63145 2011-06-22 09:08:25 -0700 filesystem URLs shouldn't trigger mixed content warnings 2020-11-16 06:15:29 -0800 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) Unspecified Unspecified NEW P2 Normal --- 140625 1 webkit.review.bot webkit-unassigned abarth adamk bugmail ericu fred.wang oldest_to_newest 425279 0 webkit.review.bot 2011-06-22 09:08:25 -0700 filesystem URLs shouldn't trigger mixed content warnings Requested by abarth on #webkit. 425321 1 98192 abarth 2011-06-22 10:03:14 -0700 Created attachment 98192 Needs tests 425925 2 98307 abarth 2011-06-22 20:21:18 -0700 Created attachment 98307 Another approach (still no tests) 425929 3 abarth 2011-06-22 20:23:19 -0700 I think the second approach is better, but other folks might have opinions. 426314 4 adamk 2011-06-23 11:13:13 -0700 Agreed, the second seems more elegant (and those asserts should already be covered by layout tests as well; I'm pretty sure there's one for filesystem: anyway). 426317 5 abarth 2011-06-23 11:22:46 -0700 (In reply to comment #4) > Agreed, the second seems more elegant (and those asserts should already be covered by layout tests as well; I'm pretty sure there's one for filesystem: anyway). Ok. I'll write a test and complete the patch. I'm going to leave the ASSERTs there because they explain why it's safe to have those entries in that list. 483605 6 abarth 2011-10-13 16:13:29 -0700 I'm not actively working on this bug. We had a larger discussion about how to treat these URLs globally in Chrome, which might inform what we do here. 1707790 7 fred.wang 2020-11-16 06:15:29 -0800 These are the relevant links in the current spec: https://w3c.github.io/webappsec-mixed-content/#mixed-content https://w3c.github.io/webappsec-mixed-content/#a-priori-authenticated-url https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url > "Return the result of executing § 3.2 Is origin potentially trustworthy? on url’s origin." > Note: The origin of blob: and filesystem: URLs is the origin of the context in which they were created. Therefore, blobs created in a trustworthy origin will themselves be potentially trustworthy. 98192 2011-06-22 10:03:14 -0700 2011-06-22 20:21:14 -0700 Needs tests bug-63145-20110622100313.patch text/plain 3608 abarth SW5kZXg6IFNvdXJjZS9XZWJDb3JlL2xvYWRlci9GcmFtZUxvYWRlci5jcHAKPT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQot LS0gU291cmNlL1dlYkNvcmUvbG9hZGVyL0ZyYW1lTG9hZGVyLmNwcAkocmV2aXNpb24gODk0MzYp CisrKyBTb3VyY2UvV2ViQ29yZS9sb2FkZXIvRnJhbWVMb2FkZXIuY3BwCSh3b3JraW5nIGNvcHkp CkBAIC04ODQsNyArODg0LDcgQEAgYm9vbCBGcmFtZUxvYWRlcjo6aXNNaXhlZENvbnRlbnQoU2Vj dXJpdAogICAgIGlmIChjb250ZXh0LT5wcm90b2NvbCgpICE9ICJodHRwcyIpCiAgICAgICAgIHJl