Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1207)

Unified Diff: Source/core/html/HTMLFormElement.cpp

Issue 311033003: Implementing mixed content for forms posting to insecure location from secure ones (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Fixed the error when action attribute is empty. Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/core/frame/UseCounter.h ('k') | Source/core/loader/FormSubmission.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/html/HTMLFormElement.cpp
diff --git a/Source/core/html/HTMLFormElement.cpp b/Source/core/html/HTMLFormElement.cpp
index 566e8c19e40f2aa73d99201f720d2b2f8ff7090b..15677764db67be94933463932242fb74765a25ef 100644
--- a/Source/core/html/HTMLFormElement.cpp
+++ b/Source/core/html/HTMLFormElement.cpp
@@ -37,6 +37,10 @@
#include "core/events/Event.h"
#include "core/events/GenericEventQueue.h"
#include "core/events/ScopedEventQueue.h"
+#include "core/frame/DOMWindow.h"
+#include "core/frame/LocalFrame.h"
+#include "core/frame/UseCounter.h"
+#include "core/frame/csp/ContentSecurityPolicy.h"
#include "core/html/HTMLCollection.h"
#include "core/html/HTMLDialogElement.h"
#include "core/html/HTMLImageElement.h"
@@ -46,12 +50,10 @@
#include "core/html/forms/FormController.h"
#include "core/loader/FrameLoader.h"
#include "core/loader/FrameLoaderClient.h"
-#include "core/frame/DOMWindow.h"
-#include "core/frame/LocalFrame.h"
-#include "core/frame/UseCounter.h"
-#include "core/frame/csp/ContentSecurityPolicy.h"
+#include "core/loader/MixedContentChecker.h"
#include "core/rendering/RenderTextControl.h"
#include "platform/UserGestureIndicator.h"
+#include "wtf/text/AtomicString.h"
using namespace std;
@@ -392,7 +394,7 @@ void HTMLFormElement::scheduleFormSubmission(PassRefPtr<FormSubmission> submissi
}
if (protocolIsJavaScript(submission->action())) {
- if (!document().contentSecurityPolicy()->allowFormAction(KURL(submission->action())))
+ if (!document().contentSecurityPolicy()->allowFormAction(submission->action()))
return;
document().frame()->script().executeScriptIfJavaScriptURL(submission->action());
return;
@@ -409,6 +411,14 @@ void HTMLFormElement::scheduleFormSubmission(PassRefPtr<FormSubmission> submissi
if (!targetFrame->page())
return;
+ if (MixedContentChecker::isMixedContent(document().securityOrigin(), submission->action())) {
+ UseCounter::count(document(), UseCounter::MixedContentFormsSubmitted);
+ if (!document().frame()->loader().mixedContentChecker()->canSubmitToInsecureForm(document().securityOrigin(), submission->action()))
+ return;
+ } else {
+ UseCounter::count(document(), UseCounter::FormsSubmitted);
+ }
+
submission->setReferrer(Referrer(document().outgoingReferrer(), document().referrerPolicy()));
submission->setOrigin(document().outgoingOrigin());
@@ -476,9 +486,14 @@ void HTMLFormElement::finishRequestAutocomplete(AutocompleteResult result)
void HTMLFormElement::parseAttribute(const QualifiedName& name, const AtomicString& value)
{
- if (name == actionAttr)
- m_attributes.parseAction(value);
- else if (name == targetAttr)
+ if (name == actionAttr) {
+ m_attributes.parseAction(document(), value);
+ // If the new action attribute is pointing to insecure "action" location from a secure page
+ // it is marked as "passive" mixed content.
+ KURL actionURL = m_attributes.action().isEmpty() ? document().url() : m_attributes.action();
+ if (MixedContentChecker::isMixedContent(document().securityOrigin(), actionURL))
+ document().frame()->loader().mixedContentChecker()->canSubmitToInsecureForm(document().securityOrigin(), actionURL);
+ } else if (name == targetAttr)
m_attributes.setTarget(value);
else if (name == methodAttr)
m_attributes.updateMethodType(value);
« no previous file with comments | « Source/core/frame/UseCounter.h ('k') | Source/core/loader/FormSubmission.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698