Bug 142342 - Ensure mixed content forms are detected
Summary: Ensure mixed content forms are detected
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 140625
  Show dependency treegraph
 
Reported: 2015-03-05 06:50 PST by Michael Catanzaro
Modified: 2023-03-03 14:14 PST (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Catanzaro 2015-03-05 06:50:26 PST
If a form on an https:// page posts its result to an http:// URL we need to make sure we are displaying an insecure content warning. Otherwise there's no way to know when your credit card data is sent in the clear. There is no test for this currently. Add a test and if the test doesn't pass, fix it.

Unfortunately we cannot block this behavior for compatibility reasons (i.e. the form must be treated as "passive" content you "canDisplay" even though it would make more sense to consider it "active" content you "canRun").
Comment 1 Michael Catanzaro 2023-03-03 14:14:07 PST
(In reply to Michael Catanzaro from comment #0)
> Unfortunately we cannot block this behavior for compatibility reasons (i.e.
> the form must be treated as "passive" content you "canDisplay" even though
> it would make more sense to consider it "active" content you "canRun").

Nowadays we want to make sure the request gets upgraded or blocked, whatever the mixed content spec says should happen.