Re-block running insecure content

app/extensions/brave/locales/en-US/app.properties

@@ -190,6 +190,9 @@ phone=Phone
 email=Email
 editAddress=Edit Address
 editCreditCard=Edit Credit Card
-denyRunInsecureContent=Stay Secure
+dismissAllowRunInsecureContent=Stay Secure
 allowRunInsecureContent=Load Unsafe Scripts
+dismissDenyRunInsecureContent=Stay Insecure
+denyRunInsecureContent=Stop Loading Unsafe Scripts
 runInsecureContentWarning=This page is trying to load scripts from insecure sources. If you allow this content to run it will not be encrypted and it may transmit unencrypted data to other sites.
+denyRunInsecureContentWarning=This page is currently loading scripts from insecure sources.

docs/appActions.md

@@ -240,7 +240,7 @@ Change a hostPattern's config
 
 
 
-### removeSiteSetting(hostPattern, key) 
+### removeSiteSetting(hostPattern, key, temp) 
 
 Removes a site setting
 
@@ -250,6 +250,9 @@ Removes a site setting
 
 **key**: `string`, The config key to update
 
+**temp**: `boolean`, Whether to change temporary or persistent
+  settings. defaults to false (persistent).
+
 
 
 ### updateLedgerInfo(ledgerInfo) 

docs/state.md

@@ -52,7 +52,8 @@ AppStore
       httpsEverywhere: boolean,
       fingerprintingProtection: boolean,
       flash: (number|boolean), // approval expiration time if allowed, false if never allow
-      ledgerPayments: boolean // False if site should not be paid by the ledger. Defaults to true.
+      ledgerPayments: boolean, // False if site should not be paid by the ledger. Defaults to true.
+      runInsecureContent: boolean // Allow active mixed content
     }
   },
   temporarySiteSettings: {

js/actions/appActions.js

@@ -283,12 +283,15 @@ const appActions = {
    * Removes a site setting
    * @param {string} hostPattern - The host pattern to update the config for
    * @param {string} key - The config key to update
+   * @param {boolean} temp - Whether to change temporary or persistent
+   *   settings. defaults to false (persistent).
    */
-  removeSiteSetting: function (hostPattern, key) {
+  removeSiteSetting: function (hostPattern, key, temp) {
     AppDispatcher.dispatch({
       actionType: AppConstants.APP_REMOVE_SITE_SETTING,
       hostPattern,
-      key
+      key,
+      temporary: temp || false
     })
   },
 

js/components/frame.js

@@ -887,6 +887,9 @@ class Frame extends ImmutableComponent {
     })
     this.webview.addEventListener('did-finish-load', () => {
       loadEnd(true)
+      if (this.runInsecureContent()) {
+        appActions.removeSiteSetting(this.origin, 'runInsecureContent', this.props.isPrivate)
+      }
     })
     this.webview.addEventListener('did-navigate-in-page', (e) => {
       windowActions.setNavigated(e.url, this.props.frameKey, true)

js/components/siteInfo.js

@@ -16,18 +16,29 @@ class SiteInfo extends ImmutableComponent {
   constructor () {
     super()
     this.onAllowRunInsecureContent = this.onAllowRunInsecureContent.bind(this)
+    this.onDenyRunInsecureContent = this.onDenyRunInsecureContent.bind(this)
   }
   onAllowRunInsecureContent () {
-    appActions.changeSiteSetting(siteUtil.getOrigin(this.isBlockedRunInsecureContent), 'runInsecureContent', true)
+    appActions.changeSiteSetting(siteUtil.getOrigin(this.isBlockedRunInsecureContent),
+      'runInsecureContent', true, this.isPrivate)
     ipc.emit(messages.SHORTCUT_ACTIVE_FRAME_LOAD_URL, {}, this.isBlockedRunInsecureContent)
     this.props.onHide()
   }
+  onDenyRunInsecureContent () {
+    appActions.removeSiteSetting(siteUtil.getOrigin(this.location),
+      'runInsecureContent', this.isPrivate)
+    ipc.emit(messages.SHORTCUT_ACTIVE_FRAME_LOAD_URL, {}, this.location)
+    this.props.onHide()
+  }
   get isExtendedValidation () {
     return this.props.frameProps.getIn(['security', 'isExtendedValidation'])
   }
   get isSecure () {
     return this.props.frameProps.getIn(['security', 'isSecure'])
   }
+  get isPrivate () {
+    return this.props.frameProps.getIn(['isPrivate'])
+  }
   get runInsecureContent () {
     return this.props.frameProps.getIn(['security', 'runInsecureContent'])
   }
@@ -37,6 +48,9 @@ class SiteInfo extends ImmutableComponent {
   get partitionNumber () {
     return this.props.frameProps.getIn(['partitionNumber'])
   }
+  get location () {
+    return this.props.frameProps.getIn(['location'])
+  }
   render () {
     let secureIcon
     if (this.isSecure && !this.runInsecureContent) {
@@ -63,19 +77,34 @@ class SiteInfo extends ImmutableComponent {
         <span data-l10n-args={JSON.stringify(l10nArgs)} data-l10n-id='sessionInfo' /></li>
     }
 
