roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-06-01 09:59:26 +00:00
Code Issues Projects Releases Wiki Activity

Reset mixed-mode page status to secure if no actual load has occurred through the mixed content blocker.

Browse Source 
This should take care of injection of non-network URIs that aren't same origin (e.g. extension-sourced data: URIs) triggering mixed-mode warnings.
Assumption here is that data: URIs are safe if "local"; this is a security trade-off that should be acceptable.
This commit is contained in:
Pale Moon
2017-03-06 16:10:15 +01:00
committed by roytam1
parent 132522bfc9
commit 3ca7947b8a
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/manager/boot/src/nsSecureBrowserUIImpl.cpp
+13 -1
View File
@@ -261,7 +261,19 @@ nsSecureBrowserUIImpl::MapInternalToExternalState(uint32_t* aState, lockIconStat
}
// Has a Mixed Content Load initiated in nsMixedContentBlocker?
// If so, the state should be broken; overriding the previous state
// * If not, the state should not be broken because no actual mixed-content
// load has occurred, overriding the previous state if it was flagged as mixed.
if (lock == lis_mixed_security &&
!docShell->GetHasMixedActiveContentLoaded() &&
!docShell->GetHasMixedDisplayContentLoaded() &&
!docShell->GetHasMixedActiveContentBlocked() &&
!docShell->GetHasMixedDisplayContentBlocked()) {
*aState = STATE_IS_SECURE;
if (ev) {
*aState |= nsIWebProgressListener::STATE_IDENTITY_EV_TOPLEVEL;
}
}
// * If so, the state should be broken; overriding the previous state
// set by the lock parameter.
if (docShell->GetHasMixedActiveContentLoaded() &&
docShell->GetHasMixedDisplayContentLoaded()) {