Diff
Modified: trunk/LayoutTests/ChangeLog (102785 => 102786)
--- trunk/LayoutTests/ChangeLog 2011-12-14 16:59:57 UTC (rev 102785)
+++ trunk/LayoutTests/ChangeLog 2011-12-14 17:03:07 UTC (rev 102786)
@@ -1,3 +1,20 @@
+2011-12-14 Tom Sepez <[email protected]>
+
+ DocumentLoader should ref its mainResourceLoader.
+ https://bugs.webkit.org/show_bug.cgi?id=74424
+
+ Reviewed by Adam Barth.
+
+ More tests for insecure iframes blocked inside of https frames.
+
+ * http/tests/security/mixedContent/resources/frame-with-insecure-iframe.html: Added.
+ * platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-allowed-expected.txt: Added.
+ * platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-allowed.html: Added.
+ * platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-blocked-expected.txt: Added.
+ * platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-blocked.html: Added.
+ * platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed-expected.txt:
+ * platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html:
+
2011-12-14 Csaba Osztrogonác <[email protected]>
[Qt] Test fonts are not used with Qt5
Added: trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-iframe.html (0 => 102786)
--- trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-iframe.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-iframe.html 2011-12-14 17:03:07 UTC (rev 102786)
@@ -0,0 +1,10 @@
+<body _onload_="loaded()">
+<script>
+function loaded()
+{
+ if (window.opener)
+ window.opener.postMessage('done', '*');
+}
+</script>
+<iframe src=""
+</body>
Copied: trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-allowed-expected.txt (from rev 102785, trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed-expected.txt) (0 => 102786)
--- trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-allowed-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-allowed-expected.txt 2011-12-14 17:03:07 UTC (rev 102786)
@@ -0,0 +1,17 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+CONSOLE MESSAGE: line 1: The page at about:blank displayed insecure content from http://127.0.0.1:8080/security/mixedContent/resources/boring.html.
+
+didDisplayInsecureContent
+main frame - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that loads an insecure iframe. We should trigger a mixed content callback even though we've set the preference to block this, because we've overriden the preference via a web permission client callback.
Copied: trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-allowed.html (from rev 102785, trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html) (0 => 102786)
--- trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-allowed.html (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-allowed.html 2011-12-14 17:03:07 UTC (rev 102786)
@@ -0,0 +1,27 @@
+<html>
+<body>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpFrameLoadCallbacks();
+ layoutTestController.setCanOpenWindows();
+ layoutTestController.setCloseRemainingWindowsWhenComplete(true);
+ layoutTestController.overridePreference("WebKitAllowDisplayingInsecureContent", false);
+ layoutTestController.setAllowDisplayOfInsecureContent(true);
+}
+
+window.addEventListener("message", function (e) {
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}, false);
+
+</script>
+<p>This test opens a window that loads an insecure iframe. We should trigger
+a mixed content callback even though we've set the preference to block this,
+because we've overriden the preference via a web permission client callback.</p>
+<script>
+window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-iframe.html");
+</script>
+</body>
+</html>
Added: trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-blocked-expected.txt (0 => 102786)
--- trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-blocked-expected.txt 2011-12-14 17:03:07 UTC (rev 102786)
@@ -0,0 +1,13 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+main frame - didCommitLoadForFrame
+frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
+CONSOLE MESSAGE: line 1: [blocked] The page at about:blank displayed insecure content from http://127.0.0.1:8080/security/mixedContent/resources/boring.html.
+
+frame "<!--framePath //<!--frame0-->-->" - didFailProvisionalLoadWithError
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+This test opens a window that loads an insecure iframe. We should not trigger a mixed content callback even though the main frame in the window is HTTPS and is displaying insecure content, because we've set the preference to block this.
Copied: trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-blocked.html (from rev 102785, trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html) (0 => 102786)
--- trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-blocked.html (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-blocked.html 2011-12-14 17:03:07 UTC (rev 102786)
@@ -0,0 +1,27 @@
+<html>
+<body>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpFrameLoadCallbacks();
+ layoutTestController.setCanOpenWindows();
+ layoutTestController.setCloseRemainingWindowsWhenComplete(true);
+ layoutTestController.overridePreference("WebKitAllowDisplayingInsecureContent", false);
+}
+
+window.addEventListener("message", function (e) {
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}, false);
+
+</script>
+<p>This test opens a window that loads an insecure iframe. We should not
+trigger a mixed content callback even though the main frame in the window
+is HTTPS and is displaying insecure content, because we've set the preference
+to block this.</p>
+<script>
+window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-iframe.html");
+</script>
+</body>
+</html>
Modified: trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed-expected.txt (102785 => 102786)
--- trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed-expected.txt 2011-12-14 16:59:57 UTC (rev 102785)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed-expected.txt 2011-12-14 17:03:07 UTC (rev 102786)
@@ -3,15 +3,10 @@
main frame - didHandleOnloadEventsForFrame
main frame - didFinishLoadForFrame
main frame - didCommitLoadForFrame
-frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
-CONSOLE MESSAGE: line 1: The page at about:blank displayed insecure content from http://127.0.0.1:8080/security/mixedContent/resources/boring.html.
