Fixing the case where mixed content checking for insecure form submission in secure origins is brea…

Source/core/html/HTMLFormElement.cpp

Index: Source/core/html/HTMLFormElement.cpp
diff --git a/Source/core/html/HTMLFormElement.cpp b/Source/core/html/HTMLFormElement.cpp
index 8f5b8f24761c68d7ff4a629a174204a47721c5e6..8a17449f0268b7e2cf592c91e8282bf89fc24f08 100644
--- a/Source/core/html/HTMLFormElement.cpp
+++ b/Source/core/html/HTMLFormElement.cpp
@@ -503,8 +503,11 @@ void HTMLFormElement::parseAttribute(const QualifiedName& name, const AtomicStri
         // If the new action attribute is pointing to insecure "action" location from a secure page
         // it is marked as "passive" mixed content.
         KURL actionURL = document().completeURL(m_attributes.action().isEmpty() ? document().url().string() : m_attributes.action());
-        if (MixedContentChecker::isMixedContent(document().securityOrigin(), actionURL))
-            document().frame()->loader().mixedContentChecker()->canSubmitToInsecureForm(document().securityOrigin(), actionURL);
+        // Check if the DOM has a frame before checking mixed content (crbug/398066).

[jww, 2014/08/01 23:20:52]

It's clear that you're checking if the DOM has a frame from the code. Make this
comment more about the "why". Something like, "Blink needs to check if the DOM
has a frame because the mixed content checker assumes it has a frame. See bug
xxx."

[mhm, 2014/08/01 23:28:44]

Done.

+        if (document().frame()) {
+            if (MixedContentChecker::isMixedContent(document().securityOrigin(), actionURL))
+                document().frame()->loader().mixedContentChecker()->canSubmitToInsecureForm(document().securityOrigin(), actionURL);
+        }
     } else if (name == targetAttr)
         m_attributes.setTarget(value);
     else if (name == methodAttr)