Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(536)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/html/HTMLFormElement.cpp

Issue 431273006: Fixing the case where mixed content checking for insecure form submission in secure origins is brea… (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Addressing adamk comments Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/security/mixedContent/resources/frame-with-invisible-DOM-with-insecure-form.html ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserv ed. 5 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserv ed.
6 * (C) 2006 Alexey Proskuryakov (ap@nypop.com) 6 * (C) 2006 Alexey Proskuryakov (ap@nypop.com)
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Library General Public 9 * modify it under the terms of the GNU Library General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 484 matching lines...) Expand 10 before | Expand all | Expand 10 after
495 m_pendingAutocompleteEventsQueue->enqueueEvent(event.release()); 495 m_pendingAutocompleteEventsQueue->enqueueEvent(event.release());
496 } 496 }
497 497
498 void HTMLFormElement::parseAttribute(const QualifiedName& name, const AtomicStri ng& value) 498 void HTMLFormElement::parseAttribute(const QualifiedName& name, const AtomicStri ng& value)
499 { 499 {
500 if (name == actionAttr) { 500 if (name == actionAttr) {
501 m_attributes.parseAction(value); 501 m_attributes.parseAction(value);
502 // If the new action attribute is pointing to insecure "action" location from a secure page 502 // If the new action attribute is pointing to insecure "action" location from a secure page
503 // it is marked as "passive" mixed content. 503 // it is marked as "passive" mixed content.
504 KURL actionURL = document().completeURL(m_attributes.action().isEmpty() ? document().url().string() : m_attributes.action()); 504 KURL actionURL = document().completeURL(m_attributes.action().isEmpty() ? document().url().string() : m_attributes.action());
505 if (MixedContentChecker::isMixedContent(document().securityOrigin(), act ionURL)) 505 if (document().frame() && MixedContentChecker::isMixedContent(document() .securityOrigin(), actionURL))
506 document().frame()->loader().mixedContentChecker()->canSubmitToInsec ureForm(document().securityOrigin(), actionURL); 506 document().frame()->loader().mixedContentChecker()->canSubmitToInsec ureForm(document().securityOrigin(), actionURL);
507 } else if (name == targetAttr) 507 } else if (name == targetAttr)
508 m_attributes.setTarget(value); 508 m_attributes.setTarget(value);
509 else if (name == methodAttr) 509 else if (name == methodAttr)
510 m_attributes.updateMethodType(value); 510 m_attributes.updateMethodType(value);
511 else if (name == enctypeAttr) 511 else if (name == enctypeAttr)
512 m_attributes.updateEncodingType(value); 512 m_attributes.updateEncodingType(value);
513 else if (name == accept_charsetAttr) 513 else if (name == accept_charsetAttr)
514 m_attributes.setAcceptCharset(value); 514 m_attributes.setAcceptCharset(value);
515 else if (name == onautocompleteAttr) 515 else if (name == onautocompleteAttr)
(...skipping 310 matching lines...) Expand 10 before | Expand all | Expand 10 after
826 } 826 }
827 827
828 void HTMLFormElement::setDemoted(bool demoted) 828 void HTMLFormElement::setDemoted(bool demoted)
829 { 829 {
830 if (demoted) 830 if (demoted)
831 UseCounter::count(document(), UseCounter::DemotedFormElement); 831 UseCounter::count(document(), UseCounter::DemotedFormElement);
832 m_wasDemoted = demoted; 832 m_wasDemoted = demoted;
833 } 833 }
834 834
835 } // namespace 835 } // namespace
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/mixedContent/resources/frame-with-invisible-DOM-with-insecure-form.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698