diff options
Diffstat (limited to 'content/handlers/html')
-rw-r--r-- | content/handlers/html/html.c | 29 | ||||
-rw-r--r-- | content/handlers/html/html_css.c | 17 | ||||
-rw-r--r-- | content/handlers/html/html_internal.h | 8 | ||||
-rw-r--r-- | content/handlers/html/html_script.c | 25 |
4 files changed, 79 insertions, 0 deletions
diff --git a/content/handlers/html/html.c b/content/handlers/html/html.c index 25633a875..c49697b50 100644 --- a/content/handlers/html/html.c +++ b/content/handlers/html/html.c @@ -2667,6 +2667,34 @@ out_no_string: return result; } +/* See \ref content_saw_insecure_objects */ +static bool +html_saw_insecure_objects(struct content *c) +{ + html_content *htmlc = (html_content *)c; + struct content_html_object *obj = htmlc->object_list; + + /* Check through the object list */ + while (obj != NULL) { + if (obj->content != NULL) { + if (content_saw_insecure_objects(obj->content)) + return true; + } + } + + /* Now check the script list */ + if (html_saw_insecure_scripts(htmlc)) { + return true; + } + + /* Now check stylesheets */ + if (html_saw_insecure_stylesheets(htmlc)) { + return true; + } + + return false; +} + /** * Compute the type of a content * @@ -2710,6 +2738,7 @@ static const content_handler html_content_handler = { .get_encoding = html_encoding, .type = html_content_type, .exec = html_exec, + .saw_insecure_objects = html_saw_insecure_objects, .no_share = true, }; diff --git a/content/handlers/html/html_css.c b/content/handlers/html/html_css.c index 5550573ba..5d9987d5a 100644 --- a/content/handlers/html/html_css.c +++ b/content/handlers/html/html_css.c @@ -487,6 +487,23 @@ struct html_stylesheet *html_get_stylesheets(hlcache_handle *h, unsigned int *n) return c->stylesheets; } +/* exported interface documented in html/html_internal.h */ +bool html_saw_insecure_stylesheets(html_content *html) +{ + struct html_stylesheet *s; + unsigned int i; + + for (i = 0, s = html->stylesheets; i < html->stylesheet_count; + i++, s++) { + if (s->sheet != NULL) { + if (content_saw_insecure_objects(s->sheet)) { + return true; + } + } + } + + return false; +} /* exported interface documented in html/html_internal.h */ nserror html_css_free_stylesheets(html_content *html) diff --git a/content/handlers/html/html_internal.h b/content/handlers/html/html_internal.h index 388c1558d..11891e681 100644 --- a/content/handlers/html/html_internal.h +++ b/content/handlers/html/html_internal.h @@ -328,6 +328,11 @@ nserror html_script_free(html_content *htmlc); */ nserror html_script_invalidate_ctx(html_content *htmlc); +/** + * Check if any of the scripts loaded were insecure + */ +bool html_saw_insecure_scripts(html_content *htmlc); + /* in html/html_forms.c */ struct form *html_forms_get_forms(const char *docenc, dom_html_document *doc); struct form_control *html_forms_get_control_for_node(struct form *forms, @@ -347,6 +352,9 @@ nserror html_css_new_stylesheets(html_content *c); nserror html_css_quirks_stylesheets(html_content *c); nserror html_css_free_stylesheets(html_content *html); +/** Return if any of the stylesheets were loaded insecurely */ +bool html_saw_insecure_stylesheets(html_content *html); + bool html_css_process_link(html_content *htmlc, dom_node *node); bool html_css_process_style(html_content *htmlc, dom_node *node); bool html_css_update_style(html_content *c, dom_node *style); diff --git a/content/handlers/html/html_script.c b/content/handlers/html/html_script.c index f7131e2a2..f4754fe8a 100644 --- a/content/handlers/html/html_script.c +++ b/content/handlers/html/html_script.c @@ -590,6 +590,31 @@ html_process_script(void *ctx, dom_node *node) } /* exported internal interface documented in html/html_internal.h */ +bool html_saw_insecure_scripts(html_content *htmlc) +{ + struct html_script *s; + unsigned int i; + + for (i = 0, s = htmlc->scripts; i != htmlc->scripts_count; i++, s++) { + if (s->type == HTML_SCRIPT_INLINE) { + /* Inline scripts are no less secure than their + * containing HTML content + */ + continue; + } + if (s->data.handle == NULL) { + /* We've not begun loading this? */ + continue; + } + if (content_saw_insecure_objects(s->data.handle)) { + return true; + } + } + + return false; +} + +/* exported internal interface documented in html/html_internal.h */ nserror html_script_free(html_content *html) { unsigned int i; |