Changeset 137450 in webkit
- Timestamp:
- Dec 12, 2012 4:01:24 AM (11 years ago)
- Location:
- trunk
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit2/ChangeLog
r137438 r137450 1 2012-12-12 Mario Sanchez Prada <mario@webkit.org> 2 3 [GTK][WK2] New API to detect display/execution of insecure content 4 https://bugs.webkit.org/show_bug.cgi?id=104578 5 6 Reviewed by Martin Robinson. 7 8 Added new API and documentation for detecting insecure content. 9 10 Implemented needed functions from C API's WKPageLoaderClient 11 12 * UIProcess/API/gtk/WebKitLoaderClient.cpp: 13 (didDisplayInsecureContentForFrame): Implemented. 14 (didRunInsecureContentForFrame): Ditto. 15 (attachLoaderClientToView): Added newly implemented functions. 16 17 Added new 'insecure-content-detected' signal to API. 18 19 * UIProcess/API/gtk/WebKitWebView.cpp: 20 (webkit_web_view_class_init): Installed new signal. 21 (webkitWebViewInsecureContentDetected): Helper function aded to 22 private API to emit the new signal from the page loader client. 23 * UIProcess/API/gtk/WebKitWebView.h: 24 (_WebKitWebViewClass): Added new signal. 25 26 * UIProcess/API/gtk/WebKitWebViewPrivate.h: Added prototype of the 27 new helper function webkitWebViewInsecureContentDetected(). 28 29 Added new unit tests. 30 31 * UIProcess/API/gtk/tests/TestSSL.cpp: 32 (testSSL): Updated to the new variable name for the https server. 33 (testInsecureContent): New unit test. 34 (httpsServerCallback): Renamed from serverCallback() and updated 35 to return HTML content linking to external resources in an 36 insecure (plain http) server, to be used by the new test. 37 (httpServerCallback): New callback for a new http server, that 38 will serve a script and an image when requested. 39 (beforeAll): Run the new http server, besides the https one. 40 (afterAll): Delete both the http and the https server. 41 42 Updated documentation with new API. 43 44 * UIProcess/API/gtk/docs/webkit2gtk-sections.txt: Added references 45 to the new WebKitInsecureContentEvent enum type. 46 1 47 2012-12-12 Huang Dongsung <luxtella@company100.net> 2 48 -
trunk/Source/WebKit2/UIProcess/API/gtk/WebKitLoaderClient.cpp
r136152 r137450 107 107 } 108 108 109 static void didDisplayInsecureContentForFrame(WKPageRef page, WKFrameRef frame, WKTypeRef userData, const void *clientInfo) 110 { 111 webkitWebViewInsecureContentDetected(WEBKIT_WEB_VIEW(clientInfo), WEBKIT_INSECURE_CONTENT_DISPLAYED); 112 } 113 114 static void didRunInsecureContentForFrame(WKPageRef page, WKFrameRef frame, WKTypeRef userData, const void *clientInfo) 115 { 116 webkitWebViewInsecureContentDetected(WEBKIT_WEB_VIEW(clientInfo), WEBKIT_INSECURE_CONTENT_RUN); 117 } 118 109 119 static void didChangeProgress(WKPageRef page, const void* clientInfo) 110 120 { … … 139 149 0, // didFirstVisuallyNonEmptyLayoutForFrame 140 150 0, // didRemoveFrameFromHierarchy 141 0, // didDisplayInsecureContentForFrame142 0, // didRunInsecureContentForFrame151 didDisplayInsecureContentForFrame, 152 didRunInsecureContentForFrame, 143 153 0, // canAuthenticateAgainstProtectionSpaceInFrame 144 154 didReceiveAuthenticationChallengeInFrame, -
trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebView.cpp
r136152 r137450 98 98 SUBMIT_FORM, 99 99 100 INSECURE_CONTENT_DETECTED, 101 100 102 LAST_SIGNAL 101 103 }; … … 1231 1233 G_TYPE_NONE, 1, 1232 1234 WEBKIT_TYPE_FORM_SUBMISSION_REQUEST); 1235 1236 /** 1237 * WebKitWebView::insecure-content-detected: 1238 * @web_view: the #WebKitWebView on which the signal is emitted 1239 * @event: the #WebKitInsecureContentEvent 1240 * 1241 * This signal is emitted when insecure content has been detected 1242 * in a page loaded through a secure connection. This typically 1243 * means that a external resource from an unstrusted source has 1244 * been run or displayed, resulting in a mix of HTTPS and 1245 * non-HTTPS content. 