Changeset 51977 in webkit
- Timestamp:
- Dec 10, 2009 7:12:04 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r51976 r51977 1 2009-12-10 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Darin Adler. 4 5 Mixed content shouldn't trigger for plug-ins without URLs 6 https://bugs.webkit.org/show_bug.cgi?id=32384 7 8 * http/tests/security/mixedContent/empty-url-plugin-in-frame-expected.txt: Added. 9 * http/tests/security/mixedContent/empty-url-plugin-in-frame.html: Added. 10 * http/tests/security/mixedContent/resources/frame-with-empty-url-plugin.html: Added. 11 1 12 2009-12-10 Oliver Hunt <oliver@apple.com> 2 13 -
trunk/WebCore/ChangeLog
r51973 r51977 1 2009-12-10 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Darin Adler. 4 5 Mixed content shouldn't trigger for plug-ins without URLs 6 https://bugs.webkit.org/show_bug.cgi?id=32384 7 8 These plug-ins cannot be controlled by active network attackers, so 9 there's no reason to trigger a mixed content warning. 10 11 Test: http/tests/security/mixedContent/empty-url-plugin-in-frame.html 12 13 * loader/FrameLoader.cpp: 14 (WebCore::FrameLoader::isMixedContent): 15 1 16 2009-12-10 Alexey Proskuryakov <ap@apple.com> 2 17 -
trunk/WebCore/loader/FrameLoader.cpp
r51924 r51977 1383 1383 return false; // We only care about HTTPS security origins. 1384 1384 1385 if ( url.protocolIs("https") || url.protocolIs("about") || url.protocolIs("data"))1385 if (!url.isValid() || url.protocolIs("https") || url.protocolIs("about") || url.protocolIs("data")) 1386 1386 return false; // Loading these protocols is secure. 1387 1387
Note: See TracChangeset
for help on using the changeset viewer.