Bug 59056

Summary: Upgrade CSS loads from mixed content warning (displayed) to mixed content error (ran)
Product: WebKit Reporter: Chris Evans <cevans>
Component: CSSAssignee: Chris Evans <cevans>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, commit-queue, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
Patch
abarth: review+
Patch none

Chris Evans
Reported 2011-04-20 18:10:50 PDT
The reason is that CSS3 selectors injected into a document via mixed-content load can in fact query, retrieve and egress the document content. That's serious (unlike mixed content images loads and frame loads).
Attachments
Patch (8.03 KB, patch)
2011-04-20 18:22 PDT, Chris Evans 		abarth: review+
DetailsFormatted DiffDiff
Patch (8.04 KB, patch)
2011-04-22 15:45 PDT, Chris Evans 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Chris Evans
Comment 2 2011-04-20 18:22:39 PDT
Created attachment 90465 [details] Patch
Adam Barth
Comment 3 2011-04-20 18:45:19 PDT
Comment on attachment 90465 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=90465&action=review Let's give Sam a chance to see this patch too. > Source/WebCore/loader/cache/CachedResourceLoader.cpp:238 > + // XSL) or recover the content of the current document (CSS). recover? maybe exfiltrate ?
Chris Evans
Comment 4 2011-04-22 15:44:54 PDT
Exfiltrate it is. Landing. Chatted to Sam out-of-band. He raised the interesting point of naming -- do "run" and "display" cover it well any more? I can be persuaded that they still do, because I see the ever-more powerful CSS as more like running a language than displaying pixels. But if you have any better naming ideas, I can uptake them on the next patch.
Chris Evans
Comment 5 2011-04-22 15:45:35 PDT
Created attachment 90785 [details] Patch
Adam Barth
Comment 6 2011-04-22 17:33:28 PDT
I'm not sure whether those are the best names. What did you have in mind?
Chris Evans
Comment 7 2011-04-22 18:00:58 PDT
I don't have any great ideas at this time. Sam?
WebKit Commit Bot
Comment 8 2011-04-22 21:04:29 PDT
Comment on attachment 90785 [details] Patch Rejecting attachment 90785 [details] from commit-queue. Failed to run "['./Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=cr-jail-3', 'land-a..." exit_code: 1 Last 500 characters of output: 56&ctype=xml Processing 1 patch from 1 bug. Cleaning working directory Updating working directory Processing patch 90785 from bug 59056. NOBODY (OOPS!) found in /mnt/git/webkit-commit-queue/LayoutTests/ChangeLog does not appear to be a valid reviewer according to committers.py. ERROR: /mnt/git/webkit-commit-queue/LayoutTests/ChangeLog neither lists a valid reviewer nor contains the string "Unreviewed" or "Rubber stamp" (case insensitive). Updating OpenSource Current branch master is up to date. Full output: http://queues.webkit.org/results/8494732
Adam Barth
Comment 9 2011-04-22 21:19:17 PDT
Comment on attachment 90785 [details] Patch If you post a patch with commit-queue+, you need to fill in the reviewer yourself because the tools don't know who reviewed the patch. The command "webkit-patch land-safely" with do that automatically for you.
WebKit Commit Bot
Comment 10 2011-04-22 22:54:39 PDT
The commit-queue encountered the following flaky tests while processing attachment 90785 [details]: http/tests/appcache/reload.html bug 59275 The commit-queue is continuing to process your patch.
WebKit Commit Bot
Comment 11 2011-04-22 22:55:46 PDT
Comment on attachment 90785 [details] Patch Clearing flags on attachment: 90785 Committed r84739: <http://trac.webkit.org/changeset/84739>
WebKit Commit Bot
Comment 12 2011-04-22 22:55:51 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.