| // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chrome_frame/navigation_constraints.h" |
| |
| #include "base/strings/string_util.h" |
| #include "base/strings/utf_string_conversions.h" |
| #include "chrome/common/url_constants.h" |
| #include "chrome_frame/utils.h" |
| #include "extensions/common/constants.h" |
| |
| NavigationConstraintsImpl::NavigationConstraintsImpl() : is_privileged_(false) { |
| } |
| |
| // NavigationConstraintsImpl method definitions. |
| bool NavigationConstraintsImpl::AllowUnsafeUrls() { |
| // No sanity checks if unsafe URLs are allowed |
| return GetConfigBool(false, kAllowUnsafeURLs); |
| } |
| |
| bool NavigationConstraintsImpl::IsSchemeAllowed(const GURL& url) { |
| if (url.is_empty()) |
| return false; |
| |
| if (!url.is_valid()) |
| return false; |
| |
| if (url.SchemeIs(content::kHttpScheme) || url.SchemeIs(content::kHttpsScheme)) |
| return true; |
| |
| // Additional checking for view-source. Allow only http and https |
| // URLs in view source. |
| if (url.SchemeIs(content::kViewSourceScheme)) { |
| GURL sub_url(url.GetContent()); |
| if (sub_url.SchemeIs(content::kHttpScheme) || |
| sub_url.SchemeIs(content::kHttpsScheme)) |
| return true; |
| } |
| |
| // Allow only about:blank or about:version |
| if (url.SchemeIs(chrome::kAboutScheme)) { |
| if (LowerCaseEqualsASCII(url.spec(), content::kAboutBlankURL) || |
| LowerCaseEqualsASCII(url.spec(), chrome::kAboutVersionURL)) { |
| return true; |
| } |
| } |
| |
| if (is_privileged_ && |
| (url.SchemeIs(chrome::kDataScheme) || |
| url.SchemeIs(extensions::kExtensionScheme))) { |
| return true; |
| } |
| |
| return false; |
| } |
| |
| bool NavigationConstraintsImpl::IsZoneAllowed(const GURL& url) { |
| if (!security_manager_) { |
| HRESULT hr = security_manager_.CreateInstance( |
| CLSID_InternetSecurityManager); |
| if (FAILED(hr)) { |
| NOTREACHED() << __FUNCTION__ |
| << " Failed to create SecurityManager. Error: 0x%x" |
| << hr; |
| return true; |
| } |
| DWORD zone = URLZONE_INVALID; |
| std::wstring unicode_url = UTF8ToWide(url.spec()); |
| security_manager_->MapUrlToZone(unicode_url.c_str(), &zone, 0); |
| if (zone == URLZONE_UNTRUSTED) { |
| DLOG(WARNING) << __FUNCTION__ |
| << " Disallowing navigation to restricted url: " << url; |
| return false; |
| } |
| } |
| return true; |
| } |
| |
| bool NavigationConstraintsImpl::is_privileged() const { |
| return is_privileged_; |
| } |
| |
| void NavigationConstraintsImpl::set_is_privileged(bool is_privileged) { |
| is_privileged_ = is_privileged; |
| } |