Bug 822367 - Add mixed display flags to the document. Add mixed displ…

…ay and mixed active states to nsIWebProgressListener and use them in nsMixedContentBlocker. r=smaug
iaxat · Jan 30, 2013 · 4efb187 · 4efb187
1 parent d2933f8
commit 4efb187
Show file tree

Hide file tree

Showing 5 changed files with 168 additions and 48 deletions.
diff --git a/content/base/public/nsIDocument.h b/content/base/public/nsIDocument.h
@@ -462,6 +462,38 @@ class nsIDocument : public nsINode
     mHasMixedActiveContentBlocked = aHasMixedActiveContentBlocked;
   }
 
+  /**
+   * Get the has mixed display content loaded flag for this document.
+   */
+  bool GetHasMixedDisplayContentLoaded()
+  {
+    return mHasMixedDisplayContentLoaded;
+  }
+
+  /**
+   * Set the has mixed display content loaded flag for this document.
+   */
+  void SetHasMixedDisplayContentLoaded(bool aHasMixedDisplayContentLoaded)
+  {
+    mHasMixedDisplayContentLoaded = aHasMixedDisplayContentLoaded;
+  }
+
+  /**
+   * Get mixed display content blocked flag for this document.
+   */
+  bool GetHasMixedDisplayContentBlocked()
+  {
+    return mHasMixedDisplayContentBlocked;
+  }
+
+  /**
+   * Set the mixed display content blocked flag for this document.
+   */
+  void SetHasMixedDisplayContentBlocked(bool aHasMixedDisplayContentBlocked)
+  {
+    mHasMixedDisplayContentBlocked = aHasMixedDisplayContentBlocked;
+  }
+
   /**
    * Get the sandbox flags for this document.
    * @see nsSandboxFlags.h for the possible flags
@@ -2184,6 +2216,12 @@ class nsIDocument : public nsINode
   // True if a document has blocked Mixed Active Script (see nsMixedContentBlocker.cpp)
   bool mHasMixedActiveContentBlocked;
 
+  // True if a document has loaded Mixed Display/Passive Content (see nsMixedContentBlocker.cpp)
+  bool mHasMixedDisplayContentLoaded;
+
+  // True if a document has blocked Mixed Display/Passive Content (see nsMixedContentBlocker.cpp)
+  bool mHasMixedDisplayContentBlocked;
+
   // True if DisallowBFCaching has been called on this document.
   bool mBFCacheDisallowed;
 

diff --git a/content/base/src/nsMixedContentBlocker.cpp b/content/base/src/nsMixedContentBlocker.cpp
@@ -81,16 +81,24 @@ class nsMixedContentEvent : public nsRunnable
        }
        rootDoc->SetHasMixedActiveContentLoaded(true);
 
-      // Update the security UI in the tab with the allowed mixed content
+      // Update the security UI in the tab with the allowed mixed active content
       nsCOMPtr<nsISecurityEventSink> eventSink = do_QueryInterface(docShell);
       if (eventSink) {
-        eventSink->OnSecurityChange(mContext, nsIWebProgressListener::STATE_IS_BROKEN);
+        eventSink->OnSecurityChange(mContext, (nsIWebProgressListener::STATE_IS_BROKEN | nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT));
       }
 
-    } else {
-        if (mType == eMixedDisplay) {
-          //Do Nothing for now; state will already be set STATE_IS_BROKEN
-        }
+    } else if (mType == eMixedDisplay) {
+      // See if the pref will change here. If it will, only then do we need to call OnSecurityChange() to update the UI.
+      if (rootDoc->GetHasMixedDisplayContentLoaded()) {
+        return NS_OK;
+      }
+      rootDoc->SetHasMixedDisplayContentLoaded(true);
+
+      // Update the security UI in the tab with the allowed mixed display content.
+      nsCOMPtr<nsISecurityEventSink> eventSink = do_QueryInterface(docShell);
+      if (eventSink) {
+        eventSink->OnSecurityChange(mContext, (nsIWebProgressListener::STATE_IS_BROKEN | nsIWebProgressListener::STATE_LOADED_MIXED_DISPLAY_CONTENT));
+      }
     }
 
     return NS_OK;
@@ -350,15 +358,33 @@ nsMixedContentBlocker::ShouldLoad(uint32_t aContentType,
   nsCOMPtr<nsIDocument> rootDoc = do_GetInterface(sameTypeRoot);
   NS_ASSERTION(rootDoc, "No root document from document shell root tree item.");
 
