• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2012 Google Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are
6  * met:
7  *
8  *     * Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  *     * Redistributions in binary form must reproduce the above
11  * copyright notice, this list of conditions and the following disclaimer
12  * in the documentation and/or other materials provided with the
13  * distribution.
14  *     * Neither the name of Google Inc. nor the names of its
15  * contributors may be used to endorse or promote products derived from
16  * this software without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #ifndef MixedContentChecker_h
32 #define MixedContentChecker_h
33 
34 #include "wtf/text/WTFString.h"
35 
36 namespace WebCore {
37 
38 class LocalFrame;
39 class FrameLoaderClient;
40 class KURL;
41 class SecurityOrigin;
42 
43 class MixedContentChecker {
44     WTF_MAKE_NONCOPYABLE(MixedContentChecker);
45 public:
46     MixedContentChecker(LocalFrame*);
47 
canDisplayInsecureContent(SecurityOrigin * securityOrigin,const KURL & url)48     bool canDisplayInsecureContent(SecurityOrigin* securityOrigin, const KURL& url) const
49     {
50         return canDisplayInsecureContentInternal(securityOrigin, url, MixedContentChecker::Display);
51     }
52 
canRunInsecureContent(SecurityOrigin * securityOrigin,const KURL & url)53     bool canRunInsecureContent(SecurityOrigin* securityOrigin, const KURL& url) const
54     {
55         return canRunInsecureContentInternal(securityOrigin, url, MixedContentChecker::Execution);
56     }
canConnectInsecureWebSocket(SecurityOrigin * securityOrigin,const KURL & url)57     bool canConnectInsecureWebSocket(SecurityOrigin* securityOrigin, const KURL& url) const
58     {
59         return canRunInsecureContentInternal(securityOrigin, url, MixedContentChecker::WebSocket);
60     }
61 
62     bool canSubmitToInsecureForm(SecurityOrigin*, const KURL&) const;
63     static bool isMixedContent(SecurityOrigin*, const KURL&);
64 
65 private:
66     enum MixedContentType {
67         Display,
68         Execution,
69         WebSocket,
70         Submission
71     };
72 
73     // FIXME: This should probably have a separate client from FrameLoader.
74     FrameLoaderClient* client() const;
75 
76     bool canDisplayInsecureContentInternal(SecurityOrigin*, const KURL&, const MixedContentType) const;
77 
78     bool canRunInsecureContentInternal(SecurityOrigin*, const KURL&, const MixedContentType) const;
79 
80     void logWarning(bool allowed, const KURL& i, const MixedContentType) const;
81 
82     LocalFrame* m_frame;
83 };
84 
85 } // namespace WebCore
86 
87 #endif // MixedContentChecker_h
88