chrome_frame/navigation_constraints.cc

   1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome_frame/navigation_constraints.h"
   6
   7 #include "base/strings/string_util.h"
   8 #include "base/strings/utf_string_conversions.h"
   9 #include "chrome/common/url_constants.h"
  10 #include "chrome_frame/utils.h"
  11 #include "extensions/common/constants.h"
  12
  13 NavigationConstraintsImpl::NavigationConstraintsImpl() : is_privileged_(false) {
  14 }
  15
  16 // NavigationConstraintsImpl method definitions.
  17 bool NavigationConstraintsImpl::AllowUnsafeUrls() {
  18   // No sanity checks if unsafe URLs are allowed
  19   return GetConfigBool(false, kAllowUnsafeURLs);
  20 }
  21
  22 bool NavigationConstraintsImpl::IsSchemeAllowed(const GURL& url) {
  23   if (url.is_empty())
  24     return false;
  25
  26   if (!url.is_valid())
  27     return false;
  28
  29   if (url.SchemeIs(content::kHttpScheme) || url.SchemeIs(content::kHttpsScheme))
  30     return true;
  31
  32   // Additional checking for view-source. Allow only http and https
  33   // URLs in view source.
  34   if (url.SchemeIs(content::kViewSourceScheme)) {
  35     GURL sub_url(url.path());
  36     if (sub_url.SchemeIs(content::kHttpScheme) ||
  37         sub_url.SchemeIs(content::kHttpsScheme))
  38       return true;
  39   }
  40
  41   // Allow only about:blank or about:version
  42   if (url.SchemeIs(chrome::kAboutScheme)) {
  43     if (LowerCaseEqualsASCII(url.spec(), content::kAboutBlankURL) ||
  44         LowerCaseEqualsASCII(url.spec(), chrome::kAboutVersionURL)) {
  45       return true;
  46     }
  47   }
  48
  49   if (is_privileged_ &&
  50       (url.SchemeIs(chrome::kDataScheme) ||
  51        url.SchemeIs(extensions::kExtensionScheme))) {
  52     return true;
  53   }
  54
  55   return false;
  56 }
  57
  58 bool NavigationConstraintsImpl::IsZoneAllowed(const GURL& url) {
  59   if (!security_manager_) {
  60     HRESULT hr = security_manager_.CreateInstance(
  61         CLSID_InternetSecurityManager);
  62     if (FAILED(hr)) {
  63       NOTREACHED() << __FUNCTION__
  64                    << " Failed to create SecurityManager. Error: 0x%x"
  65                    << hr;
  66       return true;
  67     }
  68     DWORD zone = URLZONE_INVALID;
  69     std::wstring unicode_url = UTF8ToWide(url.spec());
  70     security_manager_->MapUrlToZone(unicode_url.c_str(), &zone, 0);
  71     if (zone == URLZONE_UNTRUSTED) {
  72       DLOG(WARNING) << __FUNCTION__
  73                     << " Disallowing navigation to restricted url: " << url;
  74       return false;
  75     }
  76   }
  77   return true;
  78 }
  79
  80 bool NavigationConstraintsImpl::is_privileged() const {
  81   return is_privileged_;
  82 }
  83
  84 void NavigationConstraintsImpl::set_is_privileged(bool is_privileged) {
  85   is_privileged_ = is_privileged;
  86 }