diff options
| -rw-r--r-- | components/net/about_loader.rs | 2 | ||||
| -rw-r--r-- | components/net/http_loader.rs | 6 | ||||
| -rw-r--r-- | components/net_traits/lib.rs | 4 | ||||
| -rw-r--r-- | components/net_traits/response.rs | 2 | ||||
| -rw-r--r-- | components/script/dom/bindings/trace.rs | 2 | ||||
| -rw-r--r-- | components/script/dom/document.rs | 9 | ||||
| -rw-r--r-- | components/script/dom/htmliframeelement.rs | 20 | ||||
| -rw-r--r-- | components/script/dom/webidls/BrowserElement.webidl | 30 | ||||
| -rw-r--r-- | components/script/script_thread.rs | 2 | ||||
| -rw-r--r-- | components/script_traits/lib.rs | 5 | ||||
| -rw-r--r-- | tests/wpt/mozilla/meta/MANIFEST.json | 6 | ||||
| -rw-r--r-- | tests/wpt/mozilla/meta/mozilla/mozbrowser/mozbrowsersecuritychange_event.html.ini | 5 | ||||
| -rw-r--r-- | tests/wpt/mozilla/tests/mozilla/mozbrowser/mozbrowsersecuritychange_event.html | 46 |
13 files changed, 135 insertions, 4 deletions
diff --git a/components/net/about_loader.rs b/components/net/about_loader.rs index ec6865e131a..5fbaaa686f6 100644 --- a/components/net/about_loader.rs +++ b/components/net/about_loader.rs @@ -8,6 +8,7 @@ use hyper::http::RawStatus; use hyper::mime::{Mime, SubLevel, TopLevel}; use mime_classifier::MIMEClassifier; use net_traits::ProgressMsg::Done; +use net_traits::response::HttpsState; use net_traits::{LoadConsumer, LoadData, Metadata}; use resource_thread::{CancellationListener, send_error, start_sending_sniffed_opt}; use std::sync::Arc; @@ -28,6 +29,7 @@ pub fn factory(mut load_data: LoadData, charset: Some("utf-8".to_owned()), headers: None, status: Some(RawStatus(200, "OK".into())), + https_state: HttpsState::None, }; if let Ok(chan) = start_sending_sniffed_opt(start_chan, metadata, diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs index 64c732446db..e21ade1b2ad 100644 --- a/components/net/http_loader.rs +++ b/components/net/http_loader.rs @@ -26,6 +26,7 @@ use mime_classifier::MIMEClassifier; use msg::constellation_msg::{PipelineId}; use net_traits::ProgressMsg::{Done, Payload}; use net_traits::hosts::replace_hosts; +use net_traits::response::HttpsState; use net_traits::{CookieSource, IncludeSubdomains, LoadConsumer, LoadContext, LoadData, Metadata}; use openssl::ssl::error::{SslError, OpensslError}; use openssl::ssl::{SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3, SSL_VERIFY_PEER, SslContext, SslMethod}; @@ -769,6 +770,11 @@ pub fn load<A>(load_data: LoadData, }); metadata.headers = Some(adjusted_headers); metadata.status = Some(response.status_raw().clone()); + metadata.https_state = if doc_url.scheme == "https" { + HttpsState::Modern + } else { + HttpsState::None + }; // --- Tell devtools that we got a response // Send an HttpResponse message to devtools with the corresponding request_id diff --git a/components/net_traits/lib.rs b/components/net_traits/lib.rs index 45d01a9818d..bf9a168a1bf 100644 --- a/components/net_traits/lib.rs +++ b/components/net_traits/lib.rs @@ -312,6 +312,9 @@ pub struct Metadata { #[ignore_heap_size_of = "Defined in hyper"] /// HTTP Status pub status: Option<RawStatus>, + + /// Is successful HTTPS connection + pub https_state: response::HttpsState, } impl Metadata { @@ -324,6 +327,7 @@ impl Metadata { headers: None, // https://fetch.spec.whatwg.org/#concept-response-status-message status: Some(RawStatus(200, "OK".into())), + https_state: response::HttpsState::None, } } diff --git a/components/net_traits/response.rs b/components/net_traits/response.rs index b2e73ec371e..25eeedb4252 100644 --- a/components/net_traits/response.rs +++ b/components/net_traits/response.rs @@ -48,7 +48,7 @@ pub enum CacheState { } /// [Https state](https://fetch.spec.whatwg.org/#concept-response-https-state) -#[derive(Clone)] +#[derive(Clone, Copy, HeapSizeOf, Deserialize, Serialize)] pub enum HttpsState { None, Deprecated, diff --git a/components/script/dom/bindings/trace.rs b/components/script/dom/bindings/trace.rs index 1362731339a..6794f803a10 100644 --- a/components/script/dom/bindings/trace.rs +++ b/components/script/dom/bindings/trace.rs @@ -60,6 +60,7 @@ use msg::constellation_msg::{PipelineId, SubpageId, WindowSizeData}; use net_traits::Metadata; use net_traits::image::base::{Image, ImageMetadata}; use net_traits::image_cache_thread::{ImageCacheChan, ImageCacheThread}; +use net_traits::response::HttpsState; use net_traits::storage_thread::StorageType; use profile_traits::mem::ProfilerChan as MemProfilerChan; use profile_traits::time::ProfilerChan as TimeProfilerChan; @@ -299,6 +300,7 @@ no_jsmanaged_fields!(Mime); no_jsmanaged_fields!(AttrIdentifier); no_jsmanaged_fields!(AttrValue); no_jsmanaged_fields!(ElementSnapshot); +no_jsmanaged_fields!(HttpsState); impl JSTraceable for ConstellationChan<ScriptMsg> { #[inline] diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs index b5672319837..91eb87ca881 100644 --- a/components/script/dom/document.rs +++ b/components/script/dom/document.rs @@ -84,6 +84,7 @@ use msg::constellation_msg::{ConstellationChan, Key, KeyModifiers, KeyState}; use msg::constellation_msg::{PipelineId, SubpageId}; use net_traits::ControlMsg::{GetCookiesForUrl, SetCookiesForUrl}; use net_traits::CookieSource::NonHTTP; +use net_traits::response::HttpsState; use net_traits::{AsyncResponseTarget, PendingAsyncLoad}; use num::ToPrimitive; use script_thread::{MainThreadScriptMsg, Runnable}; @@ -204,6 +205,8 @@ pub struct Document { dom_complete: Cell<u64>, /// Vector to store CSS errors css_errors_store: DOMRefCell<Vec<CSSError>>, + /// https://html.spec.whatwg.org/multipage/#concept-document-https-state + https_state: Cell<HttpsState>, } #[derive(JSTraceable, HeapSizeOf)] @@ -289,6 +292,11 @@ impl Document { self.is_html_document } + pub fn set_https_state(&self, https_state: HttpsState) { + self.https_state.set(https_state); + self.trigger_mozbrowser_event(MozBrowserEvent::SecurityChange(https_state)); + } + pub fn report_css_error(&self, css_error: CSSError) { self.css_errors_store.borrow_mut().push(css_error); } @@ -1525,6 +1533,7 @@ impl Document { dom_content_loaded_event_end: Cell::new(Default::default()), dom_complete: Cell::new(Default::default()), css_errors_store: DOMRefCell::new(vec![]), + https_state: Cell::new(HttpsState::None), } } diff --git a/components/script/dom/htmliframeelement.rs b/components/script/dom/htmliframeelement.rs index fd8788480a6..930c15b0e0f 100644 --- a/components/script/dom/htmliframeelement.rs +++ b/components/script/dom/htmliframeelement.rs @@ -4,6 +4,7 @@ use dom::attr::{Attr, AttrValue}; use dom::bindings::codegen::Bindings::BrowserElementBinding::BrowserElementIconChangeEventDetail; +use dom::bindings::codegen::Bindings::BrowserElementBinding::BrowserElementSecurityChangeDetail; use dom::bindings::codegen::Bindings::BrowserElementBinding::BrowserShowModalPromptEventDetail; use dom::bindings::codegen::Bindings::HTMLIFrameElementBinding; use dom::bindings::codegen::Bindings::HTMLIFrameElementBinding::HTMLIFrameElementMethods; @@ -29,6 +30,7 @@ use js::jsval::{UndefinedValue, NullValue}; use layout_interface::ReflowQueryType; use msg::constellation_msg::{ConstellationChan}; use msg::constellation_msg::{NavigationDirection, PipelineId, SubpageId}; +use net_traits::response::HttpsState; use page::IterablePage; use