1246 * 1247 * You can check the @event parameter to know exactly which kind 1248 * of event has been detected (see #WebKitInsecureContentEvent). 1249 */ 1250 signals[INSECURE_CONTENT_DETECTED] = 1251 g_signal_new("insecure-content-detected", 1252 G_TYPE_FROM_CLASS(webViewClass), 1253 G_SIGNAL_RUN_LAST, 1254 G_STRUCT_OFFSET(WebKitWebViewClass, insecure_content_detected), 1255 0, 0, 1256 g_cclosure_marshal_VOID__ENUM, 1257 G_TYPE_NONE, 1, 1258 WEBKIT_TYPE_INSECURE_CONTENT_EVENT); 1233 1259 } 1234 1260 … … 1616 1642 webkitWebViewBaseAddAuthenticationDialog(WEBKIT_WEB_VIEW_BASE(webView), dialog); 1617 1643 dialog->show(); 1644 } 1645 1646 void webkitWebViewInsecureContentDetected(WebKitWebView* webView, WebKitInsecureContentEvent type) 1647 { 1648 g_signal_emit(webView, signals[INSECURE_CONTENT_DETECTED], 0, type); 1618 1649 } 1619 1650 -
trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebView.h
r132323 r137450 130 130 } WebKitSaveMode; 131 131 132 /** 133 * WebKitInsecureContentEvent: 134 * @WEBKIT_INSECURE_CONTENT_RUN: Insecure content has been detected by 135 * trying to execute any kind of logic (e.g. a script) from an 136 * untrusted source. 137 * @WEBKIT_INSECURE_CONTENT_DISPLAYED: Insecure content has been 138 * detected by trying to display any kind of resource (e.g. an image) 139 * from an untrusted source. 140 * 141 * Enum values used to denote the different events which can trigger 142 * the detection of insecure content. 143 */ 144 typedef enum { 145 WEBKIT_INSECURE_CONTENT_RUN, 146 WEBKIT_INSECURE_CONTENT_DISPLAYED 147 } WebKitInsecureContentEvent; 148 132 149 struct _WebKitWebView { 133 150 WebKitWebViewBase parent; … … 140 157 WebKitWebViewBaseClass parent; 141 158 142 void (* load_changed) (WebKitWebView *web_view, 143 WebKitLoadEvent load_event); 144 gboolean (* load_failed) (WebKitWebView *web_view, 145 WebKitLoadEvent load_event, 146 const gchar *failing_uri, 147 GError *error); 148 149 GtkWidget *(* create) (WebKitWebView *web_view); 150 void (* ready_to_show) (WebKitWebView *web_view); 151 void (* run_as_modal) (WebKitWebView *web_view); 152 void (* close) (WebKitWebView *web_view); 153 154 gboolean (* script_dialog) (WebKitWebView *web_view, 155 WebKitScriptDialog *dialog); 156 157 gboolean (* decide_policy) (WebKitWebView *web_view, 158 WebKitPolicyDecision *decision, 159 WebKitPolicyDecisionType type); 160 gboolean (* permission_request) (WebKitWebView *web_view, 161 WebKitPermissionRequest *permission_request); 162 void (* mouse_target_changed) (WebKitWebView *web_view, 163 WebKitHitTestResult *hit_test_result, 164 guint modifiers); 165 gboolean (* print) (WebKitWebView *web_view, 166 WebKitPrintOperation *print_operation); 167 void (* resource_load_started) (WebKitWebView *web_view, 168 WebKitWebResource *resource, 169 WebKitURIRequest *request); 170 gboolean (* enter_fullscreen) (WebKitWebView *web_view); 171 gboolean (* leave_fullscreen) (WebKitWebView *web_view); 172 gboolean (* run_file_chooser) (WebKitWebView *web_view, 173 WebKitFileChooserRequest *request); 174 gboolean (* context_menu) (WebKitWebView *web_view, 175 WebKitContextMenu *context_menu, 176 GdkEvent *event, 177 WebKitHitTestResult *hit_test_result); 178 void (* context_menu_dismissed) (WebKitWebView *web_view); 179 void (* submit_form) (WebKitWebView *web_view, 180 WebKitFormSubmissionRequest *request); 159 void (* load_changed) (WebKitWebView *web_view, 160 WebKitLoadEvent load_event); 161 gboolean (* load_failed) (WebKitWebView *web_view, 162 WebKitLoadEvent load_event, 163 const gchar *failing_uri, 164 GError *error); 165 166 GtkWidget *(* create) (WebKitWebView *web_view); 167 void (* ready_to_show) (WebKitWebView *web_view); 168 void (* run_as_modal) (WebKitWebView *web_view); 169 void (* close) (WebKitWebView *web_view); 170 171 gboolean (* script_dialog) (WebKitWebView *web_view, 172 WebKitScriptDialog *dialog) ; 173 174 gboolean (* decide_policy) (WebKitWebView *web_view, 175 WebKitPolicyDecision *decision, 176 