2 * Copyright 2009 Jacek Caban for CodeWeavers
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 #include "mshtml_private.h"
23 static const WCHAR about_blankW
[] = {'a','b','o','u','t',':','b','l','a','n','k',0};
25 /* Defined as extern in urlmon.idl, but not exported by uuid.lib */
26 DECLSPEC_HIDDEN
const GUID GUID_CUSTOM_CONFIRMOBJECTSAFETY
=
27 {0x10200490,0xfa38,0x11d0,{0xac,0x0e,0x00,0xa0,0xc9,0xf,0xff,0xc0}};
29 static inline HTMLDocumentNode
*impl_from_IInternetHostSecurityManager(IInternetHostSecurityManager
*iface
)
31 return CONTAINING_RECORD(iface
, HTMLDocumentNode
, IInternetHostSecurityManager_iface
);
34 static HRESULT WINAPI
InternetHostSecurityManager_QueryInterface(IInternetHostSecurityManager
*iface
, REFIID riid
, void **ppv
)
36 HTMLDocumentNode
*This
= impl_from_IInternetHostSecurityManager(iface
);
37 return IHTMLDOMNode_QueryInterface(&This
->node
.IHTMLDOMNode_iface
, riid
, ppv
);
40 static ULONG WINAPI
InternetHostSecurityManager_AddRef(IInternetHostSecurityManager
*iface
)
42 HTMLDocumentNode
*This
= impl_from_IInternetHostSecurityManager(iface
);
43 return IHTMLDOMNode_AddRef(&This
->node
.IHTMLDOMNode_iface
);
46 static ULONG WINAPI
InternetHostSecurityManager_Release(IInternetHostSecurityManager
*iface
)
48 HTMLDocumentNode
*This
= impl_from_IInternetHostSecurityManager(iface
);
49 return IHTMLDOMNode_Release(&This
->node
.IHTMLDOMNode_iface
);
52 static HRESULT WINAPI
InternetHostSecurityManager_GetSecurityId(IInternetHostSecurityManager
*iface
, BYTE
*pbSecurityId
,
53 DWORD
*pcbSecurityId
, DWORD_PTR dwReserved
)
55 HTMLDocumentNode
*This
= impl_from_IInternetHostSecurityManager(iface
);
56 FIXME("(%p)->(%p %p %lx)\n", This
, pbSecurityId
, pcbSecurityId
, dwReserved
);
60 static HRESULT WINAPI
InternetHostSecurityManager_ProcessUrlAction(IInternetHostSecurityManager
*iface
, DWORD dwAction
,
61 BYTE
*pPolicy
, DWORD cbPolicy
, BYTE
*pContext
, DWORD cbContext
, DWORD dwFlags
, DWORD dwReserved
)
63 HTMLDocumentNode
*This
= impl_from_IInternetHostSecurityManager(iface
);
66 TRACE("(%p)->(%d %p %d %p %d %x %x)\n", This
, dwAction
, pPolicy
, cbPolicy
, pContext
, cbContext
, dwFlags
, dwReserved
);
68 if(!This
->basedoc
.window
)
71 url
= This
->basedoc
.window
->url
? This
->basedoc
.window
->url
: about_blankW
;
73 return IInternetSecurityManager_ProcessUrlAction(This
->basedoc
.window
->secmgr
, url
, dwAction
, pPolicy
, cbPolicy
,
74 pContext
, cbContext
, dwFlags
, dwReserved
);
77 static HRESULT
confirm_safety_load(HTMLDocumentNode
*This
, struct CONFIRMSAFETY
*cs
, DWORD
*ret
)
79 IObjectSafety
*obj_safety
;
82 hres
= IUnknown_QueryInterface(cs
->pUnk
, &IID_IObjectSafety
, (void**)&obj_safety
);
84 hres
= IObjectSafety_SetInterfaceSafetyOptions(obj_safety
, &IID_IDispatch
,
85 INTERFACESAFE_FOR_UNTRUSTED_DATA
, INTERFACESAFE_FOR_UNTRUSTED_DATA
);
86 IObjectSafety_Release(obj_safety
);
87 *ret
= SUCCEEDED(hres
) ? URLPOLICY_ALLOW
: URLPOLICY_DISALLOW
;
89 CATID init_catid
= CATID_SafeForInitializing
;
91 hres
= ICatInformation_IsClassOfCategories(This
->catmgr
, &cs
->clsid
, 1, &init_catid
, 0, NULL
);
92 assert(SUCCEEDED(hres
));
93 *ret
= hres
== S_OK
? URLPOLICY_ALLOW
: URLPOLICY_DISALLOW
;
99 static HRESULT
confirm_safety(HTMLDocumentNode
*This
, const WCHAR
*url
, struct CONFIRMSAFETY
*cs
, DWORD
*ret
)
101 DWORD policy
, enabled_opts
, supported_opts
;
102 IObjectSafety
*obj_safety
;
105 TRACE("%s %p %s\n", debugstr_w(url
), cs
->pUnk
, debugstr_guid(&cs
->clsid
));
107 /* FIXME: Check URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY */
109 hres
= IInternetSecurityManager_ProcessUrlAction(This
