From 6fc2666d07f28cd845b5697853b9b0e61f8848c5 Mon Sep 17 00:00:00 2001
From: Daniel Silverstone <dsilvers@digital-scurf.org>
Date: Sun, 1 Dec 2019 15:49:08 +0000
Subject: Allow contents to indicate if they believe they may not be secure.

HTML contents reference many other objects.  The browser window
needs to know if any of them may not be secure, in which case it
needs to report that in its page state.  If other content types
might refer to sub-contents, they will need to define the callback
too.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
---
 desktop/browser_window.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'desktop/browser_window.c')

diff --git a/desktop/browser_window.c b/desktop/browser_window.c
index a9c277846..7227023af 100644
--- a/desktop/browser_window.c
+++ b/desktop/browser_window.c
@@ -4649,7 +4649,8 @@ browser_window_page_info_state browser_window_get_page_info_state(
 	assert(bw != NULL);
 
 	/* Do we have any parameters?  If not -- UNKNOWN */
-	if (bw->current_parameters.url == NULL) {
+	if (bw->current_parameters.url == NULL ||
+	    bw->current_content == NULL) {
 		return PAGE_STATE_UNKNOWN;
 	}
 
@@ -4688,8 +4689,10 @@ browser_window_page_info_state browser_window_get_page_info_state(
 		return PAGE_STATE_SECURE_OVERRIDE;
 	}
 
-	/** \todo Determine if sub-elements of this fetch were insecure */
-	/* If so, return PAGE_STATE_SECURE_ISSUES */
+	/* If we've seen insecure content internally then we need to say so */
+	if (content_saw_insecure_objects(bw->current_content)) {
+		return PAGE_STATE_SECURE_ISSUES;
+	}
 
 	/* All is well, return secure state */
 	return PAGE_STATE_SECURE;
-- 
cgit v1.2.3