MixedContentChecker.cpp [plain text]
#include "config.h"
#include "MixedContentChecker.h"
#include "Console.h"
#include "DOMWindow.h"
#include "Document.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "FrameLoaderClient.h"
#include "SchemeRegistry.h"
#include "SecurityOrigin.h"
#include "Settings.h"
#include <wtf/text/CString.h>
#include <wtf/text/WTFString.h>
namespace WebCore {
MixedContentChecker::MixedContentChecker(Frame* frame)
: m_frame(frame)
{
}
FrameLoaderClient* MixedContentChecker::client() const
{
return m_frame->loader()->client();
}
bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const KURL& url)
{
if (securityOrigin->protocol() != "https")
return false;
return !SecurityOrigin::isSecure(url);
}
bool MixedContentChecker::canDisplayInsecureContent(SecurityOrigin* securityOrigin, const KURL& url) const
{
if (!isMixedContent(securityOrigin, url))
return true;
Settings* settings = m_frame->settings();
bool allowed = client()->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), securityOrigin, url);
logWarning(allowed, "displayed", url);
if (allowed)
client()->didDisplayInsecureContent();
return allowed;
}
bool MixedContentChecker::canRunInsecureContent(SecurityOrigin* securityOrigin, const KURL& url) const
{
if (!isMixedContent(securityOrigin, url))
return true;
Settings* settings = m_frame->settings();
bool allowed = client()->allowRunningInsecureContent(settings && settings->allowRunningOfInsecureContent(), securityOrigin, url);
logWarning(allowed, "ran", url);
if (allowed)
client()->didRunInsecureContent(securityOrigin, url);
return allowed;
}
void MixedContentChecker::logWarning(bool allowed, const String& action, const KURL& target) const
{
String message = makeString((allowed ? "" : "[blocked] "), "The page at ", m_frame->document()->url().stringCenterEllipsizedToLength(), " ", action, " insecure content from ", target.stringCenterEllipsizedToLength(), ".\n");
m_frame->document()->addConsoleMessage(SecurityMessageSource, WarningMessageLevel, message);
}
}