зеркало из https://github.com/mozilla/gecko-dev.git
Bug 822367 - Add mixed display flags to the document. Add mixed display and mixed active states to nsIWebProgressListener and use them in nsMixedContentBlocker. r=smaug
This commit is contained in:
Tanvi Vyas
Родитель
d6b239c286
Коммит
543b556acf
|
|
@ -462,6 +462,38 @@ public:
|
|||
mHasMixedActiveContentBlocked = aHasMixedActiveContentBlocked;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the has mixed display content loaded flag for this document.
|
||||
*/
|
||||
bool GetHasMixedDisplayContentLoaded()
|
||||
{
|
||||
return mHasMixedDisplayContentLoaded;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the has mixed display content loaded flag for this document.
|
||||
*/
|
||||
void SetHasMixedDisplayContentLoaded(bool aHasMixedDisplayContentLoaded)
|
||||
{
|
||||
mHasMixedDisplayContentLoaded = aHasMixedDisplayContentLoaded;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get mixed display content blocked flag for this document.
|
||||
*/
|
||||
bool GetHasMixedDisplayContentBlocked()
|
||||
{
|
||||
return mHasMixedDisplayContentBlocked;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the mixed display content blocked flag for this document.
|
||||
*/
|
||||
void SetHasMixedDisplayContentBlocked(bool aHasMixedDisplayContentBlocked)
|
||||
{
|
||||
mHasMixedDisplayContentBlocked = aHasMixedDisplayContentBlocked;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the sandbox flags for this document.
|
||||
* @see nsSandboxFlags.h for the possible flags
|
||||
|
|
@ -2184,6 +2216,12 @@ protected:
|
|||
// True if a document has blocked Mixed Active Script (see nsMixedContentBlocker.cpp)
|
||||
bool mHasMixedActiveContentBlocked;
|
||||
|
||||
// True if a document has loaded Mixed Display/Passive Content (see nsMixedContentBlocker.cpp)
|
||||
bool mHasMixedDisplayContentLoaded;
|
||||
|
||||
// True if a document has blocked Mixed Display/Passive Content (see nsMixedContentBlocker.cpp)
|
||||
bool mHasMixedDisplayContentBlocked;
|
||||
|
||||
// True if DisallowBFCaching has been called on this document.
|
||||
bool mBFCacheDisallowed;
|
||||
|
||||
|
|
|
|||
|
|
@ -81,16 +81,24 @@ public:
|
|||
}
|
||||
rootDoc->SetHasMixedActiveContentLoaded(true);
|
||||
|
||||
// Update the security UI in the tab with the allowed mixed content
|
||||
// Update the security UI in the tab with the allowed mixed active content
|
||||
nsCOMPtr<nsISecurityEventSink> eventSink = do_QueryInterface(docShell);
|
||||
if (eventSink) {
|
||||
eventSink->OnSecurityChange(mContext, nsIWebProgressListener::STATE_IS_BROKEN);
|
||||
eventSink->OnSecurityChange(mContext, (nsIWebProgressListener::STATE_IS_BROKEN | nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT));
|
||||
}
|
||||
|
||||
} else {
|
||||
if (mType == eMixedDisplay) {
|
||||
//Do Nothing for now; state will already be set STATE_IS_BROKEN
|
||||
}
|
||||
} else if (mType == eMixedDisplay) {
|
||||
// See if the pref will change here. If it will, only then do we need to call OnSecurityChange() to update the UI.
|
||||
if (rootDoc->GetHasMixedDisplayContentLoaded()) {
|
||||
return NS_OK;
|
||||
}
|
||||
rootDoc->SetHasMixedDisplayContentLoaded(true);
|
||||
|
||||
// Update the security UI in the tab with the allowed mixed display content.
