Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(227)

Unified Diff: LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-main-frame-blocked.html

Issue 311033003: Implementing mixed content for forms posting to insecure location from secure ones (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Fixed the error when action attribute is empty. Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-main-frame-blocked.html
diff --git a/LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html b/LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-main-frame-blocked.html
similarity index 57%
copy from LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html
copy to LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-main-frame-blocked.html
index 88175fa3cbc5f39b891ce60a081c06049f8e3a31..7a469e8022c7dda95dfa92d8136380c067a2f7a1 100644
--- a/LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html
+++ b/LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-main-frame-blocked.html
@@ -7,20 +7,18 @@ if (window.testRunner) {
testRunner.setCanOpenWindows();
testRunner.setCloseRemainingWindowsWhenComplete(true);
testRunner.overridePreference("WebKitAllowDisplayingInsecureContent", false);
- testRunner.setAllowDisplayOfInsecureContent(true);
}
window.addEventListener("message", function (e) {
if (window.testRunner)
- testRunner.notifyDone();
+ testRunner.notifyDone();
}, false);
</script>
-<p>This test opens a window that loads an insecure image. We should trigger
-a mixed content callback even though we've set the preference to block this,
-because we've overriden the preference via a web permission client callback.</p>
+<p>This test opens a window that shows a form with "action" pointing to an insecure
+location. We should not trigger a mixed content callback even though the main frame in the window is HTTPS and the form is pointing to insecure content, because we've set the preference to block this.</p>
<script>
-window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image.html");
+window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-formSubmission.html");
</script>
</body>
</html>

Powered by Google App Engine
This is Rietveld 408576698