dHVybiBmYWxzZTsgIC8vIFdlIG9ubHkgY2FyZSBhYm91dCBIVFRQUyBzZWN1cml0eSBvcmlnaW5z LgogCi0gICAgaWYgKCF1cmwuaXNWYWxpZCgpIHx8IFNjaGVtZVJlZ2lzdHJ5OjpzaG91bGRUcmVh dFVSTFNjaGVtZUFzU2VjdXJlKHVybC5wcm90b2NvbCgpKSkKKyAgICBpZiAoIXVybC5pc1ZhbGlk KCkgfHwgU2NoZW1lUmVnaXN0cnk6OnNob3VsZFRyZWF0VVJMU2NoZW1lQXNTZWN1cmUoU2VjdXJp dHlPcmlnaW46OmVmZmVjdGl2ZVVSTCh1cmwpLnByb3RvY29sKCkpKQogICAgICAgICByZXR1cm4g ZmFsc2U7ICAvLyBMb2FkaW5nIHRoZXNlIHByb3RvY29scyBpcyBzZWN1cmUuCiAKICAgICByZXR1 cm4gdHJ1ZTsKSW5kZXg6IFNvdXJjZS9XZWJDb3JlL3BhZ2UvU2VjdXJpdHlPcmlnaW4uY3BwCj09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL3BhZ2UvU2VjdXJpdHlPcmlnaW4uY3BwCShyZXZp c2lvbiA4OTQzNikKKysrIFNvdXJjZS9XZWJDb3JlL3BhZ2UvU2VjdXJpdHlPcmlnaW4uY3BwCSh3 b3JraW5nIGNvcHkpCkBAIC02NCw2ICs2NCwyOSBAQCBzdGF0aWMgYm9vbCBzY2hlbWVSZXF1aXJl c0F1dGhvcml0eShjb25zCiAgICAgcmV0dXJuIHNjaGVtZXMuY29udGFpbnMoc2NoZW1lKTsKIH0K IAorI2lmIEVOQUJMRShCTE9CKSB8fCBFTkFCTEUoRklMRV9TWVNURU0pCitzdGF0aWMgYm9vbCBp c0Jsb2JPckZpbGVzeXN0ZW0oY29uc3QgU3RyaW5nJiBwcm90b2NvbCkKK3sKKyNpZiBFTkFCTEUo QkxPQikKKyAgICBpZiAoZXF1YWxJZ25vcmluZ0Nhc2UocHJvdG9jb2wsIEJsb2JVUkw6OmJsb2JQ cm90b2NvbCgpKSkKKyAgICAgICAgcmV0dXJuIHRydWU7CisjZW5kaWYKKyNpZiBFTkFCTEUoRklM RV9TWVNURU0pCisgICAgaWYgKGVxdWFsSWdub3JpbmdDYXNlKHByb3RvY29sLCAiZmlsZXN5c3Rl bSIpKQorICAgICAgICByZXR1cm4gdHJ1ZTsKKyNlbmRpZgorICAgIHJldHVybiBmYWxzZTsKK30K KyNlbmRpZgorCitLVVJMIFNlY3VyaXR5T3JpZ2luOjplZmZlY3RpdmVVUkwoY29uc3QgS1VSTCYg dXJsKQoreworI2lmIEVOQUJMRShCTE9CKSB8fCBFTkFCTEUoRklMRV9TWVNURU0pCisgICAgaWYg KGlzQmxvYk9yRmlsZXN5c3RlbSh1cmwucHJvdG9jb2woKSkpCisgICAgICAgIHJldHVybiBLVVJM KFBhcnNlZFVSTFN0cmluZywgdXJsLnBhdGgoKSk7CisjZW5kaWYKKyAgICByZXR1cm4gdXJsOwor fQogCiBTZWN1cml0eU9yaWdpbjo6U2VjdXJpdHlPcmlnaW4oY29uc3QgS1VSTCYgdXJsLCBTYW5k Ym94RmxhZ3Mgc2FuZGJveEZsYWdzKQogICAgIDogbV9zYW5kYm94RmxhZ3Moc2FuZGJveEZsYWdz KQpAQCAtODAsMTcgKzEwMyw5IEBAIFNlY3VyaXR5T3JpZ2luOjpTZWN1cml0eU9yaWdpbihjb25z dCBLVVIKICAgICAgICAgbV9wcm90b2NvbCA9ICIiOwogCiAjaWYgRU5BQkxFKEJMT0IpIHx8IEVO QUJMRShGSUxFX1NZU1RFTSkKLSAgICBib29sIGlzQmxvYk9yRmlsZVN5c3RlbVByb3RvY29sID0g ZmFsc2U7Ci0jaWYgRU5BQkxFKEJMT0IpCi0gICAgaWYgKG1fcHJvdG9jb2wgPT0gQmxvYlVSTDo6 YmxvYlByb3RvY29sKCkpCi0gICAgICAgIGlzQmxvYk9yRmlsZVN5c3RlbVByb3RvY29sID0gdHJ1 ZTsKLSNlbmRpZgotI2lmIEVOQUJMRShGSUxFX1NZU1RFTSkKLSAgICBpZiAobV9wcm90b2NvbCA9 PSAiZmlsZXN5c3RlbSIpCi0gICAgICAgIGlzQmxvYk9yRmlsZVN5c3RlbVByb3RvY29sID0gdHJ1 ZTsKLSNlbmRpZgotICAgIGlmIChpc0Jsb2JPckZpbGVTeXN0ZW1Qcm90b2NvbCkgewotICAgICAg ICBLVVJMIG9yaWdpblVSTChQYXJzZWRVUkxTdHJpbmcsIHVybC5wYXRoKCkpOworICAgIGJvb2wg aXNCbG9iT3JGaWxlU3lzdGVtID0gaXNCbG9iT3JGaWxlc3lzdGVtKG1fcHJvdG9jb2wpOworICAg IGlmIChpc0Jsb2JPckZpbGVTeXN0ZW0pIHsKKyAgICAgICAgS1VSTCBvcmlnaW5VUkwgPSBlZmZl Y3RpdmVVUkwodXJsKTsKICAgICAgICAgaWYgKG9yaWdpblVSTC5pc1ZhbGlkKCkpIHsKICAgICAg