ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mshtml: Added support for CONFIRMSAFETYACTION_LOADOBJECT flag in CONFIRMSAFETY struct.

This commit is contained in:
Jacek Caban 2010-12-09 16:28:58 +01:00 committed by Alexandre Julliard
parent 483fe27730
commit 331460793c
1 changed files with 54 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
dlls/mshtml/secmgr.c
View File

@ -84,6 +84,30 @@ static HRESULT WINAPI InternetHostSecurityManager_ProcessUrlAction(IInternetHost
pContext, cbContext, dwFlags, dwReserved);
}
static HRESULT confirm_safety_load(HTMLDocumentNode *This, struct CONFIRMSAFETY *cs, DWORD *ret)
{
IObjectSafety *obj_safety;
HRESULT hres;
hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
if(SUCCEEDED(hres)) {
hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch,
INTERFACESAFE_FOR_UNTRUSTED_DATA, INTERFACESAFE_FOR_UNTRUSTED_DATA);
IObjectSafety_Release(obj_safety);
*ret = SUCCEEDED(hres) ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
}else {
CATID init_catid = CATID_SafeForInitializing;
hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &init_catid, 0, NULL);
if(FAILED(hres))
return hres;
*ret = hres == S_OK ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
}
return S_OK;
}
static HRESULT confirm_safety(HTMLDocumentNode *This, const WCHAR *url, struct CONFIRMSAFETY *cs, DWORD *ret)
{
DWORD policy, enabled_opts, supported_opts;
@ -102,7 +126,27 @@ static HRESULT confirm_safety(HTMLDocumentNode *This, const WCHAR *url, struct C
}
hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
if(FAILED(hres)) {
if(SUCCEEDED(hres)) {
hres = IObjectSafety_GetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, &supported_opts, &enabled_opts);
if(FAILED(hres))
supported_opts = 0;
enabled_opts = INTERFACESAFE_FOR_UNTRUSTED_CALLER;
if(supported_opts & INTERFACE_USES_SECURITY_MANAGER)
enabled_opts |= INTERFACE_USES_SECURITY_MANAGER;
hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, enabled_opts, enabled_opts);
if(FAILED(hres)) {
enabled_opts &= ~INTERFACE_USES_SECURITY_MANAGER;
hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch, enabled_opts, enabled_opts);
}
IObjectSafety_Release(obj_safety);
if(FAILED(hres)) {
*ret = URLPOLICY_DISALLOW;
return S_OK;
}
}else {
CATID scripting_catid = CATID_SafeForScripting;
if(!This->catmgr) {
@ -116,26 +160,16 @@ static HRESULT confirm_safety(HTMLDocumentNode *This, const WCHAR *url, struct C
if(FAILED(hres))
return hres;
*ret = hres == S_OK ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
return S_OK;
if(hres != S_OK) {
*ret = URLPOLICY_DISALLOW;
return S_OK;
}
}
hres = IObjectSafety_GetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, &supported_opts, &enabled_opts);
if(FAILED(hres))
supported_opts = 0;
if(cs->dwFlags & CONFIRMSAFETYACTION_LOADOBJECT)
return confirm_safety_load(This, cs, ret);
enabled_opts = INTERFACESAFE_FOR_UNTRUSTED_CALLER;
if(supported_opts & INTERFACE_USES_SECURITY_MANAGER)
enabled_opts |= INTERFACE_USES_SECURITY_MANAGER;
hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, enabled_opts, enabled_opts);
if(FAILED(hres)) {
enabled_opts &= ~INTERFACE_USES_SECURITY_MANAGER;
hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatch, enabled_opts, enabled_opts);
}
IObjectSafety_Release(obj_safety);
*ret = SUCCEEDED(hres) ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
*ret = URLPOLICY_ALLOW;
return S_OK;
}
@ -166,6 +200,8 @@ static HRESULT WINAPI InternetHostSecurityManager_QueryCustomPolicy(IInternetHos
}
cs = (struct CONFIRMSAFETY*)pContext;
TRACE("cs = {%s %p %x}\n", debugstr_guid(&cs->clsid), cs->pUnk, cs->dwFlags);
hres = IUnknown_QueryInterface(cs->pUnk, &IID_IActiveScript, (void**)&active_script);
if(SUCCEEDED(hres)) {
FIXME("Got IAciveScript iface\n");