WebKitPolicyDecisionType type); 177 gboolean (* permission_request) (WebKitWebView *web_view, 178 WebKitPermissionRequest *permission_request); 179 void (* mouse_target_changed) (WebKitWebView *web_view, 180 WebKitHitTestResult *hit_test_result, 181 guint modifiers); 182 gboolean (* print) (WebKitWebView *web_view, 183 WebKitPrintOperation *print_operation); 184 void (* resource_load_started) (WebKitWebView *web_view, 185 WebKitWebResource *resource, 186 WebKitURIRequest *request); 187 gboolean (* enter_fullscreen) (WebKitWebView *web_view); 188 gboolean (* leave_fullscreen) (WebKitWebView *web_view); 189 gboolean (* run_file_chooser) (WebKitWebView *web_view, 190 WebKitFileChooserRequest *request); 191 gboolean (* context_menu) (WebKitWebView *web_view, 192 WebKitContextMenu *context_menu, 193 GdkEvent *event, 194 WebKitHitTestResult *hit_test_result); 195 void (* context_menu_dismissed) (WebKitWebView *web_view); 196 void (* submit_form) (WebKitWebView *web_view, 197 WebKitFormSubmissionRequest *request); 198 void (* insecure_content_detected) (WebKitWebView *web_view, 199 WebKitInsecureContentEvent event); 181 200 182 201 /* Padding for future expansion */ -
trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebViewPrivate.h
r136152 r137450 57 57 void webkitWebViewSubmitFormRequest(WebKitWebView*, WebKitFormSubmissionRequest*); 58 58 void webkitWebViewHandleAuthenticationChallenge(WebKitWebView*, WebKit::AuthenticationChallengeProxy*); 59 void webkitWebViewInsecureContentDetected(WebKitWebView*, WebKitInsecureContentEvent); 59 60 60 61 #endif // WebKitWebViewPrivate_h -
trunk/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-sections.txt
r137192 r137450 69 69 WebKitPolicyDecisionType 70 70 WebKitSaveMode 71 WebKitInsecureContentEvent 71 72 72 73 <SUBSECTION Editing Commands> -
trunk/Source/WebKit2/UIProcess/API/gtk/tests/TestSSL.cpp
r130507 r137450 24 24 #include <gtk/gtk.h> 25 25 26 static WebKitTestServer* kServer; 26 static WebKitTestServer* kHttpsServer; 27 static WebKitTestServer* kHttpServer; 28 27 29 static const char* indexHTML = "<html><body>Testing WebKit2GTK+ SSL</body></htmll>"; 30 static const char* insecureContentHTML = "<html><script src=\"%s\"></script><body><p>Text + image <img src=\"%s\" align=\"right\"/></p></body></html>"; 28 31 29 32 class SSLTest: public LoadTrackingTest { … … 61 64 static void testSSL(SSLTest* test, gconstpointer) 62 65 { 63 test->loadURI(k Server->getURIForPath("/").data());66 test->loadURI(kHttpsServer->getURIForPath("/").data()); 64 67 test->waitUntilLoadFinished(); 65 68 g_assert(test->m_certificate); … … 76 79 } 77 80 78 static void serverCallback(SoupServer* server, SoupMessage* message, const char* path, GHashTable*, SoupClientContext*, gpointer) 81 class InsecureContentTest: public WebViewTest { 82 public: 83 MAKE_GLIB_TEST_FIXTURE(InsecureContentTest); 84 85 InsecureContentTest() 86 : m_insecureContentRun(false) 87 , m_insecureContentDisplayed(false) 88 { 89 g_signal_connect(m_webView, "insecure-content-detected", G_CALLBACK(insecureContentDetectedCallback), this); 90 } 91 92 static void insecureContentDetectedCallback(WebKitWebView* webView, WebKitInsecureContentEvent event, InsecureContentTest* test) 93 { 94 g_assert(webView == test->m_webView); 95 96 if (event == WEBKIT_INSECURE_CONTENT_RUN) 97 test->m_insecureContentRun = true; 98 99 if (event == WEBKIT_INSECURE_CONTENT_DISPLAYED) 100 test->m_insecureContentDisplayed = true; 101 } 102 103 bool m_insecureContentRun; 104 bool m_insecureContentDisplayed; 105 }; 106 107 static void testInsecureContent(InsecureContentTest* test, gconstpointer) 108 { 109 test->loadURI(kHttpsServer->getURIForPath("/insecure-content/").data()); 110 test->waitUntilLoadFinished(); 111 112 g_assert(test->m_insecureContentRun); 113 g_assert(test->m_insecureContentDisplayed); 114 } 115 116 static void httpsServerCallback(SoupServer* server, SoupMessage* message, const