ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mshtml: Check for CATID_SafeForScripting in GUID_CUSTOM_CONFIRMOBJECTSAFETY implementation if IObjectSafety is not available.

This commit is contained in:
Jacek Caban 2009-11-20 00:00:41 +01:00 committed by Alexandre Julliard
parent 669af158da
commit b2ffe78729
4 changed files with 114 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dlls/mshtml/htmldoc.c
View File

@ -1765,6 +1765,8 @@ static void HTMLDocumentNode_destructor(HTMLDOMNode *iface)
if(This->nsevent_listener)
release_nsevents(This);
if(This->catmgr)
ICatInformation_Release(This->catmgr);
if(This->secmgr)
IInternetSecurityManager_Release(This->secmgr);

2
dlls/mshtml/mshtml_private.h
View File

@ -18,6 +18,7 @@
#include "wingdi.h"
#include "docobj.h"
#include "comcat.h"
#include "mshtml.h"
#include "mshtmhst.h"
#include "hlink.h"
@ -503,6 +504,7 @@ struct HTMLDocumentNode {
BOOL content_ready;
IInternetSecurityManager *secmgr;
ICatInformation *catmgr;
nsDocumentEventListener *nsevent_listener;
BOOL *event_vector;

38
dlls/mshtml/secmgr.c
View File

@ -84,7 +84,7 @@ static HRESULT WINAPI InternetHostSecurityManager_ProcessUrlAction(IInternetHost
pContext, cbContext, dwFlags, dwReserved);
}
static DWORD confirm_safety(HTMLDocumentNode *This, const WCHAR *url, IUnknown *obj)
static HRESULT confirm_safety(HTMLDocumentNode *This, const WCHAR *url, struct CONFIRMSAFETY *cs, DWORD *ret)
{
DWORD policy, enabled_opts, supported_opts;
IObjectSafety *obj_safety;
@ -94,12 +94,29 @@ static DWORD confirm_safety(HTMLDocumentNode *This, const WCHAR *url, IUnknown *
hres = IInternetSecurityManager_ProcessUrlAction(This->secmgr, url, URLACTION_SCRIPT_SAFE_ACTIVEX,
(BYTE*)&policy, sizeof(policy), NULL, 0, 0, 0);
if(FAILED(hres) || policy != URLPOLICY_ALLOW)
return URLPOLICY_DISALLOW;
if(FAILED(hres) || policy != URLPOLICY_ALLOW) {
*ret = URLPOLICY_DISALLOW;
return S_OK;
}
hres = IUnknown_QueryInterface(obj, &IID_IObjectSafety, (void**)&obj_safety);
if(FAILED(hres))
return URLPOLICY_DISALLOW;
hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
if(FAILED(hres)) {
CATID scripting_catid = CATID_SafeForScripting;
if(!This->catmgr) {
hres = CoCreateInstance(&CLSID_StdComponentCategoriesMgr, NULL, CLSCTX_INPROC_SERVER,
&IID_ICatInformation, (void**)&This->catmgr);
if(FAILED(hres))
return hres;
}
hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &scripting_catid, 0, NULL);
if(FAILED(hres))
return hres;
*ret = hres == S_OK ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
return S_OK;
}
hres = IObjectSafety_GetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, &supported_opts, &enabled_opts);
if(SUCCEEDED(hres)) {
@ -109,10 +126,9 @@ static DWORD confirm_safety(HTMLDocumentNode *This, const WCHAR *url, IUnknown *
hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, enabled_opts, enabled_opts);
}
IObjectSafety_Release(obj_safety);
if(FAILED(hres))
return URLPOLICY_DISALLOW;
return URLPOLICY_ALLOW;
*ret = SUCCEEDED(hres) ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
return S_OK;
}
static HRESULT WINAPI InternetHostSecurityManager_QueryCustomPolicy(IInternetHostSecurityManager *iface, REFGUID guidKey,
@ -149,7 +165,9 @@ static HRESULT WINAPI InternetHostSecurityManager_QueryCustomPolicy(IInternetHos
return E_FAIL;
}
policy = confirm_safety(This, url, cs->pUnk);
hres = confirm_safety(This, url, cs, &policy);
if(FAILED(hres))
return hres;
*ppPolicy = CoTaskMemAlloc(sizeof(policy));
if(!*ppPolicy)

