Currently in full tab mode IE displays the security zone as Unknown. This CL fixes that by returning URLZONE_INTERNET for most of the URLs, as we cannot directly map them to internal/external URLs. The reason being Chrome would need to honor the security settings from IE based on the zone.

We also disallow navigation in ChromeFrame for restricted URLs.

This fixes bug http://b/issue?id=2059403

This CL also fixes the stray issues with cf:attach_external_tab being visible in the tab title at times.
This can be easily reproduced if the tabs being opened are background tabs. To set the title we call
Exec on the IOleCommandTarget exposed by the frame. This is queried off the IOleInPlaceSite interface which
is maintained by the m_spInPlaceSite member variable in CComControlBase. This member is not set when the tab
is opened as a background tab and only gets set when it is activated. The fix is to query the IOleInPlaceSite
interface from the IOleClientSite interface if the m_spInPlaceSite  is not set.

This fixes http://b/issue?id=2119243

Bug=2059403,2119243

Review URL: http://codereview.chromium.org/220042

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@27274 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 146 insertions, 52 deletions

diff --git a/chrome_frame/chrome_active_document.cc b/chrome_frame/chrome_active_document.cc
index bbe38b7..147ef0b 100644
--- a/chrome_frame/chrome_active_document.cc
+++ b/chrome_frame/chrome_active_document.cc
@@ -184,61 +184,21 @@ STDMETHODIMP ChromeActiveDocument::Load(BOOL fully_avalable,
   moniker_name->GetDisplayName(bind_context, NULL, &display_name);
   std::wstring url = display_name;
 
-  bool is_chrome_protocol = StartsWith(url, kChromeProtocolPrefix, false);
+  // The is_new_navigation variable indicates if this a navigation initiated
+  // by typing in a URL for e.g. in the IE address bar, or from Chrome by
+  // a window.open call from javascript, in which case the current IE tab
+  // will attach to an existing ExternalTabContainer instance.
   bool is_new_navigation = true;
+  bool is_chrome_protocol = false;
 
-  if (is_chrome_protocol) {
-    url.erase(0, lstrlen(kChromeProtocolPrefix));
-    is_new_navigation = 
-        !StartsWith(url, kChromeAttachExternalTabPrefix, false);
-  }
-
-  if (!IsValidUrlScheme(url)) {
-    DLOG(WARNING) << __FUNCTION__ << " Disallowing navigation to url: "
-                  << url;
+  if (!ParseUrl(url, &is_new_navigation, &is_chrome_protocol, &url)) {
+    DLOG(WARNING) << __FUNCTION__ << " Failed to parse url:" << url;
     return E_INVALIDARG;
   }
 
-  if (!is_new_navigation) {
-    WStringTokenizer tokenizer(url, L"&");
-    // Skip over kChromeAttachExternalTabPrefix
-    tokenizer.GetNext();
-
-    intptr_t external_tab_cookie = 0;
-
-    if (tokenizer.GetNext())
-      StringToInt(tokenizer.token(),
-                  reinterpret_cast<int*>(&external_tab_cookie));
-
-    if (external_tab_cookie == 0) {
-      NOTREACHED() << "invalid url for attach tab: " << url;
-      return E_FAIL;
-    }
-
-    automation_client_->AttachExternalTab(external_tab_cookie);
-  } 
-
-  // Initiate navigation before launching chrome so that the url will be
-  // cached and sent with launch settings.
-  if (is_new_navigation) {
-    url_.Reset(::SysAllocString(url.c_str()));
-    if (url_.Length()) {
-      std::string utf8_url;
-      WideToUTF8(url_, url_.Length(), &utf8_url);
-      if (!automation_client_->InitiateNavigation(utf8_url)) {
-        DLOG(ERROR) << "Invalid URL: " << url;
-        Error(L"Invalid URL");
-        url_.Reset();
-        return E_INVALIDARG;
-      }
-
-      DLOG(INFO) << "Url is " << url_;
-    }
-  }
-
-  if (!is_automation_client_reused_ &&
-      !InitializeAutomation(GetHostProcessName(false), L"", IsIEInPrivate())) {
-    return E_FAIL;
+  if (!LaunchUrl(url, is_new_navigation)) {
+    NOTREACHED() << __FUNCTION__ << " Failed to launch url:" << url;
+    return E_INVALIDARG;
   }
 
   if (!is_chrome_protocol) {
@@ -394,6 +354,9 @@ HRESULT ChromeActiveDocument::ActiveXDocActivate(LONG verb) {
     }
   }
   m_spClientSite->ShowObject();
+  // Inform IE about the zone for this URL. We do this here as we need to the
+  // IOleInPlaceSite interface to be setup.
+  IEExec(&CGID_Explorer, SBCMDID_MIXEDZONE, 0, NULL, NULL);
   return S_OK;
 }
 
@@ -534,6 +497,11 @@ void ChromeActiveDocument::UpdateNavigationState(
       }
     }
   }
+
+  // Update the IE zone here. Ideally we would like to do it when the active
+  // document is activated. However that does not work at times as the frame we
+  // get there is not the actual frame which handles the command.
+  IEExec(&CGID_Explorer, SBCMDID_MIXEDZONE, 0, NULL, NULL);
 }
 
 void ChromeActiveDocument::OnFindInPage() {
@@ -554,6 +522,17 @@ void ChromeActiveDocument::OnViewSource() {
   OnOpenURL(0, GURL(url_to_open), NEW_WINDOW);
 }
 