char* path, GHashTable*, SoupClientContext*, gpointer) 79 117 { 80 118 if (message->method != SOUP_METHOD_GET) { … … 87 125 soup_message_body_append(message->response_body, SOUP_MEMORY_STATIC, indexHTML, strlen(indexHTML)); 88 126 soup_message_body_complete(message->response_body); 127 } else if (g_str_equal(path, "/insecure-content/")) { 128 GOwnPtr<char> responseHTML(g_strdup_printf(insecureContentHTML, kHttpServer->getURIForPath("/test-script").data(), kHttpServer->getURIForPath("/test-image").data())); 129 soup_message_body_append(message->response_body, SOUP_MEMORY_COPY, responseHTML.get(), strlen(responseHTML.get())); 130 soup_message_set_status(message, SOUP_STATUS_OK); 131 soup_message_body_complete(message->response_body); 132 } else 133 soup_message_set_status(message, SOUP_STATUS_NOT_FOUND); 134 } 135 136 static void httpServerCallback(SoupServer* server, SoupMessage* message, const char* path, GHashTable*, SoupClientContext*, gpointer) 137 { 138 if (message->method != SOUP_METHOD_GET) { 139 soup_message_set_status(message, SOUP_STATUS_NOT_IMPLEMENTED); 140 return; 141 } 142 143 if (g_str_equal(path, "/test-script")) { 144 GOwnPtr<char> pathToFile(g_build_filename(Test::getResourcesDir().data(), "link-title.js", NULL)); 145 char* contents; 146 gsize length; 147 g_file_get_contents(pathToFile.get(), &contents, &length, 0); 148 149 soup_message_body_append(message->response_body, SOUP_MEMORY_TAKE, contents, length); 150 soup_message_set_status(message, SOUP_STATUS_OK); 151 soup_message_body_complete(message->response_body); 152 } else if (g_str_equal(path, "/test-image")) { 153 GOwnPtr<char> pathToFile(g_build_filename(Test::getWebKit1TestResoucesDir().data(), "blank.ico", NULL)); 154 char* contents; 155 gsize length; 156 g_file_get_contents(pathToFile.get(), &contents, &length, 0); 157 158 soup_message_body_append(message->response_body, SOUP_MEMORY_TAKE, contents, length); 159 soup_message_set_status(message, SOUP_STATUS_OK); 160 soup_message_body_complete(message->response_body); 89 161 } else 90 162 soup_message_set_status(message, SOUP_STATUS_NOT_FOUND); … … 93 165 void beforeAll() 94 166 { 95 kServer = new WebKitTestServer(WebKitTestServer::ServerHTTPS); 96 kServer->run(serverCallback); 167 kHttpsServer = new WebKitTestServer(WebKitTestServer::ServerHTTPS); 168 kHttpsServer->run(httpsServerCallback); 169 170 kHttpServer = new WebKitTestServer(WebKitTestServer::ServerHTTP); 171 kHttpServer->run(httpServerCallback); 97 172 98 173 SSLTest::add("WebKitWebView", "ssl", testSSL); 174 InsecureContentTest::add("WebKitWebView", "insecure-content", testInsecureContent); 99 175 } 100 176 101 177 void afterAll() 102 178 { 103 delete kServer; 179 delete kHttpsServer; 180 delete kHttpServer; 104 181 } -
trunk/Tools/ChangeLog
r137448 r137450 1 2012-12-12 Mario Sanchez Prada <mario@webkit.org> 2 3 [GTK][WK2] New API to detect display/execution of insecure content 4 https://bugs.webkit.org/show_bug.cgi?id=104578 5 6 Reviewed by Martin Robinson. 7 8 Add coding style exception for 'readability/enum_casing' in GTK. 9 10 The GTK+ API use upper case, underscore separated, words in 11 certain types of enums (e.g. signals, properties). 12 13 * Scripts/webkitpy/style/checker.py: Added exception, both for 14 WebKitGTK+ and WebKit2GTK+. 15 1 16 2012-12-12 Jochen Eisinger <jochen@chromium.org> 2 17 -
trunk/Tools/Scripts/webkitpy/style/checker.py
r137319 r137450 176 176 "-readability/parameter_name", 177 177 "-readability/null", 178 "-readability/enum_casing", 178 179 "-whitespace/parens"]), 180 181 ([# The GTK+ API use upper case, underscore separated, words in 182 # certain types of enums (e.g. signals, properties). 183 "Source/WebKit2/UIProcess/API/gtk"], 184 ["-readability/enum_casing"]), 185 179 186 ([# Header files in ForwardingHeaders have no header guards or 180 187 # exceptional header guards (e.g., WebCore_FWD_Debugger_h).
Note: See TracChangeset
for help on using the changeset viewer.