forked from Mirrors/wine-wine
mshtml: Check for CATID_SafeForScripting in GUID_CUSTOM_CONFIRMOBJECTSAFETY implementation if IObjectSafety is not available.
parent
669af158da
commit
b2ffe78729
|
@ -1765,6 +1765,8 @@ static void HTMLDocumentNode_destructor(HTMLDOMNode *iface)
|
||||||
|
|
||||||
if(This->nsevent_listener)
|
if(This->nsevent_listener)
|
||||||
release_nsevents(This);
|
release_nsevents(This);
|
||||||
|
if(This->catmgr)
|
||||||
|
ICatInformation_Release(This->catmgr);
|
||||||
if(This->secmgr)
|
if(This->secmgr)
|
||||||
IInternetSecurityManager_Release(This->secmgr);
|
IInternetSecurityManager_Release(This->secmgr);
|
||||||
|
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
|
|
||||||
#include "wingdi.h"
|
#include "wingdi.h"
|
||||||
#include "docobj.h"
|
#include "docobj.h"
|
||||||
|
#include "comcat.h"
|
||||||
#include "mshtml.h"
|
#include "mshtml.h"
|
||||||
#include "mshtmhst.h"
|
#include "mshtmhst.h"
|
||||||
#include "hlink.h"
|
#include "hlink.h"
|
||||||
|
@ -503,6 +504,7 @@ struct HTMLDocumentNode {
|
||||||
BOOL content_ready;
|
BOOL content_ready;
|
||||||
|
|
||||||
IInternetSecurityManager *secmgr;
|
IInternetSecurityManager *secmgr;
|
||||||
|
ICatInformation *catmgr;
|
||||||
nsDocumentEventListener *nsevent_listener;
|
nsDocumentEventListener *nsevent_listener;
|
||||||
BOOL *event_vector;
|
BOOL *event_vector;
|
||||||
|
|
||||||
|
|
|
@ -84,7 +84,7 @@ static HRESULT WINAPI InternetHostSecurityManager_ProcessUrlAction(IInternetHost
|
||||||
pContext, cbContext, dwFlags, dwReserved);
|
pContext, cbContext, dwFlags, dwReserved);
|
||||||
}
|
}
|
||||||
|
|
||||||
static DWORD confirm_safety(HTMLDocumentNode *This, const WCHAR *url, IUnknown *obj)
|
static HRESULT confirm_safety(HTMLDocumentNode *This, const WCHAR *url, struct CONFIRMSAFETY *cs, DWORD *ret)
|
||||||
{
|
{
|
||||||
DWORD policy, enabled_opts, supported_opts;
|
DWORD policy, enabled_opts, supported_opts;
|
||||||
IObjectSafety *obj_safety;
|
IObjectSafety *obj_safety;
|
||||||
|
@ -94,12 +94,29 @@ static DWORD confirm_safety(HTMLDocumentNode *This, const WCHAR *url, IUnknown *
|
||||||
|
|
||||||
hres = IInternetSecurityManager_ProcessUrlAction(This->secmgr, url, URLACTION_SCRIPT_SAFE_ACTIVEX,
|
hres = IInternetSecurityManager_ProcessUrlAction(This->secmgr, url, URLACTION_SCRIPT_SAFE_ACTIVEX,
|
||||||
(BYTE*)&policy, sizeof(policy), NULL, 0, 0, 0);
|
(BYTE*)&policy, sizeof(policy), NULL, 0, 0, 0);
|
||||||
if(FAILED(hres) || policy != URLPOLICY_ALLOW)
|
if(FAILED(hres) || policy != URLPOLICY_ALLOW) {
|
||||||
return URLPOLICY_DISALLOW;
|
*ret = URLPOLICY_DISALLOW;
|
||||||
|
return S_OK;
|
||||||
|
}
|
||||||
|
|
||||||
hres = IUnknown_QueryInterface(obj, &IID_IObjectSafety, (void**)&obj_safety);
|
hres = IUnknown_QueryInterface(cs->pUnk, &IID_IObjectSafety, (void**)&obj_safety);
|
||||||
if(FAILED(hres))
|
if(FAILED(hres)) {
|
||||||
return URLPOLICY_DISALLOW;
|
CATID scripting_catid = CATID_SafeForScripting;
|
||||||
|
|
||||||
|
if(!This->catmgr) {
|
||||||
|
hres = CoCreateInstance(&CLSID_StdComponentCategoriesMgr, NULL, CLSCTX_INPROC_SERVER,
|
||||||
|
&IID_ICatInformation, (void**)&This->catmgr);
|
||||||
|
if(FAILED(hres))
|
||||||
|
return hres;
|
||||||
|
}
|
||||||
|
|
||||||
|
hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &scripting_catid, 0, NULL);
|
||||||
|
if(FAILED(hres))
|
||||||
|
return hres;
|
||||||
|
|
||||||
|
*ret = hres == S_OK ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
|
||||||
|
return S_OK;
|
||||||
|
}
|
||||||
|
|
||||||
hres = IObjectSafety_GetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, &supported_opts, &enabled_opts);
|
hres = IObjectSafety_GetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, &supported_opts, &enabled_opts);
|
||||||
if(SUCCEEDED(hres)) {
|
if(SUCCEEDED(hres)) {
|
||||||
|
@ -109,10 +126,9 @@ static DWORD confirm_safety(HTMLDocumentNode *This, const WCHAR *url, IUnknown *
|
||||||
hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, enabled_opts, enabled_opts);