+void ChromeActiveDocument::OnDetermineSecurityZone(const GUID* cmd_group_guid,
+                                                   DWORD command_id,
+                                                   DWORD cmd_exec_opt,
+                                                   VARIANT* in_args,
+                                                   VARIANT* out_args) {
+  if (out_args != NULL) {
+    out_args->vt = VT_UI4;
+    out_args->ulVal = URLZONE_INTERNET;
+  }
+}
+
 void ChromeActiveDocument::OnOpenURL(int tab_handle, const GURL& url_to_open,
                                      int open_disposition) {
   // If the disposition indicates that we should be opening the URL in the
@@ -636,9 +615,16 @@ HRESULT ChromeActiveDocument::IEExec(const GUID* cmd_group_guid,
                                      DWORD command_id, DWORD cmd_exec_opt,
                                      VARIANT* in_args, VARIANT* out_args) {
   HRESULT hr = E_FAIL;
+
   ScopedComPtr<IOleCommandTarget> frame_cmd_target;
-  if (m_spInPlaceSite)
-    hr = frame_cmd_target.QueryFrom(m_spInPlaceSite);
+
+  ScopedComPtr<IOleInPlaceSite> in_place_site(m_spInPlaceSite);
+  if (!in_place_site.get()) {
+    in_place_site.QueryFrom(m_spClientSite);
+  }
+
+  if (in_place_site)
+    hr = frame_cmd_target.QueryFrom(in_place_site);
 
   if (frame_cmd_target)
     hr = frame_cmd_target->Exec(cmd_group_guid, command_id, cmd_exec_opt,
@@ -646,3 +632,111 @@ HRESULT ChromeActiveDocument::IEExec(const GUID* cmd_group_guid,
 
   return hr;
 }
+
+bool ChromeActiveDocument::IsUrlZoneRestricted(const std::wstring& url) {
+  if (security_manager_.get() == NULL) {
+    HRESULT hr = CoCreateInstance(
+        CLSID_InternetSecurityManager,
+        NULL,
+        CLSCTX_ALL,
+        IID_IInternetSecurityManager,
+        reinterpret_cast<void**>(security_manager_.Receive()));
+
+    if (FAILED(hr)) {
+      NOTREACHED() << __FUNCTION__
+                   << " Failed to create InternetSecurityManager. Error: 0x%x"
+                   << hr;
+      return true;
+    }
+  }
+
+  DWORD zone = URLZONE_UNTRUSTED;
+  security_manager_->MapUrlToZone(url.c_str(), &zone, 0);
+  return zone == URLZONE_UNTRUSTED;
+}
+
+bool ChromeActiveDocument::ParseUrl(const std::wstring& url,
+                                    bool* is_new_navigation,
+                                    bool* is_chrome_protocol,
+                                    std::wstring* parsed_url) {
+  if (!is_new_navigation || !is_chrome_protocol|| !parsed_url) {
+    NOTREACHED() << __FUNCTION__ << " Invalid arguments";
+    return false;
+  }
+
+  std::wstring initial_url = url;
+
+  *is_chrome_protocol = StartsWith(initial_url, kChromeProtocolPrefix,
+                                   false);
+
+  *is_new_navigation = true;
+
+  if (*is_chrome_protocol) {
+    initial_url.erase(0, lstrlen(kChromeProtocolPrefix));
+    *is_new_navigation =
+        !StartsWith(initial_url, kChromeAttachExternalTabPrefix, false);
+  }
+
+  if (!IsValidUrlScheme(initial_url)) {
+    DLOG(WARNING) << __FUNCTION__ << " Disallowing navigation to url: "
+                  << url;
+    return false;
+  }
+
+  if (IsUrlZoneRestricted(initial_url)) {
+    DLOG(WARNING) << __FUNCTION__
+                  << " Disallowing navigation to restricted url: "
+                  << initial_url;
+    return false;
+  }
+
+  *parsed_url = initial_url;
+  return true;
+}
+
+bool ChromeActiveDocument::LaunchUrl(const std::wstring& url,
+                                     bool is_new_navigation) {
+  if (!is_new_navigation) {
+    WStringTokenizer tokenizer(url, L"&");
+    // Skip over kChromeAttachExternalTabPrefix
+    tokenizer.GetNext();
+
+    intptr_t external_tab_cookie = 0;
+
+    if (tokenizer.GetNext())
+      StringToInt(tokenizer.token(),
+                  reinterpret_cast<int*>(&external_tab_cookie));
+
+    if (external_tab_cookie == 0) {
+      NOTREACHED() << "invalid url for attach tab: " << url;
+      return false;
+    }
+
+    automation_client_->AttachExternalTab(external_tab_cookie);
+  } else {
+    // Initiate navigation before launching chrome so that the url will be
+    // cached and sent with launch settings.
+    if (is_new_navigation) {
+      url_.Reset(::SysAllocString(url.c_str()));
+      if (url_.Length()) {
+        std::string utf8_url;
+        WideToUTF8(url_, url_.Length(), &utf8_url);
+        if (!automation_client_->InitiateNavigation(utf8_url)) {
+          DLOG(ERROR) << "Invalid URL: " << url;
+          Error(L"Invalid URL");
+          url_.Reset();
+          return false;
+        }
+
+        DLOG(INFO) << "Url is " << url_;
+      }
+    }
+  }
+
+  if (!is_automation_client_reused_ &&
+      !InitializeAutomation(GetHostProcessName(false), L"", IsIEInPrivate())) {
+    return false;
+  }
+
+  return true;
+}