Bug 329869 - Dynamically loaded scripts don't degrade security state, r=honzab,kaie

security/manager/boot/src/nsSecureBrowserUIImpl.cpp

@@ -1094,9 +1094,20 @@ nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
         prevContentSecurity->SetCountSubRequestsBrokenSecurity(saveSubBroken);
         prevContentSecurity->SetCountSubRequestsNoSecurity(saveSubNo);
       }
-  
+
+      PRBool retrieveAssociatedState = PR_FALSE;
+
       if (securityInfo &&
-          (aProgressStateFlags & nsIWebProgressListener::STATE_RESTORING) != 0)
+          (aProgressStateFlags & nsIWebProgressListener::STATE_RESTORING) != 0) {
+        retrieveAssociatedState = PR_TRUE;
+      } else {
+        nsCOMPtr<nsIWyciwygChannel> wyciwygRequest(do_QueryInterface(aRequest));
+        if (wyciwygRequest) {
+          retrieveAssociatedState = PR_TRUE;
+        }
+      }
+
+      if (retrieveAssociatedState)
       {
         // When restoring from bfcache, we will not get events for the 
         // page's sub elements, so let's load the state of sub elements

security/manager/ssl/tests/mochitest/mixedcontent/Makefile.in

@@ -66,6 +66,7 @@ _TEST_FILES = \
         moonsurface.jpg \
         redirecttoemptyimage.sjs \
         somestyle.css \
+        test_bug329869.html \
         test_bug383369.html \
         test_bug455367.html \
         test_bug472986.html \
@@ -97,7 +98,6 @@ _TEST_FILES = \
         unsecurePictureDup.html \
         $(NULL)
 
-#        test_bug329869.html \  leaks, bug 452401
 #        test_dynUnsecureRedirect.html \ intermitently fails, quit often, bug 487402
 #        test_unsecureIframeMetaRedirect.html \ also intermittently fails, less often, bug 487632
 

security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js

@@ -1,3 +1,3 @@
 document.write("This is insecure XSS script " + document.cookie);
-todoSecurityState("broken", "security broken after document write from unsecure script");
+isSecurityState("broken", "security broken after document write from unsecure script");
 finish();