-    let runInsecureContentWarning = null
+    let runInsecureContentInfo = null
     if (this.isBlockedRunInsecureContent) {
-      runInsecureContentWarning =
+      runInsecureContentInfo =
         <li>
           <ul>
             <li><span className='runInsecureContentWarning' data-l10n-id='runInsecureContentWarning' /></li>
             <li>
               <Button l10nId='allowRunInsecureContent' className='secondaryAltButton allowRunInsecureContentButton' onClick={this.onAllowRunInsecureContent} />
-              <Button l10nId='denyRunInsecureContent' className='primaryButton denyRunInsecureContentButton' onClick={this.props.onHide} />
+              <Button l10nId='dismissAllowRunInsecureContent' className='primaryButton dismissAllowRunInsecureContentButton' onClick={this.props.onHide} />
+            </li>
+          </ul>
+        </li>
+    } else if (this.runInsecureContent) {
+      runInsecureContentInfo =
+        <li>
+          <ul>
+            <li><span className='denyRunInsecureContentWarning' data-l10n-id='denyRunInsecureContentWarning' /></li>
+            <li>
+              <Button l10nId='denyRunInsecureContent' className='primaryButton denyRunInsecureContentButton' onClick={this.onDenyRunInsecureContent} />
+              <Button l10nId='dismissDenyRunInsecureContent' className='secondaryAltButton dismissDenyRunInsecureContentButton' onClick={this.props.onHide} />
             </li>
           </ul>
         </li>
     }
+    // Disable in private mode for now
+    if (this.isPrivate) {
+      runInsecureContentInfo = null
+    }
 
     return <Dialog onHide={this.props.onHide} className='siteInfo' isClickDismiss>
       <ul onClick={(e) => e.stopPropagation()}>
@@ -86,7 +115,7 @@ class SiteInfo extends ImmutableComponent {
         partitionInfo
       }
       {
-        runInsecureContentWarning
+        runInsecureContentInfo
       }
       </ul>
     </Dialog>

js/state/contentSettings.js

@@ -172,6 +172,7 @@ const getContentSettingsFromSiteSettings = (appState) => {
       addContentSettings(contentSettings.referer, hostPattern, '*', 'allow')
     }
   }
+
   return { content_settings: contentSettings }
 }
 

js/stores/appStore.js

@@ -487,15 +487,20 @@ const handleAppAction = (action) => {
       handleChangeSettingAction(action.key, action.value)
       break
     case AppConstants.APP_CHANGE_SITE_SETTING:
-      let propertyName = action.temporary ? 'temporarySiteSettings' : 'siteSettings'
-      appState = appState.set(propertyName,
-        siteSettings.mergeSiteSetting(appState.get(propertyName), action.hostPattern, action.key, action.value))
-      break
+      {
+        let propertyName = action.temporary ? 'temporarySiteSettings' : 'siteSettings'
+        appState = appState.set(propertyName,
+          siteSettings.mergeSiteSetting(appState.get(propertyName), action.hostPattern, action.key, action.value))
+        break
+      }
     case AppConstants.APP_REMOVE_SITE_SETTING:
-      let newSiteSettings = siteSettings.removeSiteSetting(appState.get('siteSettings'),
-                                                           action.hostPattern, action.key)
-      appState = appState.set('siteSettings', newSiteSettings)
-      break
+      {
+        let propertyName = action.temporary ? 'temporarySiteSettings' : 'siteSettings'
+        let newSiteSettings = siteSettings.removeSiteSetting(appState.get(propertyName),
+          action.hostPattern, action.key)
+        appState = appState.set(propertyName, newSiteSettings)
+        break
+      }
     case AppConstants.APP_UPDATE_LEDGER_INFO:
       appState = appState.set('ledgerInfo', Immutable.fromJS(action.ledgerInfo))
       break