2 * Copyright 2009 Jacek Caban for CodeWeavers
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 #define WIN32_NO_STATUS
32 //#include "winuser.h"
36 #include <wine/debug.h>
38 #include "mshtml_private.h"
40 WINE_DEFAULT_DEBUG_CHANNEL(mshtml
);
42 static const WCHAR about_blankW
[] = {'a','b','o','u','t',':','b','l','a','n','k',0};
44 /* Defined as extern in urlmon.idl, but not exported by uuid.lib */
45 DECLSPEC_HIDDEN
const GUID GUID_CUSTOM_CONFIRMOBJECTSAFETY
=
46 {0x10200490,0xfa38,0x11d0,{0xac,0x0e,0x00,0xa0,0xc9,0xf,0xff,0xc0}};
48 static inline HTMLDocumentNode
*impl_from_IInternetHostSecurityManager(IInternetHostSecurityManager
*iface
)
50 return CONTAINING_RECORD(iface
, HTMLDocumentNode
, IInternetHostSecurityManager_iface
);
53 static HRESULT WINAPI
InternetHostSecurityManager_QueryInterface(IInternetHostSecurityManager
*iface
, REFIID riid
, void **ppv
)
55 HTMLDocumentNode
*This
= impl_from_IInternetHostSecurityManager(iface
);
56 return IHTMLDOMNode_QueryInterface(&This
->node
.IHTMLDOMNode_iface
, riid
, ppv
);
59 static ULONG WINAPI
InternetHostSecurityManager_AddRef(IInternetHostSecurityManager
*iface
)
61 HTMLDocumentNode
*This
= impl_from_IInternetHostSecurityManager(iface
);
62 return IHTMLDOMNode_AddRef(&This
->node
.IHTMLDOMNode_iface
);
65 static ULONG WINAPI
InternetHostSecurityManager_Release(IInternetHostSecurityManager
*iface
)
67 HTMLDocumentNode
*This
= impl_from_IInternetHostSecurityManager(iface
);
68 return IHTMLDOMNode_Release(&This
->node
.IHTMLDOMNode_iface
);
71 static HRESULT WINAPI
InternetHostSecurityManager_GetSecurityId(IInternetHostSecurityManager
*iface
, BYTE
*pbSecurityId
,
72 DWORD
*pcbSecurityId
, DWORD_PTR dwReserved
)
74 HTMLDocumentNode
*This
= impl_from_IInternetHostSecurityManager(iface
);
75 FIXME("(%p)->(%p %p %lx)\n", This
, pbSecurityId
, pcbSecurityId
, dwReserved
);
79 static HRESULT WINAPI
InternetHostSecurityManager_ProcessUrlAction(IInternetHostSecurityManager
*iface
, DWORD dwAction
,
80 BYTE
*pPolicy
, DWORD cbPolicy
, BYTE
*pContext
, DWORD cbContext
, DWORD dwFlags
, DWORD dwReserved
)
82 HTMLDocumentNode
*This
= impl_from_IInternetHostSecurityManager(iface
);
85 TRACE("(%p)->(%d %p %d %p %d %x %x)\n", This
, dwAction
, pPolicy
, cbPolicy
, pContext
, cbContext
, dwFlags
, dwReserved
);
87 if(!This
->basedoc
.window
)
90 url
= This
->basedoc
.window
->url
? This
->basedoc
.window
->url
: about_blankW
;
92 return IInternetSecurityManager_ProcessUrlAction(This
->basedoc
.window
->secmgr
, url
, dwAction
, pPolicy
, cbPolicy
,
93 pContext
, cbContext
, dwFlags
, dwReserved
);
96 static HRESULT
confirm_safety_load(HTMLDocumentNode
*This
, struct CONFIRMSAFETY
*cs
, DWORD
*ret
)
98 IObjectSafety
*obj_safety
;
101 hres
= IUnknown_QueryInterface(cs
->pUnk
, &IID_IObjectSafety
, (void**)&obj_safety
);
102 if(SUCCEEDED(hres
)) {
103 hres
= IObjectSafety_SetInterfaceSafetyOptions(obj_safety
, &IID_IDispatch
,
104 INTERFACESAFE_FOR_UNTRUSTED_DATA
, INTERFACESAFE_FOR_UNTRUSTED_DATA
);
105 IObjectSafety_Release(obj_safety
);
106 *ret
= SUCCEEDED(hres
) ? URLPOLICY_ALLOW
: URLPOLICY_DISALLOW
;
108 CATID init_catid
= CATID_SafeForInitializing
;
110 hres
= ICatInformation_IsClassOfCategories(This
->catmgr
, &cs
->clsid
, 1, &init_catid
, 0, NULL
);
111 assert(SUCCEEDED(hres
));
112 *ret
= hres
== S_OK
? URLPOLICY_ALLOW
: URLPOLICY_DISALLOW
;
118 static HRESULT
confirm_safety(HTMLDocumentNode
*This
, const WCHAR
*url
, struct CONFIRMSAFETY
*cs
, DWORD
*ret
)
120 DWORD policy
, enabled_opts
, supported_opts
;
121 IObjectSafety
*obj_safety
;
124 TRACE("%s %p %s\n", debugstr_w(url
), cs
->pUnk
, debugstr_guid(&cs
->clsid
));
126 /* FIXME: Check URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY */
