Add support for gcf:about:plugins in chrome frame full tab mode. The URL vali...

chrome_frame/utils.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome_frame/utils.h"
 
 #include <htiframe.h>
 #include <mshtml.h>
 #include <shlobj.h>
 
@@ skipping 13 matching lines @@
 #include "base/utf_string_conversions.h"
 #include "base/win/registry.h"
 #include "base/win/scoped_bstr.h"
 #include "base/win/scoped_comptr.h"
 #include "base/win/scoped_variant.h"
 #include "chrome/common/chrome_paths_internal.h"
 #include "chrome/common/url_constants.h"
 #include "chrome/installer/util/chrome_frame_distribution.h"
 #include "chrome_frame/extra_system_apis.h"
 #include "chrome_frame/html_utils.h"
+#include "chrome_frame/navigation_constraints.h"
 #include "chrome_frame/policy_settings.h"
 #include "chrome_frame/simple_resource_loader.h"
 #include "googleurl/src/gurl.h"
 #include "googleurl/src/url_canon.h"
 #include "grit/chromium_strings.h"
 #include "net/base/escape.h"
 #include "net/http/http_util.h"
 
 using base::win::RegKey;
 using base::win::ScopedComPtr;
@@ skipping 1372 matching lines @@
 
 void ChromeFrameUrl::Reset() {
   attach_to_external_tab_ = false;
   is_chrome_protocol_ = false;
   cookie_ = 0;
   dimensions_.SetRect(0, 0, 0, 0);
   disposition_ = 0;
   profile_name_.clear();
 }
 
-bool CanNavigate(const GURL& url, IInternetSecurityManager* security_manager,
-                 bool is_privileged) {
+bool CanNavigate(const GURL& url,
+                 NavigationConstraints* navigation_constraints) {
   if (!url.is_valid()) {
     DLOG(ERROR) << "Invalid URL passed to InitiateNavigation: " << url;
     return false;
   }
 
+  if (!navigation_constraints) {
+    NOTREACHED() << "Invalid NavigationConstraints passed in";
+    return false;
+  }
+
   // No sanity checks if unsafe URLs are allowed
-  if (GetConfigBool(false, kAllowUnsafeURLs))
+  if (navigation_constraints->AllowUnsafeUrls())
     return true;
 
-  if (!IsValidUrlScheme(url, is_privileged)) {
+  if (!navigation_constraints->IsSchemeAllowed(url)) {
     DLOG(WARNING) << __FUNCTION__ << " Disallowing navigation to url: " << url;
     return false;
   }
 
-  // Allow only about:blank or about:version
-  if (url.SchemeIs(chrome::kAboutScheme)) {
-    if (!LowerCaseEqualsASCII(url.spec(), chrome::kAboutBlankURL) &&
-        !LowerCaseEqualsASCII(url.spec(), chrome::kAboutVersionURL)) {
-      DLOG(WARNING) << __FUNCTION__
-                    << " Disallowing navigation to about url: " << url;
-      return false;
-    }
+  if (!navigation_constraints->IsZoneAllowed(url)) {
+    DLOG(WARNING) << __FUNCTION__
+                  << " Disallowing navigation to restricted url: " << url;
+    return false;
   }
-
-  // Prevent navigations to URLs in untrusted zone, even in Firefox.
-  if (security_manager) {
-    DWORD zone = URLZONE_INVALID;
-    std::wstring unicode_url = UTF8ToWide(url.spec());
-    security_manager->MapUrlToZone(unicode_url.c_str(), &zone, 0);
-    if (zone == URLZONE_UNTRUSTED) {
-      DLOG(WARNING) << __FUNCTION__
-                    << " Disallowing navigation to restricted url: " << url;
-      return false;
-    }
-  }
-
   return true;
 }
 
 void PinModule() {
   static bool s_pinned = false;
   if (!s_pinned && !IsUnpinnedMode()) {
     FilePath module_path;
     if (PathService::Get(base::FILE_MODULE, &module_path)) {
       HMODULE unused;
       if (!GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_PIN,
@@ skipping 95 matching lines @@
 
 void EnumerateKeyValues(HKEY parent_key, const wchar_t* sub_key_name,
                         std::vector<std::wstring>* values) {
   DCHECK(values);
   base::win::RegistryValueIterator url_list(parent_key, sub_key_name);
   while (url_list.Valid()) {
     values->push_back(url_list.Value());
     ++url_list;
   }
 }