Ensure that window.open requests issued by ChromeFrame carry the correct cookies in the outgoing HTTP requests.

To achieve this we no longer issue navigations with the gcf:attach* prefix. We now issue a navigation to the current page URL with the attach external tab suffix, which indicates that the page is forced into ChromeFrame without making an actual HTTP request. This ensures that the new IE8 process has access to all HTTP cookies. We need to patch IInternetProtocol::LockRequest and UnlockRequest to not call the underlying implementations for our dummy request as this crashes in IE8 in the prebinding code path. Fixes bug http://b/issue?id=2277519 Added tests for the CanNavigateFullTabMode helper function. Bug=2277519 Review URL: http://codereview.chromium.org/3051018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@54019 0039d316-1c4b-4281-b951-d872f2087c98
author: ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-07-28 21:15:15 +0000
committer: ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-07-28 21:15:15 +0000
commit: c4e45b3be08a8cefa237b25096f8a18fb5a5051d (patch)
tree: c6cb1e682bfde672b293406f8c6ea508694f3979 /chrome_frame/utils.cc
parent: 437d1c7f6cf70dbdc3d008745d974714db7dd68a (diff)
download: chromium_src-c4e45b3be08a8cefa237b25096f8a18fb5a5051d.zip
chromium_src-c4e45b3be08a8cefa237b25096f8a18fb5a5051d.tar.gz
chromium_src-c4e45b3be08a8cefa237b25096f8a18fb5a5051d.tar.bz2
1 files changed, 88 insertions, 19 deletions
diff --git a/chrome_frame/utils.cc b/chrome_frame/utils.cc
index b65570d..6c1e33e 100644
--- a/chrome_frame/utils.cc
+++ b/chrome_frame/utils.cc
@@ -43,6 +43,7 @@ const wchar_t kChromeContentPrefix[] = L"chrome=";
 const wchar_t kChromeProtocolPrefix[] = L"gcf:";
 const wchar_t kChromeMimeType[] = L"application/chromepage";
 const wchar_t kPatchProtocols[] = L"PatchProtocols";
+const wchar_t kChromeFrameAttachTabPattern[] = L"*?attach_external_tab&*";
 
 static const wchar_t kChromeFrameConfigKey[] =
     L"Software\\Google\\ChromeFrame";
@@ -58,7 +59,7 @@ static const wchar_t kChromeFramePersistNPAPIReg[] = L"PersistNPAPIReg";
 const wchar_t kChromeFrameOmahaSuffix[] = L"-cf";
 const wchar_t kDevChannelName[] = L"-dev";
 
-const wchar_t kChromeAttachExternalTabPrefix[] = L"attach_external_tab";
+const wchar_t kChromeAttachExternalTabPrefix[] = L"?attach_external_tab";
 
 // Indicates that we are running in a test environment, where execptions, etc
 // are handled by the chrome test crash server.
@@ -858,9 +859,6 @@ bool IsValidUrlScheme(const std::wstring& url, bool is_privileged) {
        crack_url.SchemeIs(chrome::kExtensionScheme)))
     return true;
 
-  if (StartsWith(url, kChromeAttachExternalTabPrefix, false))
-    return true;
-
   return false;
 }
 
@@ -1238,21 +1236,52 @@ HRESULT ReadStream(IStream* stream, size_t size, std::string* data) {
   return hr;
 }
 
-bool ParseAttachExternalTabUrl(const std::wstring& url, uint64* cookie,
-                               gfx::Rect* dimensions, int* disposition) {
-  if (!StartsWith(url, kChromeAttachExternalTabPrefix, true)) {
-    DLOG(WARNING) << "Invalid url passed in:"
-                  << url.c_str();
-    return false;
+ChromeFrameUrl::ChromeFrameUrl()
+    : is_chrome_protocol_(false),
+      attach_to_external_tab_(false),
+      cookie_(0),
+      disposition_(0) {
+}
+
+bool ChromeFrameUrl::Parse(const std::wstring& url) {
+  bool ret = false;
+  if (url.empty())
+    return ret;
+
+  url_ = url;
+
+  attach_to_external_tab_ = MatchPatternWide(url.c_str(),
+                                             kChromeFrameAttachTabPattern);
+  is_chrome_protocol_ = StartsWith(url, kChromeProtocolPrefix,
+                                   false);
+  DCHECK(!(attach_to_external_tab_ && is_chrome_protocol_));
+  if (is_chrome_protocol_) {
+    url_.erase(0, lstrlen(kChromeProtocolPrefix));
   }
 