+  // Get eventSink and the current security state from the docShell
+  nsCOMPtr<nsISecurityEventSink> eventSink = do_QueryInterface(docShell);
+  NS_ASSERTION(eventSink, "No eventSink from docShell.");
+  nsCOMPtr<nsIDocShell> rootShell = do_GetInterface(sameTypeRoot);
+  NS_ASSERTION(rootShell, "No root docshell from document shell root tree item.");
+  uint32_t State = nsIWebProgressListener::STATE_IS_BROKEN;
+  nsCOMPtr<nsISecureBrowserUI> SecurityUI;
+  rootShell->GetSecurityUI(getter_AddRefs(SecurityUI));
+  NS_ASSERTION(SecurityUI, "No SecurityUI from the root docShell.");
+  nsresult stateRV = SecurityUI->GetState(&State);
+
   // If the content is display content, and the pref says display content should be blocked, block it.
   if (sBlockMixedDisplay && classification == eMixedDisplay) {
-     if (allowMixedContent) {
-       *aDecision = nsIContentPolicy::ACCEPT;
-       rootDoc->SetHasMixedActiveContentLoaded(true);
-     } else {
-       *aDecision = nsIContentPolicy::REJECT_REQUEST;
-     }
-     return NS_OK;
+    if (allowMixedContent) {
+      *aDecision = nsIContentPolicy::ACCEPT;
+      rootDoc->SetHasMixedActiveContentLoaded(true);
+      if (!rootDoc->GetHasMixedDisplayContentLoaded() && NS_SUCCEEDED(stateRV)) {
+        eventSink->OnSecurityChange(aRequestingContext, (State | nsIWebProgressListener::STATE_LOADED_MIXED_DISPLAY_CONTENT));
+      }
+    } else {
+      *aDecision = nsIContentPolicy::REJECT_REQUEST;
+      if (!rootDoc->GetHasMixedDisplayContentBlocked() && NS_SUCCEEDED(stateRV)) {
+        eventSink->OnSecurityChange(aRequestingContext, (State | nsIWebProgressListener::STATE_BLOCKED_MIXED_DISPLAY_CONTENT));
+      }
+    }
+    return NS_OK;
+
   } else if (sBlockMixedScript && classification == eMixedScript) {
     // If the content is active content, and the pref says active content should be blocked, block it
     // unless the user has choosen to override the pref
@@ -369,44 +395,39 @@ nsMixedContentBlocker::ShouldLoad(uint32_t aContentType,
          return NS_OK;
        }
        rootDoc->SetHasMixedActiveContentLoaded(true);
+
+       if (rootHasSecureConnection) {
+         // User has decided to override the pref and the root is https, so change the Security State.
+         if (rootDoc->GetHasMixedDisplayContentLoaded()) {
+           // If mixed display content is loaded, make sure to include that in the state.
+           eventSink->OnSecurityChange(aRequestingContext, (nsIWebProgressListener::STATE_IS_BROKEN | nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT | nsIWebProgressListener::STATE_LOADED_MIXED_DISPLAY_CONTENT));
+         } else {
+           eventSink->OnSecurityChange(aRequestingContext, (nsIWebProgressListener::STATE_IS_BROKEN | nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT));
+         }
+         return NS_OK;
+       } else {
+         // User has already overriden the pref and the root is not https;
+         // mixed content was allowed on an https subframe.
+         if (NS_SUCCEEDED(stateRV)) {
+           eventSink->OnSecurityChange(aRequestingContext, (State | nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT));
+         }
+         return NS_OK;
+       }
     } else {
+       //User has not overriden the pref by Disabling protection. Reject the request and update the security state.
        *aDecision = nsIContentPolicy::REJECT_REQUEST;
        // See if the pref will change here. If it will, only then do we need to call OnSecurityChange() to update the UI.
        if (rootDoc->GetHasMixedActiveContentBlocked()) {
          return NS_OK;
        }
        rootDoc->SetHasMixedActiveContentBlocked(true);
-    }
 
-    // Call eventsink to invoke the Mixed Content UI if it should change based on this load. 
-    nsCOMPtr<nsISecurityEventSink> eventSink = do_QueryInterface(docShell);
-    if (eventSink) {
-      if (!allowMixedContent) {
-        // The user has not overriden the pref, so make sure they still have an option by calling eventSink
-        // which will invoke the doorhanger
-        nsCOMPtr<nsIDocShell> rootShell = do_GetInterface(sameTypeRoot);
-        NS_ASSERTION(rootShell, "No root docshell from document shell root tree item.");
-        uint32_t State;
-        nsCOMPtr<nsISecureBrowserUI> SecurityUI;
-        rootShell->GetSecurityUI(getter_AddRefs(SecurityUI));
-        if (SecurityUI) {
-          nsresult rv = SecurityUI->GetState(&State);
-          if (NS_SUCCEEDED(rv)) {
-            eventSink->OnSecurityChange(aRequestingContext, State);
-          }
-        }
-        return NS_OK;
-      } else if (rootHasSecureConnection) {
-          // User has decided to override the pref and the root is https, so change the Security State.
-          eventSink->OnSecurityChange(aRequestingContext, nsIWebProgressListener::STATE_IS_BROKEN);
-          return NS_OK;
-      } else if (!rootHasSecureConnection) {
-        // User has already overriden the pref and the root is not https;
-        // mixed content was allowed on an https subframe.
-        // In this case, we do nothing since we don't need a doorhanger and we don't want
-        // to change the Security UI of an http page
-        return NS_OK;
-      }
+       // The user has not overriden the pref, so make sure they still have an option by calling eventSink
+       // which will invoke the doorhanger
+       if (NS_SUCCEEDED(stateRV)) {
+          eventSink->OnSecurityChange(aRequestingContext, (State | nsIWebProgressListener::STATE_BLOCKED_MIXED_ACTIVE_CONTENT));
+       }
+       return NS_OK;
     }
 
