Bug 59056 - Upgrade CSS loads from mixed content warning (displayed) to mixed content error (ran)
Summary: Upgrade CSS loads from mixed content warning (displayed) to mixed content err...
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC OS X 10.5
: P2 Normal
Assignee: Chris Evans
Depends on:
Reported: 2011-04-20 18:10 PDT by Chris Evans
Modified: 2011-04-22 22:55 PDT (History)
3 users (show)

See Also:

Patch (8.03 KB, patch)
2011-04-20 18:22 PDT, Chris Evans
abarth: review+
Details | Formatted Diff | Diff
Patch (8.04 KB, patch)
2011-04-22 15:45 PDT, Chris Evans
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Evans 2011-04-20 18:10:50 PDT
The reason is that CSS3 selectors injected into a document via mixed-content load can in fact query, retrieve and egress the document content. That's serious (unlike mixed content images loads and frame loads).
Comment 2 Chris Evans 2011-04-20 18:22:39 PDT
Created attachment 90465 [details]
Comment 3 Adam Barth 2011-04-20 18:45:19 PDT
Comment on attachment 90465 [details]

View in context: https://bugs.webkit.org/attachment.cgi?id=90465&action=review

Let's give Sam a chance to see this patch too.

> Source/WebCore/loader/cache/CachedResourceLoader.cpp:238
> +        // XSL) or recover the content of the current document (CSS).

recover?  maybe exfiltrate ?
Comment 4 Chris Evans 2011-04-22 15:44:54 PDT
Exfiltrate it is. Landing.

Chatted to Sam out-of-band.
He raised the interesting point of naming -- do "run" and "display" cover it well any more? I can be persuaded that they still do, because I see the ever-more powerful CSS as more like running a language than displaying pixels.
But if you have any better naming ideas, I can uptake them on the next patch.
Comment 5 Chris Evans 2011-04-22 15:45:35 PDT
Created attachment 90785 [details]
Comment 6 Adam Barth 2011-04-22 17:33:28 PDT
I'm not sure whether those are the best names.  What did you have in mind?
Comment 7 Chris Evans 2011-04-22 18:00:58 PDT
I don't have any great ideas at this time. Sam?
Comment 8 WebKit Commit Bot 2011-04-22 21:04:29 PDT
Comment on attachment 90785 [details]

Rejecting attachment 90785 [details] from commit-queue.

Failed to run "['./Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=cr-jail-3', 'land-a..." exit_code: 1

Last 500 characters of output:
Processing 1 patch from 1 bug.
Cleaning working directory
Updating working directory
Processing patch 90785 from bug 59056.
NOBODY (OOPS!) found in /mnt/git/webkit-commit-queue/LayoutTests/ChangeLog does not appear to be a valid reviewer according to committers.py.
ERROR: /mnt/git/webkit-commit-queue/LayoutTests/ChangeLog neither lists a valid reviewer nor contains the string "Unreviewed" or "Rubber stamp" (case insensitive).
Updating OpenSource
Current branch master is up to date.

Full output: http://queues.webkit.org/results/8494732
Comment 9 Adam Barth 2011-04-22 21:19:17 PDT
Comment on attachment 90785 [details]

If you post a patch with commit-queue+, you need to fill in the reviewer yourself because the tools don't know who reviewed the patch.  The command "webkit-patch land-safely" with do that automatically for you.
Comment 10 WebKit Commit Bot 2011-04-22 22:54:39 PDT
The commit-queue encountered the following flaky tests while processing attachment 90785 [details]:

http/tests/appcache/reload.html bug 59275
The commit-queue is continuing to process your patch.
Comment 11 WebKit Commit Bot 2011-04-22 22:55:46 PDT
Comment on attachment 90785 [details]

Clearing flags on attachment: 90785

Committed r84739: <http://trac.webkit.org/changeset/84739>
Comment 12 WebKit Commit Bot 2011-04-22 22:55:51 PDT
All reviewed patches have been landed.  Closing bug.