From: Andrzej Surdej Date: Thu, 6 Dec 2012 11:20:45 +0000 (+0100) Subject: Custom handlers support for whitelist and blacklist X-Git-Tag: 2.1b_release~22^2~158 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ee0f16cdf7a8157f5850bc6027d9ee645b362ce6;p=platform%2Fframework%2Fweb%2Fwrt.git Custom handlers support for whitelist and blacklist [Issue#] N/A [Problem] N/A [Cause] N/A [Solution] N/A [Verification] To verify build repo and run custom_handler.wgt test Change-Id: I65776616193c522b2ace0d9bf76b0ad36bec368c --- diff --git a/src/view/webkit/view_logic.cpp b/src/view/webkit/view_logic.cpp index 81695a7..c2a06ac 100755 --- a/src/view/webkit/view_logic.cpp +++ b/src/view/webkit/view_logic.cpp @@ -1736,6 +1736,43 @@ void ViewLogic::detachFromCustomHandlersDao() } } +const int protocolWhiteListLenth = 15; +char const * const protocolWhiteList[protocolWhiteListLenth] = { + "irc", + "geo", + "mailto", + "magnet", + "mms", + "news", + "nntp", + "sip", + "sms", + "smsto", + "ssh", + "tel", + "urn", + "webcal", + "xmpp" +}; + +const int contentBlackListLenth = 14; +char const * const contentBlackList[contentBlackListLenth] = { + "application/x-www-form-urlencoded", + "application/xhtml+xml", + "application/xml", + "image/gif", + "image/jpeg", + "image/png", + "image/svg+xml", + "multipart/x-mixed-replace", + "text/cache-manifest", + "text/css", + "text/html", + "text/ping", + "text/plain", + "text/xml" +}; + void ViewLogic::protocolHandlerRegistrationCallback(void* data, Evas_Object* obj, void* eventInfo) @@ -1744,7 +1781,43 @@ void ViewLogic::protocolHandlerRegistrationCallback(void* data, LogDebug("enter"); CustomHandlerDB::CustomHandlerPtr customHandler = getCustomHandlerFromData(eventInfo); - //TODO: whitelist/blacklist + + std::string scheme = DPL::ToUTF8String(customHandler->target); + if (scheme.empty()) { + LogError("No scheme provided"); + //TODO what about securityError? + return; + } + bool matched = false; + //scheme on whiteList + for (int i = 0; i < protocolWhiteListLenth; ++i) { + if (0 == strcmp(protocolWhiteList[i], scheme.c_str())) + { + LogDebug("Match found, protocol can be handled"); + matched = true; + } + } + if (!matched) { + //starts with web+ and have at least 5 chars (lowercase ASCII) + if (strncmp("web+", scheme.c_str(), 4) || scheme.length() < 5) { + LogWarning("Scheme neither on whitelist nor starts with \"web+\""); + //throw SecurityException + return; + } + int l = 4; + char c = scheme[l]; + while (c != '\0') + { + if (c < 'a' || c > 'z') { + LogWarning("Wrong char inside scheme. " + << "Only lowercase ASCII letters accepted"); + //throw SecurityException + return; + } + c = scheme[++l]; + } + } + ViewLogic* This = static_cast(data); LogDebug("Creating handlers dao"); This->attachToCustomHandlersDao(); @@ -1765,6 +1838,8 @@ void ViewLogic::protocolHandlerRegistrationCallback(void* data, handlersDao.registerProtocolHandler(*(customHandler.get())); LogDebug("Protocal saved"); } + + // TODO to be continued... } void ViewLogic::protocolHandlerIsRegisteredCallback(void* data, @@ -1793,7 +1868,22 @@ void ViewLogic::contentHandlerRegistrationCallback(void* data, LogDebug("enter"); CustomHandlerDB::CustomHandlerPtr customHandler = getCustomHandlerFromData(eventInfo); - //TODO: whitelist/blacklist + + std::string mimeType = DPL::ToUTF8String(customHandler->target); + if (mimeType.empty()) { + LogError("No mimeType provided."); + return; + } + for (int i = 0; i < contentBlackListLenth; ++i) + { + if (0 == strcmp(contentBlackList[i], mimeType.c_str())) + { + LogWarning("mimeType blacklisted"); + //throw SecurityException + return; + } + } + ViewLogic* This = static_cast(data); LogDebug("Creating handlers dao"); This->attachToCustomHandlersDao(); @@ -1814,6 +1904,8 @@ void ViewLogic::contentHandlerRegistrationCallback(void* data, handlersDao.registerContentHandler(*(customHandler.get())); LogDebug("Content saved"); } + + // TODO to be continued... } void ViewLogic::contentHandlerIsRegisteredCallback(void* data,