script_traits::IFrameSandboxState::{IFrameSandboxed, IFrameUnsandboxed}; use script_traits::{IFrameLoadInfo, MozBrowserEvent, ScriptMsg as ConstellationMsg}; @@ -275,10 +277,26 @@ impl MozBrowserEventDetailBuilder for HTMLIFrameElement { match event { MozBrowserEvent::AsyncScroll | MozBrowserEvent::Close | MozBrowserEvent::ContextMenu | MozBrowserEvent::Error | MozBrowserEvent::LoadEnd | MozBrowserEvent::LoadStart | - MozBrowserEvent::OpenWindow | MozBrowserEvent::SecurityChange | MozBrowserEvent::OpenSearch | + MozBrowserEvent::OpenWindow | MozBrowserEvent::OpenSearch | MozBrowserEvent::UsernameAndPasswordRequired => { rval.set(NullValue()); } + MozBrowserEvent::SecurityChange(https_state) => { + BrowserElementSecurityChangeDetail { + // https://developer.mozilla.org/en-US/docs/Web/Events/mozbrowsersecuritychange + state: Some(DOMString::from(match https_state { + HttpsState::Modern => "secure", + HttpsState::Deprecated => "broken", + HttpsState::None => "insecure", + }.to_owned())), + // FIXME - Not supported yet: + trackingContent: None, + mixedContent: None, + trackingState: None, + extendedValidation: None, + mixedState: None, + }.to_jsval(cx, rval); + } MozBrowserEvent::LocationChange(ref string) | MozBrowserEvent::TitleChange(ref string) => { string.to_jsval(cx, rval); } diff --git a/components/script/dom/webidls/BrowserElement.webidl b/components/script/dom/webidls/BrowserElement.webidl index ecd9df12e66..33f1fa6fd5e 100644 --- a/components/script/dom/webidls/BrowserElement.webidl +++ b/components/script/dom/webidls/BrowserElement.webidl @@ -24,6 +24,36 @@ callback BrowserElementNextPaintEventCallback = void (); interface BrowserElement { }; +dictionary BrowserElementSecurityChangeDetail { + + // state: + // "insecure" indicates that the data corresponding to + // the request was received over an insecure channel. + // + // "broken" indicates an unknown security state. This + // may mean that the request is being loaded as part + // of a page in which some content was received over + // an insecure channel. + // + // "secure" indicates that the data corresponding to the + // request was received over a secure channel. + DOMString state; + + // trackingState: + // "loaded_tracking_content": tracking content has been loaded. + // "blocked_tracking_content": tracking content has been blocked from loading. + DOMString trackingState; + + // mixedState: + // "blocked_mixed_active_content": Mixed active content has been blocked from loading. + // "loaded_mixed_active_content": Mixed active content has been loaded. + DOMString mixedState; + + boolean extendedValidation; + boolean trackingContent; + boolean mixedContent; +}; + dictionary BrowserElementIconChangeEventDetail { DOMString rel; DOMString href; diff --git a/components/script/script_thread.rs b/components/script/script_thread.rs index 4cae85da9ba..ef1a04e1682 100644 --- a/components/script/script_thread.rs +++ b/components/script/script_thread.rs @@ -1878,6 +1878,8 @@ impl ScriptThread { DOMString::new() }; + document.set_https_state(metadata.https_state); + match metadata.content_type { Some(ContentType(Mime(TopLevel::Text, SubLevel::Xml, _))) => { parse_xml(document.r(), diff --git a/components/script_traits/lib.rs b/components/script_traits/lib.rs index 83761f20090..1aede1f6a30 100644 --- a/components/script_traits/lib.rs +++ b/components/script_traits/lib.rs @@ -46,6 +46,7 @@ use msg::constellation_msg::{PipelineNamespaceId, SubpageId}; use msg::webdriver_msg::WebDriverScriptCommand; use net_traits::ResourceThread; use net_traits::image_cache_thread::ImageCacheThread; +use net_traits::response::HttpsState; use