Index: Source/core/html/HTMLFormElement.cpp |
diff --git a/Source/core/html/HTMLFormElement.cpp b/Source/core/html/HTMLFormElement.cpp |
index 566e8c19e40f2aa73d99201f720d2b2f8ff7090b..68ee764490804718d33c45d976f13c2eccde754c 100644 |
--- a/Source/core/html/HTMLFormElement.cpp |
+++ b/Source/core/html/HTMLFormElement.cpp |
@@ -37,6 +37,10 @@ |
#include "core/events/Event.h" |
#include "core/events/GenericEventQueue.h" |
#include "core/events/ScopedEventQueue.h" |
+#include "core/frame/DOMWindow.h" |
+#include "core/frame/LocalFrame.h" |
+#include "core/frame/UseCounter.h" |
+#include "core/frame/csp/ContentSecurityPolicy.h" |
#include "core/html/HTMLCollection.h" |
#include "core/html/HTMLDialogElement.h" |
#include "core/html/HTMLImageElement.h" |
@@ -46,12 +50,10 @@ |
#include "core/html/forms/FormController.h" |
#include "core/loader/FrameLoader.h" |
#include "core/loader/FrameLoaderClient.h" |
-#include "core/frame/DOMWindow.h" |
-#include "core/frame/LocalFrame.h" |
-#include "core/frame/UseCounter.h" |
-#include "core/frame/csp/ContentSecurityPolicy.h" |
+#include "core/loader/MixedContentChecker.h" |
#include "core/rendering/RenderTextControl.h" |
#include "platform/UserGestureIndicator.h" |
+#include "wtf/text/AtomicString.h" |
using namespace std; |
@@ -59,6 +61,15 @@ namespace WebCore { |
using namespace HTMLNames; |
+namespace { |
+ |
+KURL getActionURL(const Document& document, const String& action) |
+{ |
+ return action.isEmpty() ? document.url() : document.completeURL(action); |
+} |
+ |
+} // namespace |
+ |
HTMLFormElement::HTMLFormElement(Document& document) |
: HTMLElement(formTag, document) |
#if !ENABLE(OILPAN) |
@@ -347,6 +358,13 @@ void HTMLFormElement::submit(Event* event, bool activateSubmitButton, bool proce |
m_wasUserSubmitted = processingUserGesture; |
+ KURL actionURL = getActionURL(document(), m_attributes.action()); |
+ if (MixedContentChecker::isMixedContent(document().securityOrigin(), actionURL)) |
+ UseCounter::count(document(), UseCounter::MixedContentSubmittedForm); |
+ |
+ if (!document().frame()->loader().mixedContentChecker()->canSubmitToInsecureForm(document().securityOrigin(), actionURL)) |
+ return; |
+ |
RefPtrWillBeRawPtr<HTMLFormControlElement> firstSuccessfulSubmitButton = nullptr; |
bool needButtonActivation = activateSubmitButton; // do we need to activate a submit button? |
@@ -790,4 +808,20 @@ void HTMLFormElement::setDemoted(bool demoted) |
m_wasDemoted = demoted; |
} |
+void HTMLFormElement::attributeChanged(const QualifiedName& name, const AtomicString& newValue, AttributeModificationReason) |
+{ |
+ Element::attributeChanged(name, newValue); |
+ if (name == actionAttr) { |
+ // If the new action attribute is pointing to insecure "action" location from a secure page |
+ // it is marked as "passive" mixed content. In other words, it will just |
+ // show a console warning unless the user override the preferences to |
+ // block all mixed content. |
+ KURL actionURL = getActionURL(document(), m_attributes.action()); |
+ if (MixedContentChecker::isMixedContent(document().securityOrigin(), actionURL)) { |
+ document().frame()->loader().mixedContentChecker()->canSubmitToInsecureForm(document().securityOrigin(), actionURL); |
+ UseCounter::count(document(), UseCounter::MixedContentForm); |
+ } |
+ } |
abarth-chromium
2014/06/07 08:59:50
Is there a reason to trigger this use counter for
mhm
2014/06/09 15:55:35
mkwst@ suggested that we need to count three thing
|
+} |
+ |
} // namespace |