+CONSOLE MESSAGE: line 1: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image.html displayed insecure content from http://127.0.0.1:8080/security/resources/compass.jpg.
didDisplayInsecureContent
main frame - didFinishDocumentLoadForFrame
-frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
-frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
-frame "<!--framePath //<!--frame0-->-->" - didHandleOnloadEventsForFrame
main frame - didHandleOnloadEventsForFrame
-frame "<!--framePath //<!--frame0-->-->" - didFinishLoadForFrame
main frame - didFinishLoadForFrame
This test opens a window that loads an insecure image. We should trigger a mixed content callback even though we've set the preference to block this, because we've overriden the preference via a web permission client callback.
Modified: trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html (102785 => 102786)
--- trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html 2011-12-14 16:59:57 UTC (rev 102785)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html 2011-12-14 17:03:07 UTC (rev 102786)
@@ -21,7 +21,7 @@
a mixed content callback even though we've set the preference to block this,
because we've overriden the preference via a web permission client callback.</p>
<script>
-window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-frame.html");
+window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image.html");
</script>
</body>
</html>
Modified: trunk/Source/WebCore/ChangeLog (102785 => 102786)
--- trunk/Source/WebCore/ChangeLog 2011-12-14 16:59:57 UTC (rev 102785)
+++ trunk/Source/WebCore/ChangeLog 2011-12-14 17:03:07 UTC (rev 102786)
@@ -1,3 +1,18 @@
+2011-12-14 Tom Sepez <[email protected]>
+
+ DocumentLoader should ref its mainResourceLoader.
+ https://bugs.webkit.org/show_bug.cgi?id=74424
+
+ Reviewed by Adam Barth.
+
+ Tests: platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-allowed.html
+ platform/chromium/http/tests/security/mixedContent/insecure-iframe-in-main-frame-blocked.html
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::startLoadingMainResource):
+ * loader/MainResourceLoader.cpp:
+ (WebCore::MainResourceLoader::loadNow):
+
2011-12-14 Stephen White <[email protected]>
CSS Filters should support GPU acceleration
Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (102785 => 102786)
--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2011-12-14 16:59:57 UTC (rev 102785)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2011-12-14 17:03:07 UTC (rev 102786)
@@ -803,8 +803,10 @@
// FIXME: Is there any way the extra fields could have not been added by now?
// If not, it would be great to remove this line of code.
frameLoader()->addExtraFieldsToMainResourceRequest(m_request);
-
- if (!m_mainResourceLoader->load(m_request, m_substituteData)) {
+
+ // Protect MainResourceLoader::load() method chain from setPrimaryLoadComplete() stomping m_mainResourceLoader.
+ RefPtr<MainResourceLoader> protectedMainResourceLoader(m_mainResourceLoader);
+ if (!protectedMainResourceLoader->load(m_request, m_substituteData)) {
// FIXME: If this should really be caught, we should just ASSERT this doesn't happen;
// should it be caught by other parts of WebKit or other parts of the app?
LOG_ERROR("could not create WebResourceHandle for URL %s -- should be caught by policy handler level", m_request.url().string().ascii().data());
Modified: trunk/Source/WebCore/loader/MainResourceLoader.cpp (102785 => 102786)
--- trunk/Source/WebCore/loader/MainResourceLoader.cpp 2011-12-14 16:59:57 UTC (rev 102785)
+++ trunk/Source/WebCore/loader/MainResourceLoader.cpp 2011-12-14 17:03:07 UTC (rev 102786)
@@ -560,6 +560,7 @@
// we no longer send the callback from within NSURLConnection for
// initial requests.
willSendRequest(r, ResourceResponse());
+ ASSERT(!deletionHasBegun());
// <rdar://problem/4801066>
// willSendRequest() is liable to make the call to frameLoader() return NULL, so we need to check that here
