1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome_frame/navigation_constraints.h" 6 7 #include "base/strings/string_util.h" 8 #include "base/strings/utf_string_conversions.h" 9 #include "chrome/common/url_constants.h" 10 #include "chrome_frame/utils.h" 11 #include "extensions/common/constants.h" 12 13 NavigationConstraintsImpl::NavigationConstraintsImpl() : is_privileged_(false) { 14 } 15 16 // NavigationConstraintsImpl method definitions. 17 bool NavigationConstraintsImpl::AllowUnsafeUrls() { 18 // No sanity checks if unsafe URLs are allowed 19 return GetConfigBool(false, kAllowUnsafeURLs); 20 } 21 22 bool NavigationConstraintsImpl::IsSchemeAllowed(const GURL& url) { 23 if (url.is_empty()) 24 return false; 25 26 if (!url.is_valid()) 27 return false; 28 29 if (url.SchemeIs(chrome::kHttpScheme) || 30 url.SchemeIs(chrome::kHttpsScheme)) 31 return true; 32 33 // Additional checking for view-source. Allow only http and https 34 // URLs in view source. 35 if (url.SchemeIs(content::kViewSourceScheme)) { 36 GURL sub_url(url.GetContent()); 37 if (sub_url.SchemeIs(chrome::kHttpScheme) || 38 sub_url.SchemeIs(chrome::kHttpsScheme)) 39 return true; 40 } 41 42 // Allow only about:blank or about:version 43 if (url.SchemeIs(chrome::kAboutScheme)) { 44 if (LowerCaseEqualsASCII(url.spec(), content::kAboutBlankURL) || 45 LowerCaseEqualsASCII(url.spec(), chrome::kAboutVersionURL)) { 46 return true; 47 } 48 } 49 50 if (is_privileged_ && 51 (url.SchemeIs(chrome::kDataScheme) || 52 url.SchemeIs(extensions::kExtensionScheme))) { 53 return true; 54 } 55 56 return false; 57 } 58 59 bool NavigationConstraintsImpl::IsZoneAllowed(const GURL& url) { 60 if (!security_manager_) { 61 HRESULT hr = security_manager_.CreateInstance( 62 CLSID_InternetSecurityManager); 63 if (FAILED(hr)) { 64 NOTREACHED() << __FUNCTION__ 65 << " Failed to create SecurityManager. Error: 0x%x" 66 << hr; 67 return true; 68 } 69 DWORD zone = URLZONE_INVALID; 70 std::wstring unicode_url = UTF8ToWide(url.spec()); 71 security_manager_->MapUrlToZone(unicode_url.c_str(), &zone, 0); 72 if (zone == URLZONE_UNTRUSTED) { 73 DLOG(WARNING) << __FUNCTION__ 74 << " Disallowing navigation to restricted url: " << url; 75 return false; 76 } 77 } 78 return true; 79 } 80 81 bool NavigationConstraintsImpl::is_privileged() const { 82 return is_privileged_; 83 } 84 85 void NavigationConstraintsImpl::set_is_privileged(bool is_privileged) { 86 is_privileged_ = is_privileged; 87 } 88