1// Copyright (c) 2010 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome_frame/navigation_constraints.h"
6
7#include "base/strings/string_util.h"
8#include "base/strings/utf_string_conversions.h"
9#include "chrome/common/url_constants.h"
10#include "chrome_frame/utils.h"
11#include "extensions/common/constants.h"
12
13NavigationConstraintsImpl::NavigationConstraintsImpl() : is_privileged_(false) {
14}
15
16// NavigationConstraintsImpl method definitions.
17bool NavigationConstraintsImpl::AllowUnsafeUrls() {
18  // No sanity checks if unsafe URLs are allowed
19  return GetConfigBool(false, kAllowUnsafeURLs);
20}
21
22bool NavigationConstraintsImpl::IsSchemeAllowed(const GURL& url) {
23  if (url.is_empty())
24    return false;
25
26  if (!url.is_valid())
27    return false;
28
29  if (url.SchemeIs(chrome::kHttpScheme) ||
30      url.SchemeIs(chrome::kHttpsScheme))
31    return true;
32
33  // Additional checking for view-source. Allow only http and https
34  // URLs in view source.
35  if (url.SchemeIs(content::kViewSourceScheme)) {
36    GURL sub_url(url.GetContent());
37    if (sub_url.SchemeIs(chrome::kHttpScheme) ||
38        sub_url.SchemeIs(chrome::kHttpsScheme))
39      return true;
40  }
41
42  // Allow only about:blank or about:version
43  if (url.SchemeIs(chrome::kAboutScheme)) {
44    if (LowerCaseEqualsASCII(url.spec(), content::kAboutBlankURL) ||
45        LowerCaseEqualsASCII(url.spec(), chrome::kAboutVersionURL)) {
46      return true;
47    }
48  }
49
50  if (is_privileged_ &&
51      (url.SchemeIs(chrome::kDataScheme) ||
52       url.SchemeIs(extensions::kExtensionScheme))) {
53    return true;
54  }
55
56  return false;
57}
58
59bool NavigationConstraintsImpl::IsZoneAllowed(const GURL& url) {
60  if (!security_manager_) {
61    HRESULT hr = security_manager_.CreateInstance(
62        CLSID_InternetSecurityManager);
63    if (FAILED(hr)) {
64      NOTREACHED() << __FUNCTION__
65                   << " Failed to create SecurityManager. Error: 0x%x"
66                   << hr;
67      return true;
68    }
69    DWORD zone = URLZONE_INVALID;
70    std::wstring unicode_url = UTF8ToWide(url.spec());
71    security_manager_->MapUrlToZone(unicode_url.c_str(), &zone, 0);
72    if (zone == URLZONE_UNTRUSTED) {
73      DLOG(WARNING) << __FUNCTION__
74                    << " Disallowing navigation to restricted url: " << url;
75      return false;
76    }
77  }
78  return true;
79}
80
81bool NavigationConstraintsImpl::is_privileged() const {
82  return is_privileged_;
83}
84
85void NavigationConstraintsImpl::set_is_privileged(bool is_privileged) {
86  is_privileged_ = is_privileged;
87}
88