Added a new policy setting as well as corrisponding registry key to allow GCF users the option to disable the meta tag check. That is, the tag that websites can use to enable GCF. This way the white/black lists are fully respected by GCF.

BUG=225971
TEST=Set HKEY_CURRENT_USER\Software\Google\ChromeFrame\SkipGCFMetaDataCheck to true to disable GCF on sites enabled through the meta data tag (fully respects white/black lists).

Contributed by joe.knoll@workday.com
TBR=joaodasilva@chromium.org,robertshield@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23295005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@218626 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 83 insertions, 4 deletions

diff --git a/chrome_frame/policy_settings.cc b/chrome_frame/policy_settings.cc
index 54d7ca1..fb8caf6 100644
--- a/chrome_frame/policy_settings.cc
+++ b/chrome_frame/policy_settings.cc
@@ -84,8 +84,8 @@ void PolicySettings::ReadUrlSettings(
 
   DCHECK(value == RENDERER_NOT_SPECIFIED ||
          value == RENDER_IN_HOST ||
-         value == RENDER_IN_CHROME_FRAME) <<
-      "invalid default renderer setting: " << value;
+         value == RENDER_IN_CHROME_FRAME)
+      << "invalid default renderer setting: " << value;
 
   if (value != RENDER_IN_HOST && value != RENDER_IN_CHROME_FRAME) {
     DVLOG(1) << "default renderer not specified via policy";
@@ -105,6 +105,40 @@ void PolicySettings::ReadUrlSettings(
 }
 
 // static
+void PolicySettings::ReadMetadataCheckSettings(
+    SkipMetadataCheck* skip_metadata_check) {
+  DCHECK(skip_metadata_check);
+
+  *skip_metadata_check = SKIP_METADATA_CHECK_NOT_SPECIFIED;
+
+  base::win::RegKey config_key;
+  DWORD value = SKIP_METADATA_CHECK_NOT_SPECIFIED;
+  string16 settings_value(
+      ASCIIToWide(policy::key::kSkipMetadataCheck));
+  for (int i = 0; i < arraysize(kRootKeys); ++i) {
+    if ((config_key.Open(kRootKeys[i], policy::kRegistryChromePolicyKey,
+                         KEY_READ) == ERROR_SUCCESS) &&
+        (config_key.ReadValueDW(settings_value.c_str(),
+                                &value) == ERROR_SUCCESS)) {
+      break;
+    }
+  }
+
+  DCHECK(value == SKIP_METADATA_CHECK_NOT_SPECIFIED ||
+         value == SKIP_METADATA_CHECK_NO ||
+         value == SKIP_METADATA_CHECK_YES)
+      << "invalid skip metadata check setting: " << value;
+
+  if (value != SKIP_METADATA_CHECK_NO && value != SKIP_METADATA_CHECK_YES) {
+    DVLOG(1) << "metadata check not specified via policy";
+  } else {
+    *skip_metadata_check = static_cast<SkipMetadataCheck>(value);
+    DVLOG(1) << "SkipMetadata check as specified via policy: "
+             << *skip_metadata_check;
+  }
+}
+
+// static
 void PolicySettings::ReadContentTypeSetting(
     std::vector<std::wstring>* content_type_list) {
   DCHECK(content_type_list);
@@ -156,6 +190,7 @@ void PolicySettings::ReadBoolSetting(const char* value_name, bool* value) {
 
 void PolicySettings::RefreshFromRegistry() {
   RendererForUrl default_renderer;
+  SkipMetadataCheck skip_metadata_check;
   std::vector<std::wstring> renderer_exclusion_list;
   std::vector<std::wstring> content_type_list;
   std::wstring application_locale;
@@ -165,6 +200,7 @@ void PolicySettings::RefreshFromRegistry() {
 