ICAgICAgIG1fcHJvdG9jb2wgPSBvcmlnaW5VUkwucHJvdG9jb2woKS5sb3dlcigpOwogICAgICAg ICAgICAgbV9ob3N0ID0gb3JpZ2luVVJMLmhvc3QoKS5sb3dlcigpOwpAQCAtMTE1LDcgKzEzMCw3 IEBAIFNlY3VyaXR5T3JpZ2luOjpTZWN1cml0eU9yaWdpbihjb25zdCBLVVIKICAgICAgICAgLy8g RGlyZWN0b3JpZXMgc2hvdWxkIG5ldmVyIGJlIHJlYWRhYmxlLgogICAgICAgICAvLyBOb3RlIHRo YXQgd2UgZG8gbm90IGRvIHRoaXMgY2hlY2sgZm9yIGJsb2Igb3IgZmlsZXN5c3RlbSB1cmwgYmVj YXVzZSBpdHMgb3JpZ2luIGlzIGZpbGU6Ly8vIHdoZW4gaXQgaXMgY3JlYXRlZCBmcm9tIGxvY2Fs IGZpbGUgdXJscy4KICNpZiBFTkFCTEUoQkxPQikgfHwgRU5BQkxFKEZJTEVfU1lTVEVNKQotICAg ICAgICBib29sIGRvRGlyZWN0b3J5Q2hlY2sgPSAhaXNCbG9iT3JGaWxlU3lzdGVtUHJvdG9jb2w7 CisgICAgICAgIGJvb2wgZG9EaXJlY3RvcnlDaGVjayA9ICFpc0Jsb2JPckZpbGVTeXN0ZW07CiAj ZWxzZQogICAgICAgICBib29sIGRvRGlyZWN0b3J5Q2hlY2sgPSB0cnVlOwogI2VuZGlmCkluZGV4 OiBTb3VyY2UvV2ViQ29yZS9wYWdlL1NlY3VyaXR5T3JpZ2luLmgKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL1dlYkNvcmUvcGFnZS9TZWN1cml0eU9yaWdpbi5oCShyZXZpc2lvbiA4OTQzNikKKysrIFNv dXJjZS9XZWJDb3JlL3BhZ2UvU2VjdXJpdHlPcmlnaW4uaAkod29ya2luZyBjb3B5KQpAQCAtMTkz LDYgKzE5Myw4IEBAIHB1YmxpYzoKICAgICBzdGF0aWMgdm9pZCByZW1vdmVPcmlnaW5BY2Nlc3NX aGl0ZWxpc3RFbnRyeShjb25zdCBTZWN1cml0eU9yaWdpbiYgc291cmNlT3JpZ2luLCBjb25zdCBT dHJpbmcmIGRlc3RpbmF0aW9uUHJvdG9jb2wsIGNvbnN0IFN0cmluZyYgZGVzdGluYXRpb25Eb21h aW4sIGJvb2wgYWxsb3dEZXN0aW5hdGlvblN1YmRvbWFpbnMpOwogICAgIHN0YXRpYyB2b2lkIHJl c2V0T3JpZ2luQWNjZXNzV2hpdGVsaXN0cygpOwogCisgICAgc3RhdGljIEtVUkwgZWZmZWN0aXZl VVJMKGNvbnN0IEtVUkwmKTsKKwogcHJpdmF0ZToKICAgICBTZWN1cml0eU9yaWdpbihjb25zdCBL VVJMJiwgU2FuZGJveEZsYWdzKTsKICAgICBleHBsaWNpdCBTZWN1cml0eU9yaWdpbihjb25zdCBT ZWN1cml0eU9yaWdpbiopOwo= 98307 2011-06-22 20:21:18 -0700 2011-06-22 20:21:18 -0700 Another approach (still no tests) bug-63145-20110622202117.patch text/plain 728 abarth SW5kZXg6IFNvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL1NjaGVtZVJlZ2lzdHJ5LmNwcAo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9TY2hlbWVSZWdpc3RyeS5jcHAJKHJldmlz aW9uIDg5NTIxKQorKysgU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vU2NoZW1lUmVnaXN0cnkuY3Bw CSh3b3JraW5nIGNvcHkpCkBAIC01OSw2ICs1OSwxNCBAQCBzdGF0aWMgVVJMU2NoZW1lc01hcCYg c2VjdXJlU2NoZW1lcygpCiAgICAgICAgIHNlY3VyZVNjaGVtZXMuYWRkKCJodHRwcyIpOwogICAg ICAgICBzZWN1cmVTY2hlbWVzLmFkZCgiYWJvdXQiKTsKICAgICAgICAgc2VjdXJlU2NoZW1lcy5h ZGQoImRhdGEiKTsKKyNpZiBFTkFCTEUoQkxPQikKKyAgICAgICAgc2VjdXJlU2NoZW1lcy5hZGQo ImJsb2IiKTsKKyAgICAgICAgQVNTRVJUKFNjaGVtZVJlZ2lzdHJ5OjpjYW5EaXNwbGF5T25seUlm Q2FuUmVxdWVzdCgiYmxvYiIpKTsKKyNlbmRpZgorI2lmIEVOQUJMRShGSUxFX1NZU1RFTSkKKyAg ICAgICAgc2VjdXJlU2NoZW1lcy5hZGQoImZpbGVzeXN0ZW0iKTsKKyAgICAgICAgQVNTRVJUKFNj aGVtZVJlZ2lzdHJ5OjpjYW5EaXNwbGF5T25seUlmQ2FuUmVxdWVzdCgiZmlsZXN5c3RlbSIpKTsK KyNlbmRpZgogICAgIH0KIAogICAgIHJldHVybiBzZWN1cmVTY2hlbWVzOwo=