OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 16 matching lines...) Expand all Loading... |
27 */ | 27 */ |
28 | 28 |
29 #include "config.h" | 29 #include "config.h" |
30 #include "core/loader/MixedContentChecker.h" | 30 #include "core/loader/MixedContentChecker.h" |
31 | 31 |
32 #include "core/dom/Document.h" | 32 #include "core/dom/Document.h" |
33 #include "core/frame/LocalFrame.h" | 33 #include "core/frame/LocalFrame.h" |
34 #include "core/frame/Settings.h" | 34 #include "core/frame/Settings.h" |
35 #include "core/frame/UseCounter.h" | 35 #include "core/frame/UseCounter.h" |
36 #include "core/inspector/ConsoleMessage.h" | 36 #include "core/inspector/ConsoleMessage.h" |
| 37 #include "core/loader/DocumentLoader.h" |
37 #include "core/loader/FrameLoader.h" | 38 #include "core/loader/FrameLoader.h" |
38 #include "core/loader/FrameLoaderClient.h" | 39 #include "core/loader/FrameLoaderClient.h" |
39 #include "platform/RuntimeEnabledFeatures.h" | 40 #include "platform/RuntimeEnabledFeatures.h" |
40 #include "platform/weborigin/SchemeRegistry.h" | 41 #include "platform/weborigin/SchemeRegistry.h" |
41 #include "platform/weborigin/SecurityOrigin.h" | 42 #include "platform/weborigin/SecurityOrigin.h" |
42 #include "public/platform/Platform.h" | 43 #include "public/platform/Platform.h" |
43 #include "wtf/text/StringBuilder.h" | 44 #include "wtf/text/StringBuilder.h" |
44 | 45 |
45 namespace blink { | 46 namespace blink { |
46 | 47 |
(...skipping 290 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
337 FrameLoaderClient* client = effectiveFrame->loader().client(); | 338 FrameLoaderClient* client = effectiveFrame->loader().client(); |
338 client->didDisplayInsecureContent(); | 339 client->didDisplayInsecureContent(); |
339 | 340 |
340 String message = String::format( | 341 String message = String::format( |
341 "Mixed Content: The page at '%s' was loaded over HTTPS, but contains a f
orm whose 'action' attribute is '%s'. This form should not submit data to insecu
re endpoints.", | 342 "Mixed Content: The page at '%s' was loaded over HTTPS, but contains a f
orm whose 'action' attribute is '%s'. This form should not submit data to insecu
re endpoints.", |
342 effectiveFrame->document()->url().elidedString().utf8().data(), url.elid
edString().utf8().data()); | 343 effectiveFrame->document()->url().elidedString().utf8().data(), url.elid
edString().utf8().data()); |
343 effectiveFrame->document()->addConsoleMessage(ConsoleMessage::create(Securit
yMessageSource, WarningMessageLevel, message)); | 344 effectiveFrame->document()->addConsoleMessage(ConsoleMessage::create(Securit
yMessageSource, WarningMessageLevel, message)); |
344 return true; | 345 return true; |
345 } | 346 } |
346 | 347 |
| 348 void MixedContentChecker::checkMixedPrivatePublic(LocalFrame* frame, const Atomi
cString& resourceIPAddress) |
| 349 { |
| 350 if (!frame || !frame->document() || !frame->document()->loader()) |
| 351 return; |
| 352 |
| 353 KURL documentIP(ParsedURLString, "http://" + frame->document()->loader()->re
sponse().remoteIPAddress()); |
| 354 KURL resourceIP(ParsedURLString, "http://" + resourceIPAddress); |
| 355 |
| 356 // Just count these for the moment, don't block them. |
| 357 // |
| 358 // FIXME: Once we know how we want to check this, adjust the platform APIs t
o avoid the KURL construction. |
| 359 if (Platform::current()->isReservedIPAddress(resourceIP) && !Platform::curre
nt()->isReservedIPAddress(documentIP)) |
| 360 UseCounter::count(frame->document(), UseCounter::MixedContentPrivateHost
nameInPublicHostname); |
| 361 } |
| 362 |
347 } // namespace blink | 363 } // namespace blink |
OLD | NEW |