104
dlls/mshtml/tests/script.c
View File

@ -121,6 +121,7 @@ DEFINE_EXPECT(AXGetInterfaceSafetyOptions);
DEFINE_EXPECT(AXSetInterfaceSafetyOptions);
#define TESTSCRIPT_CLSID "{178fc163-f585-4e24-9c13-4bb7faf80746}"
#define TESTACTIVEX_CLSID "{178fc163-f585-4e24-9c13-4bb7faf80646}"
#define DISPID_SCRIPT_TESTPROP 0x100000
@ -133,6 +134,7 @@ static IHTMLDocument2 *notif_doc;
static IDispatchEx *window_dispex;
static BOOL doc_complete;
static IDispatch *script_disp;
static BOOL ax_objsafe;
static const char *debugstr_guid(REFIID riid)
{
@ -165,6 +167,28 @@ static BSTR a2bstr(const char *str)
return ret;
}
static BOOL init_key(const char *key_name, const char *def_value, BOOL init)
{
HKEY hkey;
DWORD res;
if(!init) {
RegDeleteKey(HKEY_CLASSES_ROOT, key_name);
return TRUE;
}
res = RegCreateKeyA(HKEY_CLASSES_ROOT, key_name, &hkey);
if(res != ERROR_SUCCESS)
return FALSE;
if(def_value)
res = RegSetValueA(hkey, NULL, REG_SZ, def_value, strlen(def_value));
RegCloseKey(hkey);
return res == ERROR_SUCCESS;
}
static HRESULT WINAPI PropertyNotifySink_QueryInterface(IPropertyNotifySink *iface,
REFIID riid, void**ppv)
{
@ -599,6 +623,8 @@ static HRESULT WINAPI AXObjectSafety_QueryInterface(IObjectSafety *iface, REFIID
if(IsEqualGUID(&IID_IObjectSafety, riid)) {
CHECK_EXPECT(AXQueryInterface_IObjectSafety);
if(!ax_objsafe)
return E_NOINTERFACE;
*ppv = iface;
return S_OK;
}
@ -647,6 +673,12 @@ static const IObjectSafetyVtbl AXObjectSafetyVtbl = {
static IObjectSafety AXObjectSafety = { &AXObjectSafetyVtbl };
static BOOL set_safe_reg(BOOL init)
{
return init_key("CLSID\\"TESTACTIVEX_CLSID"\\Implemented Categories\\{7dd95801-9882-11cf-9fa9-00aa006c42c4}",
NULL, init);
}
static void test_security(void)
{
IInternetHostSecurityManager *sec_mgr;
@ -673,6 +705,7 @@ static void test_security(void)
cs.pUnk = (IUnknown*)&AXObjectSafety;
cs.dwFlags = 0;
ax_objsafe = TRUE;
SET_EXPECT(AXQueryInterface_IActiveScript);
SET_EXPECT(AXQueryInterface_IObjectSafety);
SET_EXPECT(AXGetInterfaceSafetyOptions);
@ -689,6 +722,55 @@ static void test_security(void)
ok(*(DWORD*)ppolicy == URLPOLICY_ALLOW, "policy = %x\n", *(DWORD*)ppolicy);
CoTaskMemFree(ppolicy);
ax_objsafe = FALSE;
SET_EXPECT(AXQueryInterface_IActiveScript);
SET_EXPECT(AXQueryInterface_IObjectSafety);
hres = IInternetHostSecurityManager_QueryCustomPolicy(sec_mgr, &GUID_CUSTOM_CONFIRMOBJECTSAFETY,
&ppolicy, &policy_size, (BYTE*)&cs, sizeof(cs), 0);
CHECK_CALLED(AXQueryInterface_IActiveScript);
CHECK_CALLED(AXQueryInterface_IObjectSafety);
ok(hres == S_OK, "QueryCusromPolicy failed: %08x\n", hres);
ok(policy_size == sizeof(DWORD), "policy_size = %d\n", policy_size);
ok(*(DWORD*)ppolicy == URLPOLICY_DISALLOW, "policy = %x\n", *(DWORD*)ppolicy);
CoTaskMemFree(ppolicy);
if(set_safe_reg(TRUE)) {
ax_objsafe = FALSE;
SET_EXPECT(AXQueryInterface_IActiveScript);
SET_EXPECT(AXQueryInterface_IObjectSafety);
hres = IInternetHostSecurityManager_QueryCustomPolicy(sec_mgr, &GUID_CUSTOM_CONFIRMOBJECTSAFETY,
&ppolicy, &policy_size, (BYTE*)&cs, sizeof(cs), 0);
CHECK_CALLED(AXQueryInterface_IActiveScript);
CHECK_CALLED(AXQueryInterface_IObjectSafety);
ok(hres == S_OK, "QueryCusromPolicy failed: %08x\n", hres);
ok(policy_size == sizeof(DWORD), "policy_size = %d\n", policy_size);
ok(*(DWORD*)ppolicy == URLPOLICY_ALLOW, "policy = %x\n", *(DWORD*)ppolicy);
CoTaskMemFree(ppolicy);
ax_objsafe = TRUE;
SET_EXPECT(AXQueryInterface_IActiveScript);
SET_EXPECT(AXQueryInterface_IObjectSafety);
SET_EXPECT(AXGetInterfaceSafetyOptions);
SET_EXPECT(AXSetInterfaceSafetyOptions);
hres = IInternetHostSecurityManager_QueryCustomPolicy(sec_mgr, &GUID_CUSTOM_CONFIRMOBJECTSAFETY,
&ppolicy, &policy_size, (BYTE*)&cs, sizeof(cs), 0);
CHECK_CALLED(AXQueryInterface_IActiveScript);
CHECK_CALLED(AXQueryInterface_IObjectSafety);
CHECK_CALLED(AXGetInterfaceSafetyOptions);
CHECK_CALLED(AXSetInterfaceSafetyOptions);
ok(hres == S_OK, "QueryCusromPolicy failed: %08x\n", hres);
ok(policy_size == sizeof(DWORD), "policy_size = %d\n", policy_size);
ok(*(DWORD*)ppolicy == URLPOLICY_ALLOW, "policy = %x\n", *(DWORD*)ppolicy);
CoTaskMemFree(ppolicy);
set_safe_reg(FALSE);
}else {
skip("Could not set safety registry\n");
}
IInternetHostSecurityManager_Release(sec_mgr);
}
@ -1510,28 +1592,6 @@ static void test_simple_script(void)
CHECK_CALLED(Close);
}
static BOOL init_key(const char *key_name, const char *def_value, BOOL init)
{
HKEY hkey;
DWORD res;
if(!init) {
RegDeleteKey(HKEY_CLASSES_ROOT, key_name);
return TRUE;
}
res = RegCreateKeyA(HKEY_CLASSES_ROOT, key_name, &hkey);
if(res != ERROR_SUCCESS)
return FALSE;
if(def_value)
res = RegSetValueA(hkey, NULL, REG_SZ, def_value, strlen(def_value));
RegCloseKey(hkey);
return res == ERROR_SUCCESS;
}
static BOOL init_registry(BOOL init)
{
return init_key("TestScript\\CLSID", TESTSCRIPT_CLSID, init)