|
||||
nsCOMPtr<nsISecurityEventSink> eventSink = do_QueryInterface(docShell);
|
||||
if (eventSink) {
|
||||
eventSink->OnSecurityChange(mContext, (nsIWebProgressListener::STATE_IS_BROKEN | nsIWebProgressListener::STATE_LOADED_MIXED_DISPLAY_CONTENT));
|
||||
}
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
|
|
@ -350,15 +358,33 @@ nsMixedContentBlocker::ShouldLoad(uint32_t aContentType,
|
|||
nsCOMPtr<nsIDocument> rootDoc = do_GetInterface(sameTypeRoot);
|
||||
NS_ASSERTION(rootDoc, "No root document from document shell root tree item.");
|
||||
|
||||
// Get eventSink and the current security state from the docShell
|
||||
nsCOMPtr<nsISecurityEventSink> eventSink = do_QueryInterface(docShell);
|
||||
NS_ASSERTION(eventSink, "No eventSink from docShell.");
|
||||
nsCOMPtr<nsIDocShell> rootShell = do_GetInterface(sameTypeRoot);
|
||||
NS_ASSERTION(rootShell, "No root docshell from document shell root tree item.");
|
||||
uint32_t State = nsIWebProgressListener::STATE_IS_BROKEN;
|
||||
nsCOMPtr<nsISecureBrowserUI> SecurityUI;
|
||||
rootShell->GetSecurityUI(getter_AddRefs(SecurityUI));
|
||||
NS_ASSERTION(SecurityUI, "No SecurityUI from the root docShell.");
|
||||
nsresult stateRV = SecurityUI->GetState(&State);
|
||||
|
||||
// If the content is display content, and the pref says display content should be blocked, block it.
|
||||
if (sBlockMixedDisplay && classification == eMixedDisplay) {
|
||||
if (allowMixedContent) {
|
||||
*aDecision = nsIContentPolicy::ACCEPT;
|
||||
rootDoc->SetHasMixedActiveContentLoaded(true);
|
||||
} else {
|
||||
*aDecision = nsIContentPolicy::REJECT_REQUEST;
|
||||
}
|
||||
return NS_OK;
|
||||
if (allowMixedContent) {
|
||||
*aDecision = nsIContentPolicy::ACCEPT;
|
||||
rootDoc->SetHasMixedActiveContentLoaded(true);
|
||||
if (!rootDoc->GetHasMixedDisplayContentLoaded() && NS_SUCCEEDED(stateRV)) {
|
||||
eventSink->OnSecurityChange(aRequestingContext, (State | nsIWebProgressListener::STATE_LOADED_MIXED_DISPLAY_CONTENT));
|
||||
}
|
||||
} else {
|
||||
*aDecision = nsIContentPolicy::REJECT_REQUEST;
|
||||
if (!rootDoc->GetHasMixedDisplayContentBlocked() && NS_SUCCEEDED(stateRV)) {
|
||||
eventSink->OnSecurityChange(aRequestingContext, (State | nsIWebProgressListener::STATE_BLOCKED_MIXED_DISPLAY_CONTENT));
|
||||
}
|
||||
}
|
||||
return NS_OK;
|
||||
|
||||
} else if (sBlockMixedScript && classification == eMixedScript) {
|
||||
// If the content is active content, and the pref says active content should be blocked, block it
|
||||
// unless the user has choosen to override the pref
|
||||
|
|
@ -369,44 +395,39 @@ nsMixedContentBlocker::ShouldLoad(uint32_t aContentType,
|
|||
return NS_OK;
|
||||
}
|
||||
rootDoc->SetHasMixedActiveContentLoaded(true);
|
||||
|
||||
if (rootHasSecureConnection) {
|
||||
// User has decided to override the pref and the root is https, so change the Security State.
|
||||
if (rootDoc->GetHasMixedDisplayContentLoaded()) {
|
||||
// If mixed display content is loaded, make sure to include that in the state.
|
||||
eventSink->OnSecurityChange(aRequestingContext, (nsIWebProgressListener::STATE_IS_BROKEN | nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT | nsIWebProgressListener::STATE_LOADED_MIXED_DISPLAY_CONTENT));
|
||||
} else {
|
||||
eventSink->OnSecurityChange(aRequestingContext, (nsIWebProgressListener::STATE_IS_BROKEN | nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT));
|
||||
}
|
||||
return NS_OK;
|
||||
} else {
|
||||
// User has already overriden the pref and the root is not https;
|
||||
// mixed content was allowed on an https subframe.
