From 91166cf4b149a3c5fbaba16529788420954d4fab Mon Sep 17 00:00:00 2001 From: Christian Persch Date: Wed, 26 Nov 2003 18:43:05 +0000 Subject: Implement disabling unsafe protocols for lock-down mode. 2003-11-26 Christian Persch * embed/mozilla/EphyContentPolicy.cpp: * embed/mozilla/EphyContentPolicy.h: * embed/mozilla/Makefile.am: * embed/mozilla/MozRegisterComponents.cpp: Implement disabling unsafe protocols for lock-down mode. --- embed/mozilla/EphyContentPolicy.cpp | 118 ++++++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 embed/mozilla/EphyContentPolicy.cpp (limited to 'embed/mozilla/EphyContentPolicy.cpp') diff --git a/embed/mozilla/EphyContentPolicy.cpp b/embed/mozilla/EphyContentPolicy.cpp new file mode 100644 index 000000000..e84e7d73b --- /dev/null +++ b/embed/mozilla/EphyContentPolicy.cpp @@ -0,0 +1,118 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- + * + * Copyright (C) 2003 Christian Persch + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + * $Id$ + */ + +/* Relevant Mozilla bug numbers: + * + * The API will change soon: + * http://bugzilla.mozilla.org/show_bug.cgi?id=191839 + * "Content Policy API sucks rock" + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "EphyContentPolicy.h" + +#include "eel-gconf-extensions.h" +#include "ephy-debug.h" + +#include +#include +#include + +#define CONF_LOCKDOWN_DISABLE_UNSAFE_PROTOCOLS "/apps/epiphany/lockdown/disable_unsafe_protocols" +#define CONF_LOCKDOWN_ADDITIONAL_SAFE_PROTOCOLS "/apps/epiphany/lockdown/additional_safe_protocols" + +NS_IMPL_ISUPPORTS1(EphyContentPolicy, nsIContentPolicy) + +EphyContentPolicy::EphyContentPolicy() +{ + LOG ("EphyContentPolicy constructor") + + mLocked = eel_gconf_get_boolean (CONF_LOCKDOWN_DISABLE_UNSAFE_PROTOCOLS); + mSafeProtocols = eel_gconf_get_string_list (CONF_LOCKDOWN_ADDITIONAL_SAFE_PROTOCOLS); + + mSafeProtocols = g_slist_prepend (mSafeProtocols, g_strdup ("https")); + mSafeProtocols = g_slist_prepend (mSafeProtocols, g_strdup ("http")); +} + +EphyContentPolicy::~EphyContentPolicy() +{ + LOG ("EphyContentPolicy destructor") + + g_slist_foreach (mSafeProtocols, (GFunc) g_free, NULL); + g_slist_free (mSafeProtocols); +} + +/* boolean shouldLoad (in PRInt32 contentType, in nsIURI contentLocation, in nsISupports ctxt, in nsIDOMWindow window); */ +NS_IMETHODIMP EphyContentPolicy::ShouldLoad(PRInt32 contentType, + nsIURI *contentLocation, + nsISupports *ctxt, + nsIDOMWindow *window, + PRBool *_retval) +{ + if (!mLocked) + { + LOG ("Not locked!") + + *_retval = PR_TRUE; + + return NS_OK; + } + + nsCAutoString scheme; + contentLocation->GetScheme (scheme); + + nsCAutoString spec; + contentLocation->GetSpec (spec); + + LOG ("ShouldLoad type=%d location=%s (scheme %s)", contentType, spec.get(), scheme.get()) + + *_retval = PR_FALSE; + + /* Allow the load if the protocol is in safe list, or it's about:blank */ + if (g_slist_find_custom (mSafeProtocols, scheme.get(), (GCompareFunc) strcmp) + || spec.Equals ("about:blank")) + { + *_retval = PR_TRUE; + } + + LOG ("Decision: %sallowing load", *_retval == PR_TRUE ? "" : "NOT ") + + return NS_OK; +} + +/* boolean shouldProcess (in PRInt32 contentType, in nsIURI documentLocation, in nsISupports ctxt, in nsIDOMWindow window); */ +NS_IMETHODIMP EphyContentPolicy::ShouldProcess(PRInt32 contentType, + nsIURI *documentLocation, + nsISupports *ctxt, + nsIDOMWindow *window, + PRBool *_retval) +{ + /* As far as I can tell from reading mozilla code, this is never called. */ + + LOG ("ShouldProcess: this is quite unexpected!") + + *_retval = PR_TRUE; + + return NS_OK; +} -- cgit v1.2.3