-  if (!cookie || !dimensions || !disposition)
+  if (attach_to_external_tab_) {
+    ret = ParseAttachExternalTabUrl();
+  } else {
+    ret = true;
+  }
+  return ret;
+}
+
+bool ChromeFrameUrl::ParseAttachExternalTabUrl() {
+  size_t attach_external_tab_start_pos =
+      url_.find(kChromeAttachExternalTabPrefix);
+  if (attach_external_tab_start_pos == std::wstring::npos) {
+    NOTREACHED() << "Invalid url:" << url_;
     return false;
+  }
+
+  std::wstring url =
+      url_.substr(attach_external_tab_start_pos,
+                  url_.length() - attach_external_tab_start_pos);
 
   WStringTokenizer tokenizer(url, L"&");
   // Skip over kChromeAttachExternalTabPrefix
   tokenizer.GetNext();
-
   // Read the following items in order.
   // 1. cookie
   // 2. disposition
@@ -1262,41 +1291,81 @@ bool ParseAttachExternalTabUrl(const std::wstring& url, uint64* cookie,
   // 6. dimension.height.
   if (tokenizer.GetNext()) {
     wchar_t* end_ptr = 0;
-    *cookie = _wcstoui64(tokenizer.token().c_str(), &end_ptr, 10);
+    cookie_ = _wcstoui64(tokenizer.token().c_str(), &end_ptr, 10);
   } else {
     return false;
   }
 
   if (tokenizer.GetNext()) {
-    *disposition = _wtoi(tokenizer.token().c_str());
+    disposition_ = _wtoi(tokenizer.token().c_str());
   } else {
     return false;
   }
 
   if (tokenizer.GetNext()) {
-    dimensions->set_x(_wtoi(tokenizer.token().c_str()));
+    dimensions_.set_x(_wtoi(tokenizer.token().c_str()));
   } else {
     return false;
   }
 
   if (tokenizer.GetNext()) {
-    dimensions->set_y(_wtoi(tokenizer.token().c_str()));
+    dimensions_.set_y(_wtoi(tokenizer.token().c_str()));
   } else {
     return false;
   }
 
   if (tokenizer.GetNext()) {
-    dimensions->set_width(_wtoi(tokenizer.token().c_str()));
+    dimensions_.set_width(_wtoi(tokenizer.token().c_str()));
   } else {
     return false;
   }
 
   if (tokenizer.GetNext()) {
-    dimensions->set_height(_wtoi(tokenizer.token().c_str()));
+    dimensions_.set_height(_wtoi(tokenizer.token().c_str()));
   } else {
     return false;
   }
-
   return true;
 }
 
+bool CanNavigateInFullTabMode(const ChromeFrameUrl& cf_url,
+                              IInternetSecurityManager* security_manager) {
+  bool is_privileged = false;
+
+  if (!IsValidUrlScheme(cf_url.url(), is_privileged)) {
+    DLOG(WARNING) << __FUNCTION__ << " Disallowing navigation to url: "
+                  << cf_url.url();
+    return false;
+  }
+
+  if (security_manager) {
+    DWORD zone = URLZONE_INVALID;
+    security_manager->MapUrlToZone(cf_url.url().c_str(), &zone, 0);
+    if (zone == URLZONE_UNTRUSTED) {
+      DLOG(WARNING) << __FUNCTION__
+                    << " Disallowing navigation to restricted url: "
+                    << cf_url.url();
+      return false;
+    }
+  }
+
+  if (cf_url.is_chrome_protocol()) {
+    // Allow chrome protocol (gcf:) if -
+    // - explicitly enabled using registry
+    // - for gcf:attach_external_tab
+    // - for gcf:about and gcf:view-source
+    GURL crack_url(cf_url.url());
+    bool allow_gcf_protocol =
+        GetConfigBool(false, kEnableGCFProtocol) ||
+        crack_url.SchemeIs(chrome::kAboutScheme) ||
+        crack_url.SchemeIs(chrome::kViewSourceScheme);
+    if (!allow_gcf_protocol) {
+      DLOG(WARNING) << __FUNCTION__
+                    << " Disallowing navigation to gcf url: "
+                    << cf_url.url();
+      return false;
+    }
+  }
+
+  return true;
+}
author	ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-07-28 21:15:15 +0000
committer	ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-07-28 21:15:15 +0000
commit	c4e45b3be08a8cefa237b25096f8a18fb5a5051d (patch)
tree	c6cb1e682bfde672b293406f8c6ea508694f3979 /chrome_frame/utils.cc
parent	437d1c7f6cf70dbdc3d008745d974714db7dd68a (diff)
download	chromium_src-c4e45b3be08a8cefa237b25096f8a18fb5a5051d.zip chromium_src-c4e45b3be08a8cefa237b25096f8a18fb5a5051d.tar.gz chromium_src-c4e45b3be08a8cefa237b25096f8a18fb5a5051d.tar.bz2