<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Ensure mixed content forms are detected"
   href="https://bugs.webkit.org/show_bug.cgi?id=142342">142342</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Ensure mixed content forms are detected
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>WebKit
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>528+ (Nightly build)
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>Normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P2
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>WebCore Misc.
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>webkit-unassigned@lists.webkit.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>mcatanzaro@igalia.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>If a form on an https:// page posts its result to an http:// URL we need to make sure we are displaying an insecure content warning. Otherwise there's no way to know when your credit card data is sent in the clear. There is no test for this currently. Add a test and if the test doesn't pass, fix it.

Unfortunately we cannot block this behavior for compatibility reasons (i.e. the form must be treated as "passive" content you "canDisplay" even though it would make more sense to consider it "active" content you "canRun").</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>