Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(994)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/html/HTMLFormElement.cpp

Issue 431273006: Fixing the case where mixed content checking for insecure form submission in secure origins is brea… (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Addressing jww comments Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/http/tests/security/mixedContent/resources/frame-with-invisible-DOM-with-insecure-form.html ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/html/HTMLFormElement.cpp
diff --git a/Source/core/html/HTMLFormElement.cpp b/Source/core/html/HTMLFormElement.cpp
index 8f5b8f24761c68d7ff4a629a174204a47721c5e6..7009d157df6169944f38aedf880a3433ef7c96f3 100644
--- a/Source/core/html/HTMLFormElement.cpp
+++ b/Source/core/html/HTMLFormElement.cpp
@@ -503,8 +503,12 @@ void HTMLFormElement::parseAttribute(const QualifiedName& name, const AtomicStri
// If the new action attribute is pointing to insecure "action" location from a secure page
// it is marked as "passive" mixed content.
KURL actionURL = document().completeURL(m_attributes.action().isEmpty() ? document().url().string() : m_attributes.action());
- if (MixedContentChecker::isMixedContent(document().securityOrigin(), actionURL))
- document().frame()->loader().mixedContentChecker()->canSubmitToInsecureForm(document().securityOrigin(), actionURL);
+ // Blink needs to check if the form is associted with a frame because mixed content checker
jww 2014/08/01 23:35:42 Can you please wrap this comment to 80 characters?
adamk 2014/08/01 23:43:29 I don't think this comment is useful, the very nex
mhm 2014/08/02 00:08:52 Done.
mhm 2014/08/04 15:15:44 Done.
+ // assumes it has a fram. See bug 398066.
jww 2014/08/01 23:35:42 fram -> frame
mhm 2014/08/02 00:08:52 Done.
+ if (document().frame()) {
adamk 2014/08/01 23:43:28 Nit: if { if looks funny to me, please make this:
mhm 2014/08/04 15:15:44 Done.
+ if (MixedContentChecker::isMixedContent(document().securityOrigin(), actionURL))
+ document().frame()->loader().mixedContentChecker()->canSubmitToInsecureForm(document().securityOrigin(), actionURL);
+ }
} else if (name == targetAttr)
m_attributes.setTarget(value);
else if (name == methodAttr)
« no previous file with comments | « LayoutTests/http/tests/security/mixedContent/resources/frame-with-invisible-DOM-with-insecure-form.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698