|Summary:||Upgrade CSS loads from mixed content warning (displayed) to mixed content error (ran)|
|Product:||WebKit||Reporter:||Chris Evans <cevans>|
|Component:||CSS||Assignee:||Chris Evans <cevans>|
|Severity:||Normal||CC:||abarth, commit-queue, sam|
|Version:||528+ (Nightly build)|
|OS:||OS X 10.5|
Description Chris Evans 2011-04-20 18:10:50 PDT
The reason is that CSS3 selectors injected into a document via mixed-content load can in fact query, retrieve and egress the document content. That's serious (unlike mixed content images loads and frame loads).
Comment 1 Chris Evans 2011-04-20 18:12:30 PDT
A useful reference: http://www.stratsec.net/getattachment/c1be603c-84f4-4c3f-a449-3107f30c3164/stratsec---Ruxcon-2008---Attacking-Rich-Internet-Applications.pdf Slide 4 covers the attack.
Comment 3 Adam Barth 2011-04-20 18:45:19 PDT
Comment on attachment 90465 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=90465&action=review Let's give Sam a chance to see this patch too. > Source/WebCore/loader/cache/CachedResourceLoader.cpp:238 > + // XSL) or recover the content of the current document (CSS). recover? maybe exfiltrate ?
Comment 4 Chris Evans 2011-04-22 15:44:54 PDT
Exfiltrate it is. Landing. Chatted to Sam out-of-band. He raised the interesting point of naming -- do "run" and "display" cover it well any more? I can be persuaded that they still do, because I see the ever-more powerful CSS as more like running a language than displaying pixels. But if you have any better naming ideas, I can uptake them on the next patch.
Comment 6 Adam Barth 2011-04-22 17:33:28 PDT
I'm not sure whether those are the best names. What did you have in mind?
Comment 7 Chris Evans 2011-04-22 18:00:58 PDT
I don't have any great ideas at this time. Sam?
Comment 8 WebKit Commit Bot 2011-04-22 21:04:29 PDT
Comment on attachment 90785 [details] Patch Rejecting attachment 90785 [details] from commit-queue. Failed to run "['./Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=cr-jail-3', 'land-a..." exit_code: 1 Last 500 characters of output: 56&ctype=xml Processing 1 patch from 1 bug. Cleaning working directory Updating working directory Processing patch 90785 from bug 59056. NOBODY (OOPS!) found in /mnt/git/webkit-commit-queue/LayoutTests/ChangeLog does not appear to be a valid reviewer according to committers.py. ERROR: /mnt/git/webkit-commit-queue/LayoutTests/ChangeLog neither lists a valid reviewer nor contains the string "Unreviewed" or "Rubber stamp" (case insensitive). Updating OpenSource Current branch master is up to date. Full output: http://queues.webkit.org/results/8494732
Comment 9 Adam Barth 2011-04-22 21:19:17 PDT
Comment on attachment 90785 [details] Patch If you post a patch with commit-queue+, you need to fill in the reviewer yourself because the tools don't know who reviewed the patch. The command "webkit-patch land-safely" with do that automatically for you.
Comment 10 WebKit Commit Bot 2011-04-22 22:54:39 PDT
The commit-queue encountered the following flaky tests while processing attachment 90785 [details]: http/tests/appcache/reload.html bug 59275 The commit-queue is continuing to process your patch.
Comment 11 WebKit Commit Bot 2011-04-22 22:55:46 PDT
Comment on attachment 90785 [details] Patch Clearing flags on attachment: 90785 Committed r84739: <http://trac.webkit.org/changeset/84739>
Comment 12 WebKit Commit Bot 2011-04-22 22:55:51 PDT
All reviewed patches have been landed. Closing bug.