summaryrefslogtreecommitdiff
path: root/content/handlers/html/html_script.c
diff options
context:
space:
mode:
authorDaniel Silverstone <dsilvers@digital-scurf.org>2019-12-01 15:49:08 +0000
committerDaniel Silverstone <dsilvers@digital-scurf.org>2019-12-01 15:49:08 +0000
commit6fc2666d07f28cd845b5697853b9b0e61f8848c5 (patch)
tree441933bf0787bba0143c702dd25baf78a14925f7 /content/handlers/html/html_script.c
parent9741df214d7b291c8de40e9b21d4411e523d0bb3 (diff)
downloadnetsurf-6fc2666d07f28cd845b5697853b9b0e61f8848c5.tar.gz
netsurf-6fc2666d07f28cd845b5697853b9b0e61f8848c5.tar.bz2
Allow contents to indicate if they believe they may not be secure.
HTML contents reference many other objects. The browser window needs to know if any of them may not be secure, in which case it needs to report that in its page state. If other content types might refer to sub-contents, they will need to define the callback too. Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Diffstat (limited to 'content/handlers/html/html_script.c')
-rw-r--r--content/handlers/html/html_script.c25
1 files changed, 25 insertions, 0 deletions
diff --git a/content/handlers/html/html_script.c b/content/handlers/html/html_script.c
index f7131e2a2..f4754fe8a 100644
--- a/content/handlers/html/html_script.c
+++ b/content/handlers/html/html_script.c
@@ -590,6 +590,31 @@ html_process_script(void *ctx, dom_node *node)
}
/* exported internal interface documented in html/html_internal.h */
+bool html_saw_insecure_scripts(html_content *htmlc)
+{
+ struct html_script *s;
+ unsigned int i;
+
+ for (i = 0, s = htmlc->scripts; i != htmlc->scripts_count; i++, s++) {
+ if (s->type == HTML_SCRIPT_INLINE) {
+ /* Inline scripts are no less secure than their
+ * containing HTML content
+ */
+ continue;
+ }
+ if (s->data.handle == NULL) {
+ /* We've not begun loading this? */
+ continue;
+ }
+ if (content_saw_insecure_objects(s->data.handle)) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+/* exported internal interface documented in html/html_internal.h */
nserror html_script_free(html_content *html)
{
unsigned int i;