Home | History | Annotate | Download | only in chrome_frame 
      1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome_frame/navigation_constraints.h"
      6 
      7 #include "base/strings/string_util.h"
      8 #include "base/strings/utf_string_conversions.h"
      9 #include "chrome/common/url_constants.h"
     10 #include "chrome_frame/utils.h"
     11 #include "extensions/common/constants.h"
     12 
     13 NavigationConstraintsImpl::NavigationConstraintsImpl() : is_privileged_(false) {
     14 }
     15 
     16 // NavigationConstraintsImpl method definitions.
     17 bool NavigationConstraintsImpl::AllowUnsafeUrls() {
     18   // No sanity checks if unsafe URLs are allowed
     19   return GetConfigBool(false, kAllowUnsafeURLs);
     20 }
     21 
     22 bool NavigationConstraintsImpl::IsSchemeAllowed(const GURL& url) {
     23   if (url.is_empty())
     24     return false;
     25 
     26   if (!url.is_valid())
     27     return false;
     28 
     29   if (url.SchemeIs(chrome::kHttpScheme) ||
     30       url.SchemeIs(chrome::kHttpsScheme))
     31     return true;
     32 
     33   // Additional checking for view-source. Allow only http and https
     34   // URLs in view source.
     35   if (url.SchemeIs(content::kViewSourceScheme)) {
     36     GURL sub_url(url.GetContent());
     37     if (sub_url.SchemeIs(chrome::kHttpScheme) ||
     38         sub_url.SchemeIs(chrome::kHttpsScheme))
     39       return true;
     40   }
     41 
     42   // Allow only about:blank or about:version
     43   if (url.SchemeIs(chrome::kAboutScheme)) {
     44     if (LowerCaseEqualsASCII(url.spec(), content::kAboutBlankURL) ||
     45         LowerCaseEqualsASCII(url.spec(), chrome::kAboutVersionURL)) {
     46       return true;
     47     }
     48   }
     49 
     50   if (is_privileged_ &&
     51       (url.SchemeIs(chrome::kDataScheme) ||
     52        url.SchemeIs(extensions::kExtensionScheme))) {
     53     return true;
     54   }
     55 
     56   return false;
     57 }
     58 
     59 bool NavigationConstraintsImpl::IsZoneAllowed(const GURL& url) {
     60   if (!security_manager_) {
     61     HRESULT hr = security_manager_.CreateInstance(
     62         CLSID_InternetSecurityManager);
     63     if (FAILED(hr)) {
     64       NOTREACHED() << __FUNCTION__
     65                    << " Failed to create SecurityManager. Error: 0x%x"
     66                    << hr;
     67       return true;
     68     }
     69     DWORD zone = URLZONE_INVALID;
     70     std::wstring unicode_url = UTF8ToWide(url.spec());
     71     security_manager_->MapUrlToZone(unicode_url.c_str(), &zone, 0);
     72     if (zone == URLZONE_UNTRUSTED) {
     73       DLOG(WARNING) << __FUNCTION__
     74                     << " Disallowing navigation to restricted url: " << url;
     75       return false;
     76     }
     77   }
     78   return true;
     79 }
     80 
     81 bool NavigationConstraintsImpl::is_privileged() const {
     82   return is_privileged_;
     83 }
     84 
     85 void NavigationConstraintsImpl::set_is_privileged(bool is_privileged) {
     86   is_privileged_ = is_privileged;
     87 }
     88