needButtonActivation = activateSubmitButton; // do we need to activate a submit button?
 
@@ -790,4 +805,20 @@ void HTMLFormElement::setDemoted(bool demoted)
     m_wasDemoted = demoted;
 }
 
+void HTMLFormElement::attributeChanged(const QualifiedName& name, const AtomicString& newValue, AttributeModificationReason)
+{
+    Element::attributeChanged(name, newValue);
+    if (name == actionAttr) {
+        // If the new action attribute is pointing to insecure "action" location from a secure page
+        // it is marked as "passive" mixed content. In other words, it will just
+        // show a console warning unless the user override the preferences to
+        // block all mixed content.
+        KURL actionURL = getActionURL(document(), m_attributes.action());
+        if (!document().frame()->loader().mixedContentChecker()->canSubmitToInsecureForm(document().securityOrigin(), actionURL))
+            Element::attributeChanged(name, AtomicString(""));

[abarth-chromium, 2014/06/06 22:49:48]

There's no reason to wrap "" in AtomicString(...).

Is it correct to call Element::attributeChanged twice?  Will that generate two
mutation records?

+        if (MixedContentChecker::isMixedContent(document().securityOrigin(), actionURL))
+            UseCounter::count(document(), UseCounter::MixedContentForm);
+    }
+}
+
 } // namespace