diff options
Diffstat (limited to 'Source/WebCore/loader/FrameLoader.cpp')
| -rw-r--r-- | Source/WebCore/loader/FrameLoader.cpp | 46 |
1 files changed, 1 insertions, 45 deletions
diff --git a/Source/WebCore/loader/FrameLoader.cpp b/Source/WebCore/loader/FrameLoader.cpp index 8ab3d8922..a84c508eb 100644 --- a/Source/WebCore/loader/FrameLoader.cpp +++ b/Source/WebCore/loader/FrameLoader.cpp @@ -212,6 +212,7 @@ FrameLoader::FrameLoader(Frame* frame, FrameLoaderClient* client) , m_notifer(frame) , m_subframeLoader(frame) , m_icon(frame) + , m_mixedContentChecker(frame) , m_state(FrameStateCommittedPage) , m_loadType(FrameLoadTypeStandard) , m_delegateIsHandlingProvisionalLoadError(false) @@ -914,51 +915,6 @@ String FrameLoader::outgoingOrigin() const return m_frame->document()->securityOrigin()->toString(); } -bool FrameLoader::isMixedContent(SecurityOrigin* context, const KURL& url) -{ - if (context->protocol() != "https") - return false; // We only care about HTTPS security origins. - - // We're in a secure context, so |url| is mixed content if it's insecure. - return !SecurityOrigin::isSecure(url); -} - -bool FrameLoader::checkIfDisplayInsecureContent(SecurityOrigin* context, const KURL& url) -{ - if (!isMixedContent(context, url)) - return true; - - Settings* settings = m_frame->settings(); - bool allowed = m_client->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), context, url); - String message = (allowed ? emptyString() : "[blocked] ") + "The page at " + - m_frame->document()->url().string() + " displayed insecure content from " + url.string() + ".\n"; - - m_frame->document()->domWindow()->console()->addMessage(HTMLMessageSource, LogMessageType, WarningMessageLevel, message); - - if (allowed) - m_client->didDisplayInsecureContent(); - - return allowed; -} - -bool FrameLoader::checkIfRunInsecureContent(SecurityOrigin* context, const KURL& url) -{ - if (!isMixedContent(context, url)) - return true; - - Settings* settings = m_frame->settings(); - bool allowed = m_client->allowRunningInsecureContent(settings && settings->allowRunningOfInsecureContent(), context, url); - String message = (allowed ? emptyString() : "[blocked] ") + "The page at " + - m_frame->document()->url().string() + " ran insecure content from " + url.string() + ".\n"; - - m_frame->document()->domWindow()->console()->addMessage(HTMLMessageSource, LogMessageType, WarningMessageLevel, message); - - if (allowed) - m_client->didRunInsecureContent(context, url); - - return allowed; -} - bool FrameLoader::checkIfFormActionAllowedByCSP(const KURL& url) const { if (m_submittedFormURL.isEmpty()) |