1// Copyright (c) 2010 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome_frame/navigation_constraints.h" 6 7#include "base/strings/string_util.h" 8#include "base/strings/utf_string_conversions.h" 9#include "chrome/common/url_constants.h" 10#include "chrome_frame/utils.h" 11#include "extensions/common/constants.h" 12 13NavigationConstraintsImpl::NavigationConstraintsImpl() : is_privileged_(false) { 14} 15 16// NavigationConstraintsImpl method definitions. 17bool NavigationConstraintsImpl::AllowUnsafeUrls() { 18 // No sanity checks if unsafe URLs are allowed 19 return GetConfigBool(false, kAllowUnsafeURLs); 20} 21 22bool NavigationConstraintsImpl::IsSchemeAllowed(const GURL& url) { 23 if (url.is_empty()) 24 return false; 25 26 if (!url.is_valid()) 27 return false; 28 29 if (url.SchemeIs(chrome::kHttpScheme) || 30 url.SchemeIs(chrome::kHttpsScheme)) 31 return true; 32 33 // Additional checking for view-source. Allow only http and https 34 // URLs in view source. 35 if (url.SchemeIs(content::kViewSourceScheme)) { 36 GURL sub_url(url.GetContent()); 37 if (sub_url.SchemeIs(chrome::kHttpScheme) || 38 sub_url.SchemeIs(chrome::kHttpsScheme)) 39 return true; 40 } 41 42 // Allow only about:blank or about:version 43 if (url.SchemeIs(chrome::kAboutScheme)) { 44 if (LowerCaseEqualsASCII(url.spec(), content::kAboutBlankURL) || 45 LowerCaseEqualsASCII(url.spec(), chrome::kAboutVersionURL)) { 46 return true; 47 } 48 } 49 50 if (is_privileged_ && 51 (url.SchemeIs(chrome::kDataScheme) || 52 url.SchemeIs(extensions::kExtensionScheme))) { 53 return true; 54 } 55 56 return false; 57} 58 59bool NavigationConstraintsImpl::IsZoneAllowed(const GURL& url) { 60 if (!security_manager_) { 61 HRESULT hr = security_manager_.CreateInstance( 62 CLSID_InternetSecurityManager); 63 if (FAILED(hr)) { 64 NOTREACHED() << __FUNCTION__ 65 << " Failed to create SecurityManager. Error: 0x%x" 66 << hr; 67 return true; 68 } 69 DWORD zone = URLZONE_INVALID; 70 std::wstring unicode_url = UTF8ToWide(url.spec()); 71 security_manager_->MapUrlToZone(unicode_url.c_str(), &zone, 0); 72 if (zone == URLZONE_UNTRUSTED) { 73 DLOG(WARNING) << __FUNCTION__ 74 << " Disallowing navigation to restricted url: " << url; 75 return false; 76 } 77 } 78 return true; 79} 80 81bool NavigationConstraintsImpl::is_privileged() const { 82 return is_privileged_; 83} 84 85void NavigationConstraintsImpl::set_is_privileged(bool is_privileged) { 86 is_privileged_ = is_privileged; 87} 88