https://bugs.webkit.org/show_bug.cgi?id=59367
Patch by Simon Pena <spena@igalia.com> on 2012-04-03
Reviewed by Philippe Normand.
Source/WebKit/gtk:
Add a new signal "insecure-content-run" to the WebFrame to notify
when insecure HTTP content (such as CSS, an iframe or a script) is
run from a secure HTTPS WebFrame. Implement didRunInsecureContent
in gtk's FrameLoaderClient by means of emitting that signal.
* WebCoreSupport/FrameLoaderClientGtk.cpp: Implement
didRunInsecureContent by emitting WebFrame's
"insecure-content-run" signal
(WebKit::FrameLoaderClient::didRunInsecureContent):
* webkit/webkitwebframe.cpp: Add "insecure-content-run" signal
(webkit_web_frame_class_init):
Tools:
Connect DumpRenderTree to WebFrame's "insecure-content-run", in both
the main WebFrame or any other WebFrame created later. Added
"didRunInsecureContent" notification in the callback in order to
get the LayoutTests passing.
* DumpRenderTree/gtk/DumpRenderTree.cpp: Connect
to WebFrame's "insecure-content-run" signal and add
didRunInsecureContent notification in the callback to get the
LayoutTests passing.
(didRunInsecureContent):
(createWebView):
LayoutTests:
Unskip tests as new API is added to detect when a secure HTTPS page
loads content (such as CSS, images, iframes or a script) from
a non-secure HTTP origin.
* platform/gtk/Skipped: Unskip insecure-css-in-main-frame,
insecure-css-in-iframe, insecure-image-in-main-frame,
insecure-script-in-iframe, insecure-plugin-in-iframe,
redirect-http-to-https-script-in-iframe and
redirect-https-to-http-script-in-iframe since they pass after the
new API has been added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@113001
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2012-04-03 Simon Pena <spena@igalia.com>
+
+ [GTK] DRT missing didRunInsecureContent notification
+ https://bugs.webkit.org/show_bug.cgi?id=59367
+
+ Reviewed by Philippe Normand.
+
+ Unskip tests as new API is added to detect when a secure HTTPS page
+ loads content (such as CSS, images, iframes or a script) from
+ a non-secure HTTP origin.
+
+ * platform/gtk/Skipped: Unskip insecure-css-in-main-frame,
+ insecure-css-in-iframe, insecure-image-in-main-frame,
+ insecure-script-in-iframe, insecure-plugin-in-iframe,
+ redirect-http-to-https-script-in-iframe and
+ redirect-https-to-http-script-in-iframe since they pass after the
+ new API has been added.
+
2012-04-03 János Badics <jbadics@inf.u-szeged.hu>
[Qt] Unreviewed gardening after r112954.
http/tests/plugins/npapi-response-headers.html
http/tests/security/feed-urls-from-remote.html
-http/tests/security/mixedContent/insecure-css-in-main-frame.html
http/tests/security/mixedContent/insecure-iframe-in-main-frame.html
-http/tests/security/mixedContent/insecure-image-in-main-frame.html
-http/tests/security/mixedContent/insecure-script-in-iframe.html
http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame.html
-http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe.html
http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame.html
http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body.html
http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-allow.html
editing/selection/move-left-right.html
# Probably related to https://bugs.webkit.org/show_bug.cgi?id=27637
-http/tests/security/mixedContent/insecure-plugin-in-iframe.html
http/tests/loading/basic-auth-resend-wrong-credentials.html
# https://bugs.webkit.org/show_bug.cgi?id=30620
# https://bugs.webkit.org/show_bug.cgi?id=58526
http/tests/loading/onload-vs-immediate-refresh.pl
-# https://bugs.webkit.org/show_bug.cgi?id=59367
-# DRT missing didRunInsecureContent notification
-http/tests/security/mixedContent/insecure-css-in-main-frame.html
-
# GTK+ does not have layoutTestController.setDomainRelaxationForbiddenForURLScheme
http/tests/security/setDomainRelaxationForbiddenForURLScheme.html
# New failure after http://trac.webkit.org/changeset/53758
# https://bugs.webkit.org/show_bug.cgi?id=71465
http/tests/security/xssAuditor/script-tag-with-callbacks.html
-# DRT missing didRunInsecureContent notification
-# https://bugs.webkit.org/show_bug.cgi?id=59367
-http/tests/security/mixedContent/insecure-css-in-iframe.html
-http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html
-
# ASSERT(!needsLayout()) in frame flattening test
# https://bugs.webkit.org/show_bug.cgi?id=80155
fast/frames/flattening/iframe-flattening-nested.html
+2012-04-03 Simon Pena <spena@igalia.com>
+
+ [GTK] DRT missing didRunInsecureContent notification
+ https://bugs.webkit.org/show_bug.cgi?id=59367
+
+ Reviewed by Philippe Normand.
+
+ Add a new signal "insecure-content-run" to the WebFrame to notify
+ when insecure HTTP content (such as CSS, an iframe or a script) is
+ run from a secure HTTPS WebFrame. Implement didRunInsecureContent
+ in gtk's FrameLoaderClient by means of emitting that signal.
