Changeset 89155 in webkit
- Timestamp:
- Jun 17, 2011 12:11:14 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r89154 r89155 1 2011-06-17 Chris Evans <cevans@chromium.org> 2 3 Reviewed by Adam Barth. 4 5 Detect mixed-scripting involving https -> http redirects 6 https://bugs.webkit.org/show_bug.cgi?id=62846 7 8 * http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt: Update expectation. 9 * http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html: Remove FIXME as the test is now working as expected. 10 1 11 2011-06-12 Robert Hogan <robert@webkit.org> 2 12 -
trunk/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt
r48284 r89155 2 2 main frame - didFinishDocumentLoadForFrame 3 3 frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame 4 CONSOLE MESSAGE: line 1: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-https-to-http-script.html ran insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js. 5 6 didRunInsecureContent 4 7 frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame 5 8 frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame … … 9 12 This test loads a secure iframe that loads an insecure script (but with a tricky redirect). We should trigger a mixed content callback because an active network attacker can end up controling the script. 10 13 11 FIXME: This test current does not trigger a mixed content callback!12 14 13 -
trunk/LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html
r48284 r89155 10 10 tricky redirect). We should trigger a mixed content callback because an active 11 11 network attacker can end up controling the script.</p> 12 13 <p>FIXME: This test current does not trigger a mixed content callback!</p>14 12 <iframe src="https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-https-to-http-script.html"; 15 13 ></iframe> -
trunk/Source/WebCore/ChangeLog
r89154 r89155 1 2011-06-17 Chris Evans <cevans@chromium.org> 2 3 Reviewed by Adam Barth. 4 5 Detect mixed-scripting involving https -> http redirects 6 https://bugs.webkit.org/show_bug.cgi?id=62846 7 8 Test: http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html 9 10 * loader/cache/CachedResourceLoader.cpp: 11 (WebCore::CachedResourceLoader::checkInsecureContent): 12 (WebCore::CachedResourceLoader::canRequest): break out insecure content logic. 13 * loader/cache/CachedResourceLoader.h: 14 * loader/cache/CachedResourceRequest.cpp: 15 (WebCore::CachedResourceRequest::willSendRequest): check the redirect target for possible insecure content issues. 16 1 17 2011-06-12 Robert Hogan <robert@webkit.org> 2 18 -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp
r88391 r89155 200 200 #endif 201 201 202 bool CachedResourceLoader::checkInsecureContent(CachedResource::Type type, const KURL& url) const 203 { 204 switch (type) { 205 case CachedResource::Script: 206 #if ENABLE(XSLT) 207 case CachedResource::XSLStyleSheet: 208 #endif 209 case CachedResource::CSSStyleSheet: 210 // These resource can inject script into the current document (Script, 211 // XSL) or exfiltrate the content of the current document (CSS). 212 if (Frame* f = frame()) 213 if (!f->loader()->checkIfRunInsecureContent(m_document->securityOrigin(), url)) 214 return false; 215 break; 216 case CachedResource::ImageResource: 217 case CachedResource::FontResource: { 218 // These resources can corrupt only the frame's pixels. 219 if (Frame* f = frame()) { 220 Frame* top = f->tree()->top(); 221 if (!top->loader()->checkIfDisplayInsecureContent(top->document()->securityOrigin(), url)) 222 return false; 223 } 224 break; 225 } 226 #if ENABLE(LINK_PREFETCH) 227 case CachedResource::LinkPrefetch: 228 case CachedResource::LinkPrerender: 229 case CachedResource::LinkSubresource: 230 // Prefetch cannot affect the current document. 231 break; 232 #endif 233 } 234 return true; 235 } 236 202 237 bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url, bool forPreload) 203 238 { … … 238 273 // check whether the load passes the mixed-content policy. 239 274 // 240 // Note: Currently, we always allow mixed content, but we generate a241 // callback to the FrameLoaderClient in case the embedder wants to242 // update any security indicators.243 //244 275 // FIXME: Should we consider forPreload here? 245 // 246 switch (type) { 247 case CachedResource::Script: 248 #if ENABLE(XSLT) 249 case CachedResource::XSLStyleSheet: 250 #endif 251 case CachedResource::CSSStyleSheet: 252 // These resource can inject script into the current document (Script, 253 // XSL) or exfiltrate the content of the current document (CSS). 254 if (Frame* f = frame()) 255 if (!f->loader()->checkIfRunInsecureContent(m_document->securityOrigin(), url)) 256 return false; 257 break; 258 case CachedResource::ImageResource: 259 case CachedResource::FontResource: { 260 // These resources can corrupt only the frame's pixels. 261 if (Frame* f = frame()) { 262 Frame* top = f->tree()->top(); 263 if (!top->loader()->checkIfDisplayInsecureContent(top->document()->securityOrigin(), url)) 264 return false; 265 } 266 break; 267 } 268 #if ENABLE(LINK_PREFETCH) 269 case CachedResource::LinkPrefetch: 270 case CachedResource::LinkPrerender: 271 case CachedResource::LinkSubresource: 272 // Prefetch cannot affect the current document. 273 break; 274 #endif 275 } 276 if (!checkInsecureContent(type, url)) 277 return false; 278 276 279 // FIXME: Consider letting the embedder block mixed content loads. 277 280 -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.h
r88391 r89155 103 103 void checkForPendingPreloads(); 104 104 void printPreloadStats(); 105 bool checkInsecureContent(CachedResource::Type, const KURL&) const; 105 106 106 107 private: -
trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp
r88391 r89155 135 135 } 136 136 137 void CachedResourceRequest::willSendRequest(SubresourceLoader*, ResourceRequest&, const ResourceResponse&) 138 { 137 void CachedResourceRequest::willSendRequest(SubresourceLoader* loader, ResourceRequest& req, const ResourceResponse&) 138 { 139 if (!m_cachedResourceLoader->checkInsecureContent(m_resource->type(), req.url())) { 140 loader->cancel(); 141 return; 142 } 139 143 m_resource->setRequestedFromNetworkingLayer(); 140 144 }
Note: See TracChangeset
for help on using the changeset viewer.