   // Read the latest settings from the registry
   ReadUrlSettings(&default_renderer, &renderer_exclusion_list);
+  ReadMetadataCheckSettings(&skip_metadata_check);
   ReadContentTypeSetting(&content_type_list);
   ReadStringSetting(policy::key::kApplicationLocaleValue, &application_locale);
   ReadStringSetting(policy::key::kAdditionalLaunchParameters,
@@ -181,6 +217,7 @@ void PolicySettings::RefreshFromRegistry() {
   using std::swap;
 
   swap(default_renderer_, default_renderer);
+  swap(skip_metadata_check_, skip_metadata_check);
   swap(renderer_exclusion_list_, renderer_exclusion_list);
   swap(content_type_list_, content_type_list);
   swap(application_locale_, application_locale);
diff --git a/chrome_frame/policy_settings.h b/chrome_frame/policy_settings.h
index 104f713..7b282d4 100644
--- a/chrome_frame/policy_settings.h
+++ b/chrome_frame/policy_settings.h
@@ -17,18 +17,28 @@
 // TODO(tommi): Use Chrome's classes for this (and the notification service).
 class PolicySettings {
  public:
-  typedef enum RendererForUrl {
+  enum RendererForUrl {
     RENDERER_NOT_SPECIFIED = -1,
     RENDER_IN_HOST,
     RENDER_IN_CHROME_FRAME,
   };
 
+  enum SkipMetadataCheck {
+    SKIP_METADATA_CHECK_NOT_SPECIFIED = -1,
+    SKIP_METADATA_CHECK_NO,
+    SKIP_METADATA_CHECK_YES,
+  };
+
   static PolicySettings* GetInstance();
 
   RendererForUrl default_renderer() const {
     return default_renderer_;
   }
 
+  SkipMetadataCheck skip_metadata_check() const {
+    return skip_metadata_check_;
+  }
+
   RendererForUrl GetRendererForUrl(const wchar_t* url);
 
   RendererForUrl GetRendererForContentType(const wchar_t* content_type);
@@ -52,6 +62,7 @@ class PolicySettings {
   // Helper functions for reading settings from the registry
   static void ReadUrlSettings(RendererForUrl* default_renderer,
       std::vector<std::wstring>* renderer_exclusion_list);
+  static void ReadMetadataCheckSettings(SkipMetadataCheck* skip_metadata_check);
   static void ReadContentTypeSetting(
       std::vector<std::wstring>* content_type_list);
   static void ReadStringSetting(const char* value_name, std::wstring* value);
@@ -60,6 +71,7 @@ class PolicySettings {
  protected:
   PolicySettings()
       : default_renderer_(RENDERER_NOT_SPECIFIED),
+        skip_metadata_check_(SKIP_METADATA_CHECK_NOT_SPECIFIED),
         additional_launch_parameters_(CommandLine::NO_PROGRAM),
         suppress_turndown_prompt_(false) {
     RefreshFromRegistry();
@@ -73,6 +85,7 @@ class PolicySettings {
 
  protected:
   RendererForUrl default_renderer_;
+  SkipMetadataCheck skip_metadata_check_;
   std::vector<std::wstring> renderer_exclusion_list_;
   std::vector<std::wstring> content_type_list_;
   std::wstring application_locale_;
diff --git a/chrome_frame/protocol_sink_wrap.cc b/chrome_frame/protocol_sink_wrap.cc
index 93bf4d7c..b94e7c0 100644
--- a/chrome_frame/protocol_sink_wrap.cc
+++ b/chrome_frame/protocol_sink_wrap.cc
@@ -4,6 +4,7 @@
 
 #include <htiframe.h>
 #include <mshtml.h>
+#include <algorithm>
 
 #include "chrome_frame/protocol_sink_wrap.h"
 
@@ -21,6 +22,8 @@
 #include "chrome_frame/policy_settings.h"
 #include "chrome_frame/utils.h"
 
