• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "chrome_frame/navigation_constraints.h"
6 
7 #include "base/strings/string_util.h"
8 #include "base/strings/utf_string_conversions.h"
9 #include "chrome/common/url_constants.h"
10 #include "chrome_frame/utils.h"
11 #include "extensions/common/constants.h"
12 
NavigationConstraintsImpl()13 NavigationConstraintsImpl::NavigationConstraintsImpl() : is_privileged_(false) {
14 }
15 
16 // NavigationConstraintsImpl method definitions.
AllowUnsafeUrls()17 bool NavigationConstraintsImpl::AllowUnsafeUrls() {
18   // No sanity checks if unsafe URLs are allowed
19   return GetConfigBool(false, kAllowUnsafeURLs);
20 }
21 
IsSchemeAllowed(const GURL & url)22 bool NavigationConstraintsImpl::IsSchemeAllowed(const GURL& url) {
23   if (url.is_empty())
24     return false;
25 
26   if (!url.is_valid())
27     return false;
28 
29   if (url.SchemeIs(content::kHttpScheme) || url.SchemeIs(content::kHttpsScheme))
30     return true;
31 
32   // Additional checking for view-source. Allow only http and https
33   // URLs in view source.
34   if (url.SchemeIs(content::kViewSourceScheme)) {
35     GURL sub_url(url.GetContent());
36     if (sub_url.SchemeIs(content::kHttpScheme) ||
37         sub_url.SchemeIs(content::kHttpsScheme))
38       return true;
39   }
40 
41   // Allow only about:blank or about:version
42   if (url.SchemeIs(chrome::kAboutScheme)) {
43     if (LowerCaseEqualsASCII(url.spec(), content::kAboutBlankURL) ||
44         LowerCaseEqualsASCII(url.spec(), chrome::kAboutVersionURL)) {
45       return true;
46     }
47   }
48 
49   if (is_privileged_ &&
50       (url.SchemeIs(chrome::kDataScheme) ||
51        url.SchemeIs(extensions::kExtensionScheme))) {
52     return true;
53   }
54 
55   return false;
56 }
57 
IsZoneAllowed(const GURL & url)58 bool NavigationConstraintsImpl::IsZoneAllowed(const GURL& url) {
59   if (!security_manager_) {
60     HRESULT hr = security_manager_.CreateInstance(
61         CLSID_InternetSecurityManager);
62     if (FAILED(hr)) {
63       NOTREACHED() << __FUNCTION__
64                    << " Failed to create SecurityManager. Error: 0x%x"
65                    << hr;
66       return true;
67     }
68     DWORD zone = URLZONE_INVALID;
69     std::wstring unicode_url = UTF8ToWide(url.spec());
70     security_manager_->MapUrlToZone(unicode_url.c_str(), &zone, 0);
71     if (zone == URLZONE_UNTRUSTED) {
72       DLOG(WARNING) << __FUNCTION__
73                     << " Disallowing navigation to restricted url: " << url;
74       return false;
75     }
76   }
77   return true;
78 }
79 
is_privileged() const80 bool NavigationConstraintsImpl::is_privileged() const {
81   return is_privileged_;
82 }
83 
set_is_privileged(bool is_privileged)84 void NavigationConstraintsImpl::set_is_privileged(bool is_privileged) {
85   is_privileged_ = is_privileged;
86 }
87