MixedContentChecker.cpp [plain text]
#include "config.h"
#include "MixedContentChecker.h"
#include "Document.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "FrameLoaderClient.h"
#include "SecurityOrigin.h"
#include "Settings.h"
#include <wtf/text/CString.h>
#include <wtf/text/WTFString.h>
namespace WebCore {
MixedContentChecker::MixedContentChecker(Frame& frame)
: m_frame(frame)
{
}
FrameLoaderClient& MixedContentChecker::client() const
{
return m_frame.loader().client();
}
bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const URL& url)
{
if (securityOrigin->protocol() != "https")
return false;
return !SecurityOrigin::isSecure(url);
}
bool MixedContentChecker::canDisplayInsecureContent(SecurityOrigin* securityOrigin, ContentType type, const URL& url) const
{
if (!isMixedContent(securityOrigin, url))
return true;
bool allowed = m_frame.settings().allowDisplayOfInsecureContent() || type == ContentType::ActiveCanWarn;
logWarning(allowed, "display", url);
if (allowed)
client().didDisplayInsecureContent();
return allowed;
}
bool MixedContentChecker::canRunInsecureContent(SecurityOrigin* securityOrigin, const URL& url) const
{
if (!isMixedContent(securityOrigin, url))
return true;
bool allowed = m_frame.settings().allowRunningOfInsecureContent();
logWarning(allowed, "run", url);
if (allowed)
client().didRunInsecureContent(securityOrigin, url);
return allowed;
}
void MixedContentChecker::checkFormForMixedContent(SecurityOrigin* securityOrigin, const URL& url) const
{
if (protocolIsJavaScript(url))
return;
if (!isMixedContent(securityOrigin, url))
return;
String message = makeString("The page at ", m_frame.document()->url().stringCenterEllipsizedToLength(), " contains a form which targets an insecure URL ", url.stringCenterEllipsizedToLength(), ".\n");
m_frame.document()->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, message);
client().didDisplayInsecureContent();
}
void MixedContentChecker::logWarning(bool allowed, const String& action, const URL& target) const
{
const char* errorString = allowed ? " was allowed to " : " was not allowed to ";
String message = makeString((allowed ? String() : "[blocked] "), "The page at ", m_frame.document()->url().stringCenterEllipsizedToLength(), errorString, action, " insecure content from ", target.stringCenterEllipsizedToLength(), ".\n");
m_frame.document()->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, message);
}
}