Bug 165438

Summary:

Implement Strict Mixed Content Checking

Product:

WebKit

Reporter:

Daniel Bates <dbates>

Component:

WebCore Misc.

Assignee:

Daniel Bates <dbates>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

aestes, ap, bfulgham, buildbot, cdumez, commit-queue, esprehn+autocc, japhet, kangil.han, mkwst, rniwa, sam, webkit-bug-importer, wilander

Priority:

Keywords:

InRadar, WebExposed

Version:

WebKit Local Build

Hardware:

All

OS:

All

Attachments:

Description	Flags
Patch and layout tests	none
Archive of layout-test-results from ews101 for mac-yosemite	none
Archive of layout-test-results from ews112 for mac-yosemite	none
Archive of layout-test-results from ews125 for ios-simulator-wk2	none
Patch and layout tests	none
Patch and layout tests	none
Patch and layout tests	bfulgham: review+

Daniel Bates

Reported 2016-12-05 16:50:55 PST

We should implement strict mixed content checking as per <https://www.w3.org/TR/2016/CR-mixed-content-20160802/#strict-checking> (2 August 2016).

Attachments
Patch and layout tests (131.95 KB, patch) 2016-12-05 17:13 PST, Daniel Bates	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews101 for mac-yosemite (1.01 MB, application/zip) 2016-12-05 18:18 PST, Build Bot	no flags	Details
Archive of layout-test-results from ews112 for mac-yosemite (1.98 MB, application/zip) 2016-12-05 18:30 PST, Build Bot	no flags	Details
Archive of layout-test-results from ews125 for ios-simulator-wk2 (18.98 MB, application/zip) 2016-12-05 21:16 PST, Build Bot	no flags	Details
Patch and layout tests (133.62 KB, patch) 2016-12-06 09:06 PST, Daniel Bates	no flags	Details Formatted Diff Diff
Patch and layout tests (139.61 KB, patch) 2016-12-06 15:45 PST, Daniel Bates	no flags	Details Formatted Diff Diff
Patch and layout tests (138.55 KB, patch) 2016-12-06 15:48 PST, Daniel Bates	bfulgham: review+	Details Formatted Diff Diff
Show Obsolete (6) View All Add attachment proposed patch, testcase, etc.

Daniel Bates

Comment 1 2016-12-05 16:51:55 PST

<rdar://problem/26103867>

Daniel Bates

Comment 2 2016-12-05 17:13:32 PST

Created attachment 296225 [details] Patch and layout tests

Build Bot

Comment 3 2016-12-05 18:18:07 PST

Comment on attachment 296225 [details] Patch and layout tests Attachment 296225 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/2630361 New failing tests: http/tests/security/contentSecurityPolicy/block-all-mixed-content/data-url-iframe-in-main-frame.html

Build Bot

Comment 4 2016-12-05 18:18:11 PST

Created attachment 296238 [details] Archive of layout-test-results from ews101 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-yosemite Platform: Mac OS X 10.10.5

Build Bot

Comment 5 2016-12-05 18:30:30 PST

Comment on attachment 296225 [details] Patch and layout tests Attachment 296225 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/2630418 New failing tests: http/tests/security/contentSecurityPolicy/block-all-mixed-content/data-url-iframe-in-main-frame.html

Build Bot

Comment 6 2016-12-05 18:30:33 PST

Created attachment 296241 [details] Archive of layout-test-results from ews112 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews112 Port: mac-yosemite Platform: Mac OS X 10.10.5

Build Bot

Comment 7 2016-12-05 21:15:56 PST

Comment on attachment 296225 [details] Patch and layout tests Attachment 296225 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/2631455 New failing tests: http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe.html

Build Bot

Comment 8 2016-12-05 21:16:01 PST

Created attachment 296262 [details] Archive of layout-test-results from ews125 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews125 Port: ios-simulator-wk2 Platform: Mac OS X 10.11.6

Daniel Bates

Comment 9 2016-12-06 09:06:25 PST

Created attachment 296292 [details] Patch and layout tests

Daniel Bates

Comment 10 2016-12-06 15:45:43 PST

Created attachment 296337 [details] Patch and layout tests Updated patch to apply strict mixed content checking to XSLT transformed documents and added a test.

Daniel Bates

Comment 11 2016-12-06 15:48:28 PST

Created attachment 296339 [details] Patch and layout tests Unskip test insecure-plugin-in-main-frame.html when running in WebKitTestRunner as bug #165410 was fixed.

Brent Fulgham

Comment 12 2016-12-08 09:29:52 PST

Comment on attachment 296339 [details] Patch and layout tests Looks great! r=me.

Andy Estes

Comment 13 2016-12-08 15:45:14 PST

Comment on attachment 296339 [details] Patch and layout tests View in context: https://bugs.webkit.org/attachment.cgi?id=296339&action=review > Source/WebCore/dom/SecurityContext.h:84 > + bool isStrictMixedContentMode() { return m_isStrictMixedContentMode; } Can this be const-qualified?

Daniel Bates

Comment 14 2016-12-08 15:50:35 PST

(In reply to comment #13) > Comment on attachment 296339 [details] > Patch and layout tests > > View in context: > https://bugs.webkit.org/attachment.cgi?id=296339&action=review > > > Source/WebCore/dom/SecurityContext.h:84 > > + bool isStrictMixedContentMode() { return m_isStrictMixedContentMode; } > > Can this be const-qualified? Will fix before landing.

Daniel Bates

Comment 15 2016-12-08 15:54:49 PST

Committed r209577: <http://trac.webkit.org/changeset/209577>

Note You need to log in before you can comment on or make changes to this bug.