128 hres
= IInternetSecurityManager_ProcessUrlAction(This
->basedoc
.window
->secmgr
, url
, URLACTION_SCRIPT_SAFE_ACTIVEX
,
129 (BYTE
*)&policy
, sizeof(policy
), NULL
, 0, 0, 0);
130 if(FAILED(hres
) || policy
!= URLPOLICY_ALLOW
) {
131 *ret
= URLPOLICY_DISALLOW
;
135 hres
= IUnknown_QueryInterface(cs
->pUnk
, &IID_IObjectSafety
, (void**)&obj_safety
);
136 if(SUCCEEDED(hres
)) {
137 hres
= IObjectSafety_GetInterfaceSafetyOptions(obj_safety
, &IID_IDispatchEx
, &supported_opts
, &enabled_opts
);
141 enabled_opts
= INTERFACESAFE_FOR_UNTRUSTED_CALLER
;
142 if(supported_opts
& INTERFACE_USES_SECURITY_MANAGER
)
143 enabled_opts
|= INTERFACE_USES_SECURITY_MANAGER
;
145 hres
= IObjectSafety_SetInterfaceSafetyOptions(obj_safety
, &IID_IDispatchEx
, enabled_opts
, enabled_opts
);
147 enabled_opts
&= ~INTERFACE_USES_SECURITY_MANAGER
;
148 hres
= IObjectSafety_SetInterfaceSafetyOptions(obj_safety
, &IID_IDispatch
, enabled_opts
, enabled_opts
);
150 IObjectSafety_Release(obj_safety
);
153 *ret
= URLPOLICY_DISALLOW
;
157 CATID scripting_catid
= CATID_SafeForScripting
;
160 hres
= CoCreateInstance(&CLSID_StdComponentCategoriesMgr
, NULL
, CLSCTX_INPROC_SERVER
,
161 &IID_ICatInformation
, (void**)&This
->catmgr
);
166 hres
= ICatInformation_IsClassOfCategories(This
->catmgr
, &cs
->clsid
, 1, &scripting_catid
, 0, NULL
);
171 *ret
= URLPOLICY_DISALLOW
;
176 if(cs
->dwFlags
& CONFIRMSAFETYACTION_LOADOBJECT
)
177 return confirm_safety_load(This
, cs
, ret
);
179 *ret
= URLPOLICY_ALLOW
;
183 static HRESULT WINAPI
InternetHostSecurityManager_QueryCustomPolicy(IInternetHostSecurityManager
*iface
, REFGUID guidKey
,
184 BYTE
**ppPolicy
, DWORD
*pcbPolicy
, BYTE
*pContext
, DWORD cbContext
, DWORD dwReserved
)
186 HTMLDocumentNode
*This
= impl_from_IInternetHostSecurityManager(iface
);
190 TRACE("(%p)->(%s %p %p %p %d %x)\n", This
, debugstr_guid(guidKey
), ppPolicy
, pcbPolicy
, pContext
, cbContext
, dwReserved
);
192 if(!This
->basedoc
.window
)
195 url
= This
->basedoc
.window
->url
? This
->basedoc
.window
->url
: about_blankW
;
197 hres
= IInternetSecurityManager_QueryCustomPolicy(This
->basedoc
.window
->secmgr
, url
, guidKey
, ppPolicy
, pcbPolicy
,
198 pContext
, cbContext
, dwReserved
);
199 if(hres
!= HRESULT_FROM_WIN32(ERROR_NOT_FOUND
))
202 if(IsEqualGUID(&GUID_CUSTOM_CONFIRMOBJECTSAFETY
, guidKey
)) {
203 IActiveScript
*active_script
;
204 struct CONFIRMSAFETY
*cs
;
207 if(cbContext
!= sizeof(struct CONFIRMSAFETY
)) {
208 FIXME("wrong context size\n");
212 cs
= (struct CONFIRMSAFETY
*)pContext
;
213 TRACE("cs = {%s %p %x}\n", debugstr_guid(&cs
->clsid
), cs
->pUnk
, cs
->dwFlags
);
215 hres
= IUnknown_QueryInterface(cs
->pUnk
, &IID_IActiveScript
, (void**)&active_script
);
216 if(SUCCEEDED(hres
)) {
217 FIXME("Got IAciveScript iface\n");
218 IActiveScript_Release(active_script
);
222 hres
= confirm_safety(This
, url
, cs
, &policy
);
226 *ppPolicy
= CoTaskMemAlloc(sizeof(policy
));
228 return E_OUTOFMEMORY
;
230 *(DWORD
*)*ppPolicy
= policy
;
231 *pcbPolicy
= sizeof(policy
);
232 TRACE("policy %x\n", policy
);
236 FIXME("Unknown guidKey %s\n", debugstr_guid(guidKey
));
240 static const IInternetHostSecurityManagerVtbl InternetHostSecurityManagerVtbl
= {
241 InternetHostSecurityManager_QueryInterface
,
242 InternetHostSecurityManager_AddRef
,
243 InternetHostSecurityManager_Release
,
244 InternetHostSecurityManager_GetSecurityId
,
245 InternetHostSecurityManager_ProcessUrlAction
,
246 InternetHostSecurityManager_QueryCustomPolicy
249 void HTMLDocumentNode_SecMgr_Init(HTMLDocumentNode
*This
)
251 This
->IInternetHostSecurityManager_iface
.lpVtbl
= &InternetHostSecurityManagerVtbl
;