   } else {

diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
@@ -1984,6 +1984,22 @@ nsDocShell::GetHasMixedActiveContentBlocked(bool* aHasMixedActiveContentBlocked)
     return NS_OK;
 }
 
+NS_IMETHODIMP
+nsDocShell::GetHasMixedDisplayContentLoaded(bool* aHasMixedDisplayContentLoaded)
+{
+    nsCOMPtr<nsIDocument> doc(do_GetInterface(GetAsSupports(this)));
+    *aHasMixedDisplayContentLoaded = doc && doc->GetHasMixedDisplayContentLoaded();
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetHasMixedDisplayContentBlocked(bool* aHasMixedDisplayContentBlocked)
+{
+    nsCOMPtr<nsIDocument> doc(do_GetInterface(GetAsSupports(this)));
+    *aHasMixedDisplayContentBlocked = doc && doc->GetHasMixedDisplayContentBlocked();
+    return NS_OK;
+}
+
 NS_IMETHODIMP
 nsDocShell::GetAllowPlugins(bool * aAllowPlugins)
 {

diff --git a/docshell/base/nsIDocShell.idl b/docshell/base/nsIDocShell.idl
@@ -467,14 +467,14 @@ interface nsIDocShell : nsISupports
   /**
    * This attribute determines whether Mixed Active Content is loaded on the
    * document. When it is true, mixed active content was not blocked and has
-   * loaded on the page. When it is false, mixed active content has not loaded on
-   * the page, either because there was no mixed active content requests on the page
-   * or such requests were blocked by nsMixedContentBlocker.
+   * loaded (or is about to load) on the page. When it is false, mixed active content
+   * has not loaded on the page, either because there was no mixed active content
+   * requests on the page or such requests were blocked by nsMixedContentBlocker.
    * This boolean is set to true in nsMixedContentBlocker if Mixed Active Content
    * is allowed (either explicitly on the page by the user or when the about:config
    * setting security.mixed_content.block_active_content is set to false).
    */
-  readonly attribute boolean hasMixedActiveContentLoaded;
+  [infallible] readonly attribute boolean hasMixedActiveContentLoaded;
 
    /**
    * This attribute determines whether a document has Mixed Active Content
@@ -486,7 +486,22 @@ interface nsIDocShell : nsISupports
    * false, this boolean will be false, since blocking active content has been
    * disabled.
    */
-  readonly attribute boolean hasMixedActiveContentBlocked;
+  [infallible] readonly attribute boolean hasMixedActiveContentBlocked;
+
+  /**
+   * This attribute determines whether Mixed Display Content is loaded on the
+   * document. When it is true, mixed display content was not blocked and has
+   * loaded (or is about to load) on the page. Similar behavior to
+   * hasMixedActiveContentLoaded.
+   */
+  [infallible] readonly attribute boolean hasMixedDisplayContentLoaded;
+
+   /**
+   * This attribute determines whether a document has Mixed Display Content
+   * that has been blocked from loading. Similar behavior to
+   * hasMixedActiveContentBlocked.
+   */
+  [infallible] readonly attribute boolean hasMixedDisplayContentBlocked;
 
   /**
    * Disconnects this docshell's editor from its window, and stores the

diff --git a/uriloader/base/nsIWebProgressListener.idl b/uriloader/base/nsIWebProgressListener.idl
@@ -169,6 +169,36 @@ interface nsIWebProgressListener : nsISupports
   const unsigned long STATE_IS_BROKEN       = 0x00000001;
   const unsigned long STATE_IS_SECURE       = 0x00000002;
 
+  /**
+   * Mixed active content flags
+   *
+   * May be set in addition to the State Security Flags, to indicate that
+   * mixed active content has been encountered.
+   *
+   * STATE_BLOCKED_MIXED_ACTIVE_CONTENT
+   *   Mixed active content has been blocked from loading.
+   *
+   * STATE_LOADED_MIXED_ACTIVE_CONTENT
+   *   Mixed active content has been loaded. State should be STATE_IS_BROKEN.
+   */
+  const unsigned long STATE_BLOCKED_MIXED_ACTIVE_CONTENT  = 0x00000010;
+  const unsigned long STATE_LOADED_MIXED_ACTIVE_CONTENT   = 0x00000020;
+
+  /**
+   * Mixed display content flags
+   *
+   * May be set in addition to the State Security Flags, to indicate that
+   * mixed display content has been encountered.
+   *
+   * STATE_BLOCKED_MIXED_DISPLAY_CONTENT
+   *   Mixed display content has been blocked from loading.
+   *
+   * STATE_LOADED_MIXED_DISPLAY_CONTENT
+   *   Mixed display content has been loaded. State should be STATE_IS_BROKEN.
+   */
+  const unsigned long STATE_BLOCKED_MIXED_DISPLAY_CONTENT = 0x00000100;
+  const unsigned long STATE_LOADED_MIXED_DISPLAY_CONTENT  = 0x00000200;
+
   /**
    * Security Strength Flags
    *