Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(915)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/html/HTMLFormElement.cpp

Issue 311033003: Implementing mixed content for forms posting to insecure location from secure ones (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Addressed reviewers comments, added counter for mixed content and made warning messages more develo… Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« Source/core/html/HTMLFormElement.h ('K') | « Source/core/html/HTMLFormElement.h ('k') | Source/core/loader/MixedContentChecker.h » ('j') | Source/core/loader/MixedContentChecker.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/html/HTMLFormElement.cpp
diff --git a/Source/core/html/HTMLFormElement.cpp b/Source/core/html/HTMLFormElement.cpp
index edf2c15f82829b4e631f0f0fe688ad1274974835..1d8718f8653f9da3e89f8bbd059db8921309e290 100644
--- a/Source/core/html/HTMLFormElement.cpp
+++ b/Source/core/html/HTMLFormElement.cpp
@@ -38,6 +38,10 @@
#include "core/events/Event.h"
#include "core/events/GenericEventQueue.h"
#include "core/events/ScopedEventQueue.h"
+#include "core/frame/DOMWindow.h"
+#include "core/frame/LocalFrame.h"
+#include "core/frame/UseCounter.h"
+#include "core/frame/csp/ContentSecurityPolicy.h"
#include "core/html/HTMLCollection.h"
#include "core/html/HTMLDialogElement.h"
#include "core/html/HTMLImageElement.h"
@@ -47,12 +51,10 @@
#include "core/html/forms/FormController.h"
#include "core/loader/FrameLoader.h"
#include "core/loader/FrameLoaderClient.h"
-#include "core/frame/DOMWindow.h"
-#include "core/frame/LocalFrame.h"
-#include "core/frame/UseCounter.h"
-#include "core/frame/csp/ContentSecurityPolicy.h"
+#include "core/loader/MixedContentChecker.h"
#include "core/rendering/RenderTextControl.h"
#include "platform/UserGestureIndicator.h"
+#include "wtf/text/AtomicString.h"
using namespace std;
@@ -791,4 +793,20 @@ void HTMLFormElement::setDemoted(bool demoted)
m_wasDemoted = demoted;
}
+void HTMLFormElement::attributeChanged(const QualifiedName& name, const AtomicString& newValue, AttributeModificationReason)
+{
+ Element::attributeChanged(name, newValue);
+ if (name == actionAttr) {
+ // If the new action attribute is pointing to insecure "action" location from a secure page
+ // it is marked as "passive" mixed content. In other words, it will just
+ // show a console warning unless the user override the preferences to
+ // block all mixed content.
+ KURL actionURL = getActionURL();
+ if (!document().frame()->loader().mixedContentChecker()->canSubmitToInsecureForm(document().securityOrigin(), actionURL))
+ Element::attributeChanged(name, AtomicString(""));
+ if (MixedContentChecker::isMixedContent(document().securityOrigin(), actionURL))
+ UseCounter::count(document(), UseCounter::MixedContentForm);
+ }
+}
+
} // namespace
« Source/core/html/HTMLFormElement.h ('K') | « Source/core/html/HTMLFormElement.h ('k') | Source/core/loader/MixedContentChecker.h » ('j') | Source/core/loader/MixedContentChecker.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698