+
+ * WebCoreSupport/FrameLoaderClientGtk.cpp: Implement
+ didRunInsecureContent by emitting WebFrame's
+ "insecure-content-run" signal
+ (WebKit::FrameLoaderClient::didRunInsecureContent):
+ * webkit/webkitwebframe.cpp: Add "insecure-content-run" signal
+ (webkit_web_frame_class_init):
+
2012-03-30 Mark Pilgrim <pilgrim@chromium.org>
GEOLOCATION should be implemented as Page Supplement
#include "webkitnetworkrequestprivate.h"
#include "webkitnetworkresponse.h"
#include "webkitnetworkresponseprivate.h"
+#include "webkitsecurityoriginprivate.h"
#include "webkitviewportattributes.h"
#include "webkitviewportattributesprivate.h"
#include "webkitwebdatasourceprivate.h"
notImplemented();
}
-void FrameLoaderClient::didRunInsecureContent(SecurityOrigin*, const KURL&)
+void FrameLoaderClient::didRunInsecureContent(SecurityOrigin* coreOrigin, const KURL& url)
{
- notImplemented();
+ g_signal_emit_by_name(m_frame, "insecure-content-run", kit(coreOrigin), url.string().utf8().data());
}
void FrameLoaderClient::didDetectXSS(const KURL&, bool)
RESOURCE_LOAD_FINISHED,
RESOURCE_CONTENT_LENGTH_RECEIVED,
RESOURCE_LOAD_FAILED,
+ INSECURE_CONTENT_RUN,
LAST_SIGNAL
};
WEBKIT_TYPE_WEB_RESOURCE,
G_TYPE_POINTER);
+ /**
+ * WebKitWebFrame::insecure-content-run:
+ * @web_frame: the #WebKitWebFrame the response was received for.
+ * @security_origin: the #WebKitSecurityOrigin.
+ * @url: the url of the insecure content.
+ *
+ * Invoked when insecure content is run from a secure page. This happens
+ * when a page loaded via HTTPS loads a stylesheet, script, image or
+ * iframe from an unencrypted HTTP URL.
+ *
+ * Since: 1.10.0
+ */
+ webkit_web_frame_signals[INSECURE_CONTENT_RUN] = g_signal_new("insecure-content-run",
+ G_TYPE_FROM_CLASS(frameClass),
+ G_SIGNAL_RUN_LAST,
+ 0,
+ 0, 0,
+ webkit_marshal_VOID__OBJECT_STRING,
+ G_TYPE_NONE, 2,
+ WEBKIT_TYPE_SECURITY_ORIGIN,
+ G_TYPE_STRING);
+
/*
* implementations of virtual methods
*/
+2012-04-03 Simon Pena <spena@igalia.com>
+
+ [GTK] DRT missing didRunInsecureContent notification
+ https://bugs.webkit.org/show_bug.cgi?id=59367
+
+ Reviewed by Philippe Normand.
+
+ Connect DumpRenderTree to WebFrame's "insecure-content-run", in both
+ the main WebFrame or any other WebFrame created later. Added
+ "didRunInsecureContent" notification in the callback in order to
+ get the LayoutTests passing.
+
+ * DumpRenderTree/gtk/DumpRenderTree.cpp: Connect
+ to WebFrame's "insecure-content-run" signal and add
+ didRunInsecureContent notification in the callback to get the
+ LayoutTests passing.
+ (didRunInsecureContent):
+ (createWebView):
+
2012-04-03 Raphael Kubo da Costa <rakuco@FreeBSD.org>
rebaseline-server: Make it possible to not launch a browser with the server.
static void runTest(const string& testPathOrURL);
+static void didRunInsecureContent(WebKitWebFrame*, WebKitSecurityOrigin*, const char* url);
+
static bool shouldLogFrameLoadDelegates(const string& pathOrURL)
{
return pathOrURL.find("loading/") != string::npos;
static void frameCreatedCallback(WebKitWebView* webView, WebKitWebFrame* webFrame, gpointer user_data)
{
g_signal_connect(webFrame, "notify::load-status", G_CALLBACK(webFrameLoadStatusNotified), NULL);
+ g_signal_connect(webFrame, "insecure-content-run", G_CALLBACK(didRunInsecureContent), NULL);
}
}
}
+static void didRunInsecureContent(WebKitWebFrame*, WebKitSecurityOrigin*, const char* url)
+{
+ if (!done && gLayoutTestController->dumpFrameLoadCallbacks())
+ printf("didRunInsecureContent\n");
+}
+
static WebKitWebView* createWebView()
{
// It is important to declare DRT is running early so when creating
// frame-created is not issued for main frame. That's why we must do this here
WebKitWebFrame* frame = webkit_web_view_get_main_frame(view);
g_signal_connect(frame, "notify::load-status", G_CALLBACK(webFrameLoadStatusNotified), NULL);
+ g_signal_connect(frame, "insecure-content-run", G_CALLBACK(didRunInsecureContent), NULL);
return view;
}