From 6fc2666d07f28cd845b5697853b9b0e61f8848c5 Mon Sep 17 00:00:00 2001
From: Daniel Silverstone <dsilvers@digital-scurf.org>
Date: Sun, 1 Dec 2019 15:49:08 +0000
Subject: Allow contents to indicate if they believe they may not be secure.

HTML contents reference many other objects.  The browser window
needs to know if any of them may not be secure, in which case it
needs to report that in its page state.  If other content types
might refer to sub-contents, they will need to define the callback
too.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
---
 content/content.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'content/content.h')

diff --git a/content/content.h b/content/content.h
index f3e578b6b..0dbd58d95 100644
--- a/content/content.h
+++ b/content/content.h
@@ -420,5 +420,17 @@ bool content_is_locked(struct hlcache_handle *h);
  */
 bool content_exec(struct hlcache_handle *h, const char *src, size_t srclen);
 
+/**
+ * Determine if the content referred to any insecure objects.
+ *
+ * Query the content to determine if any of its referred objects were loaded
+ * in a manner not considered secure.  For a content to be recursively
+ * secure it must only load over https and must not have certificate overrides
+ * in place.
+ *
+ * \param h The handle to the content
+ * \return Whether the content referred to any insecure objects
+ */
+bool content_saw_insecure_objects(struct hlcache_handle *h);
 
 #endif
-- 
cgit v1.2.3