net_traits::storage_thread::StorageThread; use profile_traits::mem; use std::any::Any; @@ -423,7 +424,7 @@ pub enum MozBrowserEvent { /// Sent when window.open() is called within a browser `<iframe>`. OpenWindow, /// Sent when the SSL state changes within a browser `<iframe>`. - SecurityChange, + SecurityChange(HttpsState), /// Sent when alert(), confirm(), or prompt() is called within a browser `<iframe>`. ShowModalPrompt(String, String, String, String), // TODO(simartin): Handle unblock() /// Sent when the document.title changes within a browser `<iframe>`. @@ -447,7 +448,7 @@ impl MozBrowserEvent { MozBrowserEvent::LoadStart => "mozbrowserloadstart", MozBrowserEvent::LocationChange(_) => "mozbrowserlocationchange", MozBrowserEvent::OpenWindow => "mozbrowseropenwindow", - MozBrowserEvent::SecurityChange => "mozbrowsersecuritychange", + MozBrowserEvent::SecurityChange(_) => "mozbrowsersecuritychange", MozBrowserEvent::ShowModalPrompt(_, _, _, _) => "mozbrowsershowmodalprompt", MozBrowserEvent::TitleChange(_) => "mozbrowsertitlechange", MozBrowserEvent::UsernameAndPasswordRequired => "mozbrowserusernameandpasswordrequired", diff --git a/tests/wpt/mozilla/meta/MANIFEST.json b/tests/wpt/mozilla/meta/MANIFEST.json index 92a73d95a49..2c187e3358b 100644 --- a/tests/wpt/mozilla/meta/MANIFEST.json +++ b/tests/wpt/mozilla/meta/MANIFEST.json @@ -5916,6 +5916,12 @@ "url": "/_mozilla/mozilla/mozbrowser/mozbrowsericonchange_event.html" } ], + "mozilla/mozbrowser/mozbrowsersecuritychange_event.html": [ + { + "path": "mozilla/mozbrowser/mozbrowsersecuritychange_event.html", + "url": "/_mozilla/mozilla/mozbrowser/mozbrowsersecuritychange_event.html" + } + ], "mozilla/mozbrowser/mozbrowsershowmodalprompt_event.html": [ { "path": "mozilla/mozbrowser/mozbrowsershowmodalprompt_event.html", diff --git a/tests/wpt/mozilla/meta/mozilla/mozbrowser/mozbrowsersecuritychange_event.html.ini b/tests/wpt/mozilla/meta/mozilla/mozbrowser/mozbrowsersecuritychange_event.html.ini new file mode 100644 index 00000000000..509699c9ca4 --- /dev/null +++ b/tests/wpt/mozilla/meta/mozilla/mozbrowser/mozbrowsersecuritychange_event.html.ini @@ -0,0 +1,5 @@ +[mozbrowsersecuritychange_event.html] + type: testharness + [mozbrowsersecuritychange event is dispatched when content security state changes] + expected: FAIL + diff --git a/tests/wpt/mozilla/tests/mozilla/mozbrowser/mozbrowsersecuritychange_event.html b/tests/wpt/mozilla/tests/mozilla/mozbrowser/mozbrowsersecuritychange_event.html new file mode 100644 index 00000000000..8cf0cc402f8 --- /dev/null +++ b/tests/wpt/mozilla/tests/mozilla/mozbrowser/mozbrowsersecuritychange_event.html @@ -0,0 +1,46 @@ +<head> + <title>mozbrowsersecuritychange event is dispatched when content security state changes</title> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> +</head> +<body> + <script> + + async_test(function(t) { + + const HTTP_URL = "http://web-platform.test:8000"; + const HTTPS_URL = "https://web-platform.test:8443"; + + var urls = [ HTTP_URL, HTTPS_URL, HTTP_URL ]; + var url_index = 0; + + var expectedEvents = [ + "insecure", + "secure", + "insecure", + ]; + + var receivedEvents = []; + + var iframe = document.createElement("iframe"); + iframe.mozbrowser = "true"; + iframe.src = urls[url_index++]; + + iframe.addEventListener("mozbrowsersecuritychange", t.step_func(e => { + + receivedEvents.push(e.detail.state); + + if (receivedEvents.length == expectedEvents.length) { + assert_array_equals(receivedEvents, expectedEvents); + t.done(); + } else { + iframe.src = urls[url_index++]; + } + })); + + + document.body.appendChild(iframe); + }); + + </script> +</body> |