diff options
| author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2019-12-01 15:49:08 +0000 |
|---|---|---|
| committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2019-12-01 15:49:08 +0000 |
| commit | 6fc2666d07f28cd845b5697853b9b0e61f8848c5 (patch) | |
| tree | 441933bf0787bba0143c702dd25baf78a14925f7 /content/handlers | |
| parent | 9741df214d7b291c8de40e9b21d4411e523d0bb3 (diff) | |
| download | netsurf-6fc2666d07f28cd845b5697853b9b0e61f8848c5.tar.gz netsurf-6fc2666d07f28cd845b5697853b9b0e61f8848c5.tar.bz2 | |
Allow contents to indicate if they believe they may not be secure.
HTML contents reference many other objects. The browser window
needs to know if any of them may not be secure, in which case it
needs to report that in its page state. If other content types
might refer to sub-contents, they will need to define the callback
too.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Diffstat (limited to 'content/handlers')
| -rw-r--r-- | content/handlers/html/html.c | 29 | ||||
| -rw-r--r-- | content/handlers/html/html_css.c | 17 | ||||
| -rw-r--r-- | content/handlers/html/html_internal.h | 8 | ||||
| -rw-r--r-- | content/handlers/html/html_script.c | 25 |
4 files changed, 79 insertions, 0 deletions
diff --git a/content/handlers/html/html.c b/content/handlers/html/html.c index 25633a875..c49697b50 100644 --- a/content/handlers/html/html.c +++ b/content/handlers/html/html.c @@ -2667,6 +2667,34 @@ out_no_string: return result; } +/* See \ref content_saw_insecure_objects */ +static bool +html_saw_insecure_objects(struct content *c) +{ + html_content *htmlc = (html_content *)c; + struct content_html_object *obj = htmlc->object_list; + + /* Check through the object list */ + while (obj != NULL) { + if (obj->content != NULL) { + if (content_saw_insecure_objects(obj->content)) + return true; + } + } + + /* Now check the script list */ + if (html_saw_insecure_scripts(htmlc)) { + return true; + } + + /* Now check stylesheets */ + if (html_saw_insecure_stylesheets(htmlc)) { + return true; + } + + return false; +} + /** * Compute the type of a content * @@ -2710,6 +2738,7 @@ static const content_handler html_content_handler = { .get_encoding = html_encoding, .type = html_content_type, .exec = html_exec, + .saw_insecure_objects = html_saw_insecure_objects, .no_share = true, }; diff --git a/content/handlers/html/html_css.c b/content/handlers/html/html_css.c index 5550573ba..5d9987d5a 100644 --- a/content/handlers/html/html_css.c +++ b/content/handlers/html/html_css.c @@ -487,6 +487,23 @@ struct html_stylesheet *html_get_stylesheets(hlcache_handle *h, unsigned int *n) return c->stylesheets; } +/* exported interface documented in html/html_internal.h */ +bool html_saw_insecure_stylesheets(html_content *html) +{ + struct html_stylesheet *s; + unsigned int i; + + for (i = 0, s = html->stylesheets; i < html->stylesheet_count; + i++, s++) { + if (s->sheet != NULL) { + if (content_saw_insecure_objects(s->sheet)) { + return true; + } + } + } + + return false; +} /* exported interface documented in html/html_internal.h */ nserror html_css_free_stylesheets(html_content *html) diff --git a/content/handlers/html/html_internal.h b/content/handlers/html/html_internal.h index 388c1558d..11891e681 100644 --- a/content/handlers/html/html_internal.h +++ b/content/handlers/html/html_internal.h @@ -328,6 +328,11 @@ nserror html_script_free(html_content *htmlc); */ nserror html_script_invalidate_ctx(html_content *htmlc); +/** + * Check if any of the scripts loaded were insecure + */ +bool html_saw_insecure_scripts(html_content *htmlc); + /* in html/html_forms.c */ struct form *html_forms_get_forms(const char *docenc, dom_html_document *doc); struct form_control *html_forms_get_control_for_node(struct form *forms, @@ -347,6 +352,9 @@ nserror html_css_new_stylesheets(html_content *c); nserror html_css_quirks_stylesheets(html_content *c); nserror html_css_free_stylesheets(html_content *html); +/** Return if any of the stylesheets were loaded insecurely */ +bool html_saw_insecure_stylesheets(html_content *html); + bool html_css_process_link(html_content *htmlc, dom_node *node); bool html_css_process_style(html_content *htmlc, dom_node *node); bool html_css_update_style(html_content *c, dom_node *style); diff --git a/content/handlers/html/html_script.c b/content/handlers/html/html_script.c index f7131e2a2..f4754fe8a 100644 --- a/content/handlers/html/html_script.c +++ b/content/handlers/html/html_script.c @@ -590,6 +590,31 @@ html_process_script(void *ctx, dom_node *node) } /* exported internal interface documented in html/html_internal.h */ +bool html_saw_insecure_scripts(html_content *htmlc) +{ + struct html_script *s; + unsigned int i; + + for (i = 0, s = htmlc->scripts; i != htmlc->scripts_count; i++, s++) { + if (s->type == HTML_SCRIPT_INLINE) { + /* Inline scripts are no less secure than their + * containing HTML content + */ + continue; + } + if (s->data.handle == NULL) { + /* We've not begun loading this? */ + continue; + } + if (content_saw_insecure_objects(s->data.handle)) { + return true; + } + } + + return false; +} + +/* exported internal interface documented in html/html_internal.h */ nserror html_script_free(html_content *html) { unsigned int i; |