+using std::min;
+
 // BINDSTATUS_SERVER_MIMETYPEAVAILABLE == 54. Introduced in IE 8, so
 // not in everyone's headers yet. See:
 // http://msdn.microsoft.com/en-us/library/ms775133(VS.85,loband).aspx
@@ -478,7 +481,8 @@ HRESULT ProtData::ReportData(IInternetProtocolSink* delegate,
     last_chance = true;
   }
 
-  renderer_type_ = DetermineRendererType(buffer_, buffer_size_, last_chance);
+  renderer_type_ = SkipMetadataCheck() ? RENDERER_TYPE_OTHER
+      : DetermineRendererType(buffer_, buffer_size_, last_chance);
 
   if (renderer_type_ == RENDERER_TYPE_UNDETERMINED) {
     // do not report anything, we need more data.
diff --git a/chrome_frame/utils.cc b/chrome_frame/utils.cc
index 149d721..02101ed 100644
--- a/chrome_frame/utils.cc
+++ b/chrome_frame/utils.cc
@@ -9,6 +9,7 @@
 #include <htiframe.h>
 #include <mshtml.h>
 #include <shlobj.h>
+#include <limits>
 
 #include "base/file_version_info.h"
 #include "base/lazy_instance.h"
@@ -65,6 +66,7 @@ const wchar_t kAllowUnsafeURLs[] = L"AllowUnsafeURLs";
 const wchar_t kChromeFrameConfigKey[] = L"Software\\Google\\ChromeFrame";
 const wchar_t kEnableBuggyBhoIntercept[] = L"EnableBuggyBhoIntercept";
 const wchar_t kEnableGCFRendererByDefault[] = L"IsDefaultRenderer";
+const wchar_t kSkipGCFMetadataCheck[] = L"SkipGCFMetadataCheck";
 const wchar_t kExcludeUAFromDomainList[] = L"ExcludeUAFromDomain";
 const wchar_t kPatchProtocols[] = L"PatchProtocols";
 const wchar_t kRenderInGCFUrlList[] = L"RenderInGcfUrls";
@@ -737,6 +739,24 @@ bool IsGcfDefaultRenderer() {
   return is_default != 0;
 }
 
+// Check for the registry key 'SkipGCFMetadataCheck' and if true, then
+// ignore presence of <meta http-equiv="X-UA-Compatible" content="chrome=1">
+bool SkipMetadataCheck() {
+  // Check policy settings
+  PolicySettings::SkipMetadataCheck metadataCheck =
+      PolicySettings::GetInstance()->skip_metadata_check();
+  if (metadataCheck != PolicySettings::SKIP_METADATA_CHECK_NOT_SPECIFIED)
+    return (metadataCheck == PolicySettings::SKIP_METADATA_CHECK_YES);
+
+  DWORD skip = 0;
+  RegKey config_key;
+  if (config_key.Open(HKEY_CURRENT_USER, kChromeFrameConfigKey,
+                      KEY_READ) == ERROR_SUCCESS) {
+    config_key.ReadValueDW(kSkipGCFMetadataCheck, &skip);
+  }
+  return skip != 0;
+}
+
 RendererType RendererTypeForUrl(const std::wstring& url) {
   // First check if the default renderer settings are specified by policy.
   // If so, then that overrides the user settings.
diff --git a/chrome_frame/utils.h b/chrome_frame/utils.h
index d0ee2fd..95b9756 100644
--- a/chrome_frame/utils.h
+++ b/chrome_frame/utils.h
@@ -276,6 +276,11 @@ bool IsUnpinnedMode();
 // Returns true if all HTML pages should be rendered in GCF by default.
 bool IsGcfDefaultRenderer();
 
+// Returns true if the presence of
+// <meta http-equiv="X-UA-Compatible" content="chrome=1">
+// in HTML pages should be ignored
+bool SkipMetadataCheck();
+
 // Check if this url is opting into Chrome Frame based on static settings.
 // Returns one of:
 // - RENDERER_TYPE_UNDETERMINED if not opt-in or if explicit opt-out