diff options
| author | amit@chromium.org <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-13 21:33:40 +0000 |
|---|---|---|
| committer | amit@chromium.org <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-13 21:33:40 +0000 |
| commit | d266ce8f18632331944edf0042cb5a138bb19919 (patch) | |
| tree | d1fc49eacc7c8cca621874e62a7f9bf6a5ef16c9 /chrome_frame/chrome_frame_automation.cc | |
| parent | 17d4f3df2f94a479c9486a86737bcff756008781 (diff) | |
| download | chromium_src-d266ce8f18632331944edf0042cb5a138bb19919.zip chromium_src-d266ce8f18632331944edf0042cb5a138bb19919.tar.gz chromium_src-d266ce8f18632331944edf0042cb5a138bb19919.tar.bz2 | |
Restrict unsafe URLs in Chrome Frame
Further tighten down what URLs can be loaded in Chrome Frame.
Based on the feedback from the security review and code
inspection, restrict about: scheme only to about:blank
and about:version by default. Factor out logic blocking logic
including for URL zone checking so that all ActiveX, ActiveDoc
and NPAPI will follow the same path. As a result we now block
restricted URL zones in NPAPI instance as well.
Another side effect of this refactoring is that the registry
flag, EnableGcfProtocol, is replaced by AllowUnsafeURLs. If
If this flag is set, then all the security related checking
is turned off.
BUG=50741
TEST=By default gcf: works only for about:blank, about:version and
view-source of http and https. Setting AllowUnsafeURLs to a non
zero value should allow any URL be loaded via gcf:
Review URL: http://codereview.chromium.org/3159006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56096 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/chrome_frame_automation.cc')
| -rw-r--r-- | chrome_frame/chrome_frame_automation.cc | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/chrome_frame/chrome_frame_automation.cc b/chrome_frame/chrome_frame_automation.cc index 216b7a9..05109c5 100644 --- a/chrome_frame/chrome_frame_automation.cc +++ b/chrome_frame/chrome_frame_automation.cc @@ -609,6 +609,13 @@ bool ChromeFrameAutomationClient::Initialize( // InitializeComplete is called successfully. init_state_ = INITIALIZING; + HRESULT hr = security_manager_.CreateInstance(CLSID_InternetSecurityManager); + if (FAILED(hr)) { + NOTREACHED() << __FUNCTION__ + << " Failed to create InternetSecurityManager. Error: 0x%x" + << hr; + } + if (chrome_launch_params_->url().is_valid()) navigate_after_initialization_ = false; @@ -657,7 +664,7 @@ void ChromeFrameAutomationClient::Uninitialize() { if (::IsWindow(m_hWnd)) DestroyWindow(); - DCHECK(navigate_after_initialization_ == false); + // DCHECK(navigate_after_initialization_ == false); handle_top_level_requests_ = false; ui_thread_id_ = 0; chrome_frame_delegate_ = NULL; @@ -670,11 +677,11 @@ bool ChromeFrameAutomationClient::InitiateNavigation(const std::string& url, return false; GURL parsed_url(url); + // Catch invalid URLs early. - if (!parsed_url.is_valid() || - !IsValidUrlScheme(UTF8ToWide(url), is_privileged)) { - DLOG(ERROR) << "Invalid URL passed to InitiateNavigation: " << url - << " is_privileged=" << is_privileged; + // Can we allow this navigation to happen? + if (!CanNavigate(parsed_url, security_manager_, is_privileged)) { + DLOG(ERROR) << __FUNCTION__ << " Not allowing navigation to: " << url; return false; } @@ -1357,6 +1364,14 @@ void ChromeFrameAutomationClient::RunUnloadHandlers(HWND notification_window, } } +void ChromeFrameAutomationClient::SetUrlFetcher( + PluginUrlRequestManager* url_fetcher) { + DCHECK(url_fetcher != NULL); + url_fetcher_ = url_fetcher; + url_fetcher_flags_ = url_fetcher->GetThreadSafeFlags(); + url_fetcher_->set_delegate(this); +} + void ChromeFrameAutomationClient::SetZoomLevel(PageZoom::Function zoom_level) { if (automation_server_) { automation_server_->Send(new AutomationMsg_SetZoomLevel(0, tab_handle_, |