->basedoc
.window
->secmgr
, url
, URLACTION_SCRIPT_SAFE_ACTIVEX
,
110 (BYTE
*)&policy
, sizeof(policy
), NULL
, 0, 0, 0);
111 if(FAILED(hres
) || policy
!= URLPOLICY_ALLOW
) {
112 *ret
= URLPOLICY_DISALLOW
;
116 hres
= IUnknown_QueryInterface(cs
->pUnk
, &IID_IObjectSafety
, (void**)&obj_safety
);
117 if(SUCCEEDED(hres
)) {
118 hres
= IObjectSafety_GetInterfaceSafetyOptions(obj_safety
, &IID_IDispatchEx
, &supported_opts
, &enabled_opts
);
122 enabled_opts
= INTERFACESAFE_FOR_UNTRUSTED_CALLER
;
123 if(supported_opts
& INTERFACE_USES_SECURITY_MANAGER
)
124 enabled_opts
|= INTERFACE_USES_SECURITY_MANAGER
;
126 hres
= IObjectSafety_SetInterfaceSafetyOptions(obj_safety
, &IID_IDispatchEx
, enabled_opts
, enabled_opts
);
128 enabled_opts
&= ~INTERFACE_USES_SECURITY_MANAGER
;
129 hres
= IObjectSafety_SetInterfaceSafetyOptions(obj_safety
, &IID_IDispatch
, enabled_opts
, enabled_opts
);
131 IObjectSafety_Release(obj_safety
);
134 *ret
= URLPOLICY_DISALLOW
;
138 CATID scripting_catid
= CATID_SafeForScripting
;
141 hres
= CoCreateInstance(&CLSID_StdComponentCategoriesMgr
, NULL
, CLSCTX_INPROC_SERVER
,
142 &IID_ICatInformation
, (void**)&This
->catmgr
);
147 hres
= ICatInformation_IsClassOfCategories(This
->catmgr
, &cs
->clsid
, 1, &scripting_catid
, 0, NULL
);
152 *ret
= URLPOLICY_DISALLOW
;
157 if(cs
->dwFlags
& CONFIRMSAFETYACTION_LOADOBJECT
)
158 return confirm_safety_load(This
, cs
, ret
);
160 *ret
= URLPOLICY_ALLOW
;
164 static HRESULT WINAPI
InternetHostSecurityManager_QueryCustomPolicy(IInternetHostSecurityManager
*iface
, REFGUID guidKey
,
165 BYTE
**ppPolicy
, DWORD
*pcbPolicy
, BYTE
*pContext
, DWORD cbContext
, DWORD dwReserved
)
167 HTMLDocumentNode
*This
= impl_from_IInternetHostSecurityManager(iface
);
171 TRACE("(%p)->(%s %p %p %p %d %x)\n", This
, debugstr_guid(guidKey
), ppPolicy
, pcbPolicy
, pContext
, cbContext
, dwReserved
);
173 if(!This
->basedoc
.window
)
176 url
= This
->basedoc
.window
->url
? This
->basedoc
.window
->url
: about_blankW
;
178 hres
= IInternetSecurityManager_QueryCustomPolicy(This
->basedoc
.window
->secmgr
, url
, guidKey
, ppPolicy
, pcbPolicy
,
179 pContext
, cbContext
, dwReserved
);
180 if(hres
!= HRESULT_FROM_WIN32(ERROR_NOT_FOUND
))
183 if(IsEqualGUID(&GUID_CUSTOM_CONFIRMOBJECTSAFETY
, guidKey
)) {
184 IActiveScript
*active_script
;
185 struct CONFIRMSAFETY
*cs
;
188 if(cbContext
!= sizeof(struct CONFIRMSAFETY
)) {
189 FIXME("wrong context size\n");
193 cs
= (struct CONFIRMSAFETY
*)pContext
;
194 TRACE("cs = {%s %p %x}\n", debugstr_guid(&cs
->clsid
), cs
->pUnk
, cs
->dwFlags
);
196 hres
= IUnknown_QueryInterface(cs
->pUnk
, &IID_IActiveScript
, (void**)&active_script
);
197 if(SUCCEEDED(hres
)) {
198 FIXME("Got IAciveScript iface\n");
199 IActiveScript_Release(active_script
);
203 hres
= confirm_safety(This
, url
, cs
, &policy
);
207 *ppPolicy
= CoTaskMemAlloc(sizeof(policy
));
209 return E_OUTOFMEMORY
;
211 *(DWORD
*)*ppPolicy
= policy
;
212 *pcbPolicy
= sizeof(policy
);
213 TRACE("policy %x\n", policy
);
217 FIXME("Unknown guidKey %s\n", debugstr_guid(guidKey
));
221 static const IInternetHostSecurityManagerVtbl InternetHostSecurityManagerVtbl
= {
222 InternetHostSecurityManager_QueryInterface
,
223 InternetHostSecurityManager_AddRef
,
224 InternetHostSecurityManager_Release
,
225 InternetHostSecurityManager_GetSecurityId
,
226 InternetHostSecurityManager_ProcessUrlAction
,
227 InternetHostSecurityManager_QueryCustomPolicy
230 void HTMLDocumentNode_SecMgr_Init(HTMLDocumentNode
*This
)
232 This
->IInternetHostSecurityManager_iface
.lpVtbl
= &InternetHostSecurityManagerVtbl
;