Emit block insecure content events

required by brave/browser-laptop#3443 auditors: @bridiver
brave · Sep 16, 2016 · 328b1d6 · 328b1d6
1 parent 28f10a0
commit 328b1d6
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 1 deletion.
diff --git a/atom/renderer/content_settings_client.cc b/atom/renderer/content_settings_client.cc
@@ -373,6 +373,8 @@ bool ContentSettingsClient::allowDisplayingInsecureContent(
 
   if (allow)
     DidDisplayInsecureContent(GURL(resource_url));
+  else
+    DidBlockDisplayInsecureContent(GURL(resource_url));
   return allow;
 }
 
@@ -394,6 +396,8 @@ bool ContentSettingsClient::allowRunningInsecureContent(
 
   if (allow)
     DidRunInsecureContent(GURL(resource_url));
+  else
+    DidBlockRunInsecureContent(GURL(resource_url));
   return allow;
 }
 
@@ -415,6 +419,23 @@ void ContentSettingsClient::DidRunInsecureContent(GURL resouce_url) {
         base::UTF8ToUTF16("did-run-insecure-content"), args));
 }
 
+void ContentSettingsClient::DidBlockDisplayInsecureContent(GURL resource_url) {
+  base::ListValue args;
+  args.AppendString(resource_url.spec());
+
+  auto rv = render_frame()->GetRenderView();
+  rv->Send(new AtomViewHostMsg_Message(rv->GetRoutingID(),
+      base::UTF8ToUTF16("did-block-display-insecure-content"), args));
+}
+
+void ContentSettingsClient::DidBlockRunInsecureContent(GURL resouce_url) {
+  base::ListValue args;
+    args.AppendString(resouce_url.spec());
+
+    auto rv = render_frame()->GetRenderView();
+    rv->Send(new AtomViewHostMsg_Message(rv->GetRoutingID(),
+        base::UTF8ToUTF16("did-block-run-insecure-content"), args));
+}
 
 void ContentSettingsClient::ClearBlockedContentSettings() {
   cached_storage_permissions_.clear();

diff --git a/atom/renderer/content_settings_client.h b/atom/renderer/content_settings_client.h
@@ -81,6 +81,8 @@ class ContentSettingsClient
  private:
   void DidDisplayInsecureContent(GURL resource_url);
   void DidRunInsecureContent(GURL resouce_url);
+  void DidBlockDisplayInsecureContent(GURL resource_url);
+  void DidBlockRunInsecureContent(GURL resouce_url);
 
   // RenderFrameObserver implementation.
   void DidCommitProvisionalLoad(bool is_new_navigation,

diff --git a/lib/browser/guest-view-manager.js b/lib/browser/guest-view-manager.js
@@ -55,7 +55,11 @@ let supportedWebViewEvents = [
   'show-autofill-settings',
   'update-autofill-popup-data-list-values',
   'hide-autofill-popup',
-  'show-autofill-popup'
+  'show-autofill-popup',
+  'did-display-insecure-content',
+  'did-run-insecure-content',
+  'did-block-display-insecure-content',
+  'did-block-run-insecure-content'
 ]
 
 let nextInstanceId = 0

diff --git a/lib/renderer/web-view/guest-view-internal.js b/lib/renderer/web-view/guest-view-internal.js
@@ -50,6 +50,8 @@ var WEB_VIEW_EVENTS = {
   'content-blocked': ['details'],
   'did-display-insecure-content': ['details'],
   'did-run-insecure-content': ['details'],
+  'did-block-display-insecure-content': ['details'],
+  'did-block-run-insecure-content': ['details'],
   'show-autofill-settings': [],
   'update-autofill-popup-data-list-values': ['values', 'labels'],
   'hide-autofill-popup': [],