|
||||
if (NS_SUCCEEDED(stateRV)) {
|
||||
eventSink->OnSecurityChange(aRequestingContext, (State | nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT));
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
} else {
|
||||
//User has not overriden the pref by Disabling protection. Reject the request and update the security state.
|
||||
*aDecision = nsIContentPolicy::REJECT_REQUEST;
|
||||
// See if the pref will change here. If it will, only then do we need to call OnSecurityChange() to update the UI.
|
||||
if (rootDoc->GetHasMixedActiveContentBlocked()) {
|
||||
return NS_OK;
|
||||
}
|
||||
rootDoc->SetHasMixedActiveContentBlocked(true);
|
||||
}
|
||||
|
||||
// Call eventsink to invoke the Mixed Content UI if it should change based on this load.
|
||||
nsCOMPtr<nsISecurityEventSink> eventSink = do_QueryInterface(docShell);
|
||||
if (eventSink) {
|
||||
if (!allowMixedContent) {
|
||||
// The user has not overriden the pref, so make sure they still have an option by calling eventSink
|
||||
// which will invoke the doorhanger
|
||||
nsCOMPtr<nsIDocShell> rootShell = do_GetInterface(sameTypeRoot);
|
||||
NS_ASSERTION(rootShell, "No root docshell from document shell root tree item.");
|
||||
uint32_t State;
|
||||
nsCOMPtr<nsISecureBrowserUI> SecurityUI;
|
||||
rootShell->GetSecurityUI(getter_AddRefs(SecurityUI));
|
||||
if (SecurityUI) {
|
||||
nsresult rv = SecurityUI->GetState(&State);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
eventSink->OnSecurityChange(aRequestingContext, State);
|
||||
}
|
||||
}
|
||||
return NS_OK;
|
||||
} else if (rootHasSecureConnection) {
|
||||
// User has decided to override the pref and the root is https, so change the Security State.
|
||||
eventSink->OnSecurityChange(aRequestingContext, nsIWebProgressListener::STATE_IS_BROKEN);
|
||||
return NS_OK;
|
||||
} else if (!rootHasSecureConnection) {
|
||||
// User has already overriden the pref and the root is not https;
|
||||
// mixed content was allowed on an https subframe.
|
||||
// In this case, we do nothing since we don't need a doorhanger and we don't want
|
||||
// to change the Security UI of an http page
|
||||
return NS_OK;
|
||||
}
|
||||
// The user has not overriden the pref, so make sure they still have an option by calling eventSink
|
||||
// which will invoke the doorhanger
|
||||
if (NS_SUCCEEDED(stateRV)) {
|
||||
eventSink->OnSecurityChange(aRequestingContext, (State | nsIWebProgressListener::STATE_BLOCKED_MIXED_ACTIVE_CONTENT));
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -1984,6 +1984,22 @@ nsDocShell::GetHasMixedActiveContentBlocked(bool* aHasMixedActiveContentBlocked)
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsDocShell::GetHasMixedDisplayContentLoaded(bool* aHasMixedDisplayContentLoaded)
|
||||
{
|
||||
nsCOMPtr<nsIDocument> doc(do_GetInterface(GetAsSupports(this)));
|
||||
*aHasMixedDisplayContentLoaded = doc && doc->GetHasMixedDisplayContentLoaded();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsDocShell::GetHasMixedDisplayContentBlocked(bool* aHasMixedDisplayContentBlocked)
|
||||
{
|
||||
nsCOMPtr<nsIDocument> doc(do_GetInterface(GetAsSupports(this)));
|
||||
*aHasMixedDisplayContentBlocked = doc && doc->GetHasMixedDisplayContentBlocked();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsDocShell::GetAllowPlugins(bool * aAllowPlugins)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -467,14 +467,14 @@ interface nsIDocShell : nsISupports
|
|||
/**
|
||||
* This attribute determines whether Mixed Active Content is loaded on the
|
||||
* document. When it is true, mixed active content was not blocked and has
|
||||
* loaded on the page. When it is false, mixed active content has not loaded on
|
||||
* the page, either because there was no mixed active content requests on the page
|
||||
* or such requests were blocked by nsMixedContentBlocker.
