}
}
+const int protocolWhiteListLenth = 15;
+char const * const protocolWhiteList[protocolWhiteListLenth] = {
+ "irc",
+ "geo",
+ "mailto",
+ "magnet",
+ "mms",
+ "news",
+ "nntp",
+ "sip",
+ "sms",
+ "smsto",
+ "ssh",
+ "tel",
+ "urn",
+ "webcal",
+ "xmpp"
+};
+
+const int contentBlackListLenth = 14;
+char const * const contentBlackList[contentBlackListLenth] = {
+ "application/x-www-form-urlencoded",
+ "application/xhtml+xml",
+ "application/xml",
+ "image/gif",
+ "image/jpeg",
+ "image/png",
+ "image/svg+xml",
+ "multipart/x-mixed-replace",
+ "text/cache-manifest",
+ "text/css",
+ "text/html",
+ "text/ping",
+ "text/plain",
+ "text/xml"
+};
+
void ViewLogic::protocolHandlerRegistrationCallback(void* data,
Evas_Object* obj,
void* eventInfo)
LogDebug("enter");
CustomHandlerDB::CustomHandlerPtr customHandler =
getCustomHandlerFromData(eventInfo);
- //TODO: whitelist/blacklist
+
+ std::string scheme = DPL::ToUTF8String(customHandler->target);
+ if (scheme.empty()) {
+ LogError("No scheme provided");
+ //TODO what about securityError?
+ return;
+ }
+ bool matched = false;
+ //scheme on whiteList
+ for (int i = 0; i < protocolWhiteListLenth; ++i) {
+ if (0 == strcmp(protocolWhiteList[i], scheme.c_str()))
+ {
+ LogDebug("Match found, protocol can be handled");
+ matched = true;
+ }
+ }
+ if (!matched) {
+ //starts with web+ and have at least 5 chars (lowercase ASCII)
+ if (strncmp("web+", scheme.c_str(), 4) || scheme.length() < 5) {
+ LogWarning("Scheme neither on whitelist nor starts with \"web+\"");
+ //throw SecurityException
+ return;
+ }
+ int l = 4;
+ char c = scheme[l];
+ while (c != '\0')
+ {
+ if (c < 'a' || c > 'z') {
+ LogWarning("Wrong char inside scheme. "
+ << "Only lowercase ASCII letters accepted");
+ //throw SecurityException
+ return;
+ }
+ c = scheme[++l];
+ }
+ }
+
ViewLogic* This = static_cast<ViewLogic*>(data);
LogDebug("Creating handlers dao");
This->attachToCustomHandlersDao();
handlersDao.registerProtocolHandler(*(customHandler.get()));
LogDebug("Protocal saved");
}
+
+ // TODO to be continued...
}
void ViewLogic::protocolHandlerIsRegisteredCallback(void* data,
LogDebug("enter");
CustomHandlerDB::CustomHandlerPtr customHandler =
getCustomHandlerFromData(eventInfo);
- //TODO: whitelist/blacklist
+
+ std::string mimeType = DPL::ToUTF8String(customHandler->target);
+ if (mimeType.empty()) {
+ LogError("No mimeType provided.");
+ return;
+ }
+ for (int i = 0; i < contentBlackListLenth; ++i)
+ {
+ if (0 == strcmp(contentBlackList[i], mimeType.c_str()))
+ {
+ LogWarning("mimeType blacklisted");
+ //throw SecurityException
+ return;
+ }
+ }
+
ViewLogic* This = static_cast<ViewLogic*>(data);
LogDebug("Creating handlers dao");
This->attachToCustomHandlersDao();
handlersDao.registerContentHandler(*(customHandler.get()));
LogDebug("Content saved");
}
+
+ // TODO to be continued...
}
void ViewLogic::contentHandlerIsRegisteredCallback(void* data,
projects / platform / framework / web / wrt.git / commitdiff