diff options
| author | amit@chromium.org <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-13 21:33:40 +0000 |
|---|---|---|
| committer | amit@chromium.org <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-13 21:33:40 +0000 |
| commit | d266ce8f18632331944edf0042cb5a138bb19919 (patch) | |
| tree | d1fc49eacc7c8cca621874e62a7f9bf6a5ef16c9 /chrome_frame/utils.h | |
| parent | 17d4f3df2f94a479c9486a86737bcff756008781 (diff) | |
| download | chromium_src-d266ce8f18632331944edf0042cb5a138bb19919.zip chromium_src-d266ce8f18632331944edf0042cb5a138bb19919.tar.gz chromium_src-d266ce8f18632331944edf0042cb5a138bb19919.tar.bz2 | |
Restrict unsafe URLs in Chrome Frame
Further tighten down what URLs can be loaded in Chrome Frame.
Based on the feedback from the security review and code
inspection, restrict about: scheme only to about:blank
and about:version by default. Factor out logic blocking logic
including for URL zone checking so that all ActiveX, ActiveDoc
and NPAPI will follow the same path. As a result we now block
restricted URL zones in NPAPI instance as well.
Another side effect of this refactoring is that the registry
flag, EnableGcfProtocol, is replaced by AllowUnsafeURLs. If
If this flag is set, then all the security related checking
is turned off.
BUG=50741
TEST=By default gcf: works only for about:blank, about:version and
view-source of http and https. Setting AllowUnsafeURLs to a non
zero value should allow any URL be loaded via gcf:
Review URL: http://codereview.chromium.org/3159006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56096 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/utils.h')
| -rw-r--r-- | chrome_frame/utils.h | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/chrome_frame/utils.h b/chrome_frame/utils.h index beb7fa1..8640f11 100644 --- a/chrome_frame/utils.h +++ b/chrome_frame/utils.h @@ -24,10 +24,11 @@ // utils.h : Various utility functions and classes extern const wchar_t kChromeContentPrefix[]; +extern const char kGCFProtocol[]; extern const wchar_t kChromeProtocolPrefix[]; extern const wchar_t kChromeFrameHeadlessMode[]; extern const wchar_t kChromeFrameUnpinnedMode[]; -extern const wchar_t kEnableGCFProtocol[]; +extern const wchar_t kAllowUnsafeURLs[]; extern const wchar_t kEnableBuggyBhoIntercept[]; extern const wchar_t kChromeMimeType[]; extern const wchar_t kChromeFrameAttachTabPattern[]; @@ -276,7 +277,7 @@ bool CheckForCFNavigation(IBrowserService* browser, bool clear_flag); // Returns true if the URL passed in is something which can be handled by // Chrome. If this function returns false then we should fail the navigation. // When is_privileged is true, chrome extension URLs will be considered valid. -bool IsValidUrlScheme(const std::wstring& url, bool is_privileged); +bool IsValidUrlScheme(const GURL& url, bool is_privileged); // Returns the raw http headers for the current request given an // IWinInetHttpInfo pointer. @@ -503,8 +504,8 @@ class ChromeFrameUrl { return dimensions_; } - const std::wstring& url() const { - return url_; + const GURL& gurl() const { + return parsed_url_; } private: @@ -512,19 +513,23 @@ class ChromeFrameUrl { // suffix portion of the URL which contains the attach_external_tab prefix. bool ParseAttachExternalTabUrl(); + // Clear state. + void Reset(); + bool attach_to_external_tab_; bool is_chrome_protocol_; - std::wstring url_; uint64 cookie_; gfx::Rect dimensions_; int disposition_; + + GURL parsed_url_; }; // Returns true if we can navigate to this URL. // This function checks if the url scheme is valid for navigation within // chrome and whether it is a restricted URL as per IE settings. In either of // these cases it returns false. -bool CanNavigateInFullTabMode(const ChromeFrameUrl& cf_url, - IInternetSecurityManager* security_manager); +bool CanNavigate(const GURL& url, IInternetSecurityManager* security_manager, + bool is_privileged); #endif // CHROME_FRAME_UTILS_H_ |