|
||||
* loaded (or is about to load) on the page. When it is false, mixed active content
|
||||
* has not loaded on the page, either because there was no mixed active content
|
||||
* requests on the page or such requests were blocked by nsMixedContentBlocker.
|
||||
* This boolean is set to true in nsMixedContentBlocker if Mixed Active Content
|
||||
* is allowed (either explicitly on the page by the user or when the about:config
|
||||
* setting security.mixed_content.block_active_content is set to false).
|
||||
*/
|
||||
readonly attribute boolean hasMixedActiveContentLoaded;
|
||||
[infallible] readonly attribute boolean hasMixedActiveContentLoaded;
|
||||
|
||||
/**
|
||||
* This attribute determines whether a document has Mixed Active Content
|
||||
|
|
@ -486,7 +486,22 @@ interface nsIDocShell : nsISupports
|
|||
* false, this boolean will be false, since blocking active content has been
|
||||
* disabled.
|
||||
*/
|
||||
readonly attribute boolean hasMixedActiveContentBlocked;
|
||||
[infallible] readonly attribute boolean hasMixedActiveContentBlocked;
|
||||
|
||||
/**
|
||||
* This attribute determines whether Mixed Display Content is loaded on the
|
||||
* document. When it is true, mixed display content was not blocked and has
|
||||
* loaded (or is about to load) on the page. Similar behavior to
|
||||
* hasMixedActiveContentLoaded.
|
||||
*/
|
||||
[infallible] readonly attribute boolean hasMixedDisplayContentLoaded;
|
||||
|
||||
/**
|
||||
* This attribute determines whether a document has Mixed Display Content
|
||||
* that has been blocked from loading. Similar behavior to
|
||||
* hasMixedActiveContentBlocked.
|
||||
*/
|
||||
[infallible] readonly attribute boolean hasMixedDisplayContentBlocked;
|
||||
|
||||
/**
|
||||
* Disconnects this docshell's editor from its window, and stores the
|
||||
|
|
|
|||
|
|
@ -169,6 +169,36 @@ interface nsIWebProgressListener : nsISupports
|
|||
const unsigned long STATE_IS_BROKEN = 0x00000001;
|
||||
const unsigned long STATE_IS_SECURE = 0x00000002;
|
||||
|
||||
/**
|
||||
* Mixed active content flags
|
||||
*
|
||||
* May be set in addition to the State Security Flags, to indicate that
|
||||
* mixed active content has been encountered.
|
||||
*
|
||||
* STATE_BLOCKED_MIXED_ACTIVE_CONTENT
|
||||
* Mixed active content has been blocked from loading.
|
||||
*
|
||||
* STATE_LOADED_MIXED_ACTIVE_CONTENT
|
||||
* Mixed active content has been loaded. State should be STATE_IS_BROKEN.
|
||||
*/
|
||||
const unsigned long STATE_BLOCKED_MIXED_ACTIVE_CONTENT = 0x00000010;
|
||||
const unsigned long STATE_LOADED_MIXED_ACTIVE_CONTENT = 0x00000020;
|
||||
|
||||
/**
|
||||
* Mixed display content flags
|
||||
*
|
||||
* May be set in addition to the State Security Flags, to indicate that
|
||||
* mixed display content has been encountered.
|
||||
*
|
||||
* STATE_BLOCKED_MIXED_DISPLAY_CONTENT
|
||||
* Mixed display content has been blocked from loading.
|
||||
*
|
||||
* STATE_LOADED_MIXED_DISPLAY_CONTENT
|
||||
* Mixed display content has been loaded. State should be STATE_IS_BROKEN.
|
||||
*/
|
||||
const unsigned long STATE_BLOCKED_MIXED_DISPLAY_CONTENT = 0x00000100;
|
||||
const unsigned long STATE_LOADED_MIXED_DISPLAY_CONTENT = 0x00000200;
|
||||
|
||||
/**
|
||||
* Security Strength Flags
|
||||
*
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче