From 3ca7947b8a8a7a371b7b3f53fb050bcfd82fca23 Mon Sep 17 00:00:00 2001 From: Pale Moon Date: Mon, 6 Mar 2017 16:10:15 +0100 Subject: [PATCH] Reset mixed-mode page status to secure if no actual load has occurred through the mixed content blocker. This should take care of injection of non-network URIs that aren't same origin (e.g. extension-sourced data: URIs) triggering mixed-mode warnings. Assumption here is that data: URIs are safe if "local"; this is a security trade-off that should be acceptable. --- .../manager/boot/src/nsSecureBrowserUIImpl.cpp | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/security/manager/boot/src/nsSecureBrowserUIImpl.cpp b/security/manager/boot/src/nsSecureBrowserUIImpl.cpp index 3e48dac8ac..d1302c986b 100644 --- a/security/manager/boot/src/nsSecureBrowserUIImpl.cpp +++ b/security/manager/boot/src/nsSecureBrowserUIImpl.cpp @@ -261,7 +261,19 @@ nsSecureBrowserUIImpl::MapInternalToExternalState(uint32_t* aState, lockIconStat } // Has a Mixed Content Load initiated in nsMixedContentBlocker? - // If so, the state should be broken; overriding the previous state + // * If not, the state should not be broken because no actual mixed-content + // load has occurred, overriding the previous state if it was flagged as mixed. + if (lock == lis_mixed_security && + !docShell->GetHasMixedActiveContentLoaded() && + !docShell->GetHasMixedDisplayContentLoaded() && + !docShell->GetHasMixedActiveContentBlocked() && + !docShell->GetHasMixedDisplayContentBlocked()) { + *aState = STATE_IS_SECURE; + if (ev) { + *aState |= nsIWebProgressListener::STATE_IDENTITY_EV_TOPLEVEL; + } + } + // * If so, the state should be broken; overriding the previous state // set by the lock parameter. if (docShell->GetHasMixedActiveContentLoaded() && docShell->GetHasMixedDisplayContentLoaded()) {