Hi, I'm an intern with Igalia currently working on mixed content blocking in WebKitGTK+. I see WebCore already has decent support for mixed content blocking using the settings allow-display-of-insecure-content and allow-running-of-insecure-content, which were previously used by the Chromium port.
One problem with these settings is that frames are treated as mixed passive content rather than mixed active content. For the WebKitGTK+ API I want frames to be treated as active content, which is what most major browsers currently do. Is it OK if I change this, so that allow-running-of-insecure-content and not allow-display-of-insecure-content will be checked to determine whether or not to block a frame? These settings seem to be currently unused, so I don't think this will be an unexpected behavior change for anyone. I'm also planning to block mixed XMLHttpRequest and WebSocket connections when allow-running-of-insecure-content is false. Thanks, Michael Catanzaro _______________________________________________ webkit-dev mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-dev