|
hres = IObjectSafety_SetInterfaceSafetyOptions(obj_safety, &IID_IDispatchEx, enabled_opts, enabled_opts);
|
||||||
}
|
}
|
||||||
IObjectSafety_Release(obj_safety);
|
IObjectSafety_Release(obj_safety);
|
||||||
if(FAILED(hres))
|
|
||||||
return URLPOLICY_DISALLOW;
|
|
||||||
|
|
||||||
return URLPOLICY_ALLOW;
|
*ret = SUCCEEDED(hres) ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW;
|
||||||
|
return S_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
static HRESULT WINAPI InternetHostSecurityManager_QueryCustomPolicy(IInternetHostSecurityManager *iface, REFGUID guidKey,
|
static HRESULT WINAPI InternetHostSecurityManager_QueryCustomPolicy(IInternetHostSecurityManager *iface, REFGUID guidKey,
|
||||||
|
@ -149,7 +165,9 @@ static HRESULT WINAPI InternetHostSecurityManager_QueryCustomPolicy(IInternetHos
|
||||||
return E_FAIL;
|
return E_FAIL;
|
||||||
}
|
}
|
||||||
|
|
||||||
policy = confirm_safety(This, url, cs->pUnk);
|
hres = confirm_safety(This, url, cs, &policy);
|
||||||
|
if(FAILED(hres))
|
||||||
|
return hres;
|
||||||
|
|
||||||
*ppPolicy = CoTaskMemAlloc(sizeof(policy));
|
*ppPolicy = CoTaskMemAlloc(sizeof(policy));
|
||||||
if(!*ppPolicy)
|
if(!*ppPolicy)
|
||||||
|
|
|
@ -121,6 +121,7 @@ DEFINE_EXPECT(AXGetInterfaceSafetyOptions);
|
||||||
DEFINE_EXPECT(AXSetInterfaceSafetyOptions);
|
DEFINE_EXPECT(AXSetInterfaceSafetyOptions);
|
||||||
|
|
||||||
#define TESTSCRIPT_CLSID "{178fc163-f585-4e24-9c13-4bb7faf80746}"
|
#define TESTSCRIPT_CLSID "{178fc163-f585-4e24-9c13-4bb7faf80746}"
|
||||||
|
#define TESTACTIVEX_CLSID "{178fc163-f585-4e24-9c13-4bb7faf80646}"
|
||||||
|
|
||||||
#define DISPID_SCRIPT_TESTPROP 0x100000
|
#define DISPID_SCRIPT_TESTPROP 0x100000
|
||||||
|
|
||||||
|
@ -133,6 +134,7 @@ static IHTMLDocument2 *notif_doc;
|
||||||
static IDispatchEx *window_dispex;
|
static IDispatchEx *window_dispex;
|
||||||
static BOOL doc_complete;
|
static BOOL doc_complete;
|
||||||
static IDispatch *script_disp;
|
static IDispatch *script_disp;
|
||||||
|
static BOOL ax_objsafe;
|
||||||
|
|
||||||
static const char *debugstr_guid(REFIID riid)
|
static const char *debugstr_guid(REFIID riid)
|
||||||
{
|
{
|
||||||
|
@ -165,6 +167,28 @@ static BSTR a2bstr(const char *str)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static BOOL init_key(const char *key_name, const char *def_value, BOOL init)
|
||||||
|
{
|
||||||
|
HKEY hkey;
|
||||||
|
DWORD res;
|
||||||
|
|
||||||
|
if(!init) {
|
||||||
|
RegDeleteKey(HKEY_CLASSES_ROOT, key_name);
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
res = RegCreateKeyA(HKEY_CLASSES_ROOT, key_name, &hkey);
|
||||||
|
if(res != ERROR_SUCCESS)
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
|
if(def_value)
|
||||||
|
res = RegSetValueA(hkey, NULL, REG_SZ, def_value, strlen(def_value));
|
||||||
|
|
||||||
|
RegCloseKey(hkey);
|
||||||
|
|
||||||
|
return res == ERROR_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
static HRESULT WINAPI PropertyNotifySink_QueryInterface(IPropertyNotifySink *iface,
|
static HRESULT WINAPI PropertyNotifySink_QueryInterface(IPropertyNotifySink *iface,
|
||||||
REFIID riid, void**ppv)
|
REFIID riid, void**ppv)
|
||||||
{
|
{
|
||||||
|
@ -599,6 +623,8 @@ static HRESULT WINAPI AXObjectSafety_QueryInterface(IObjectSafety *iface, REFIID
|
||||||
|
|
||||||
if(IsEqualGUID(&IID_IObjectSafety, riid)) {
|
if(IsEqualGUID(&IID_IObjectSafety, riid)) {
|
||||||
CHECK_EXPECT(AXQueryInterface_IObjectSafety);
|
CHECK_EXPECT(AXQueryInterface_IObjectSafety);
|
||||||
|
if(!ax_objsafe)
|
||||||
|
return E_NOINTERFACE;
|
||||||
*ppv = iface;
|
*ppv = iface;
|
||||||
return S_OK;
|
return S_OK;
|
||||||
}
|
}
|
||||||
|
@ -647,6 +673,12 @@ static const IObjectSafetyVtbl AXObjectSafetyVtbl = {
|
||||||
|
|
||||||
static IObjectSafety AXObjectSafety = { &AXObjectSafetyVtbl };
|
static IObjectSafety AXObjectSafety = { &AXObjectSafetyVtbl };
|
||||||
|
|
||||||
|
static BOOL set_safe_reg(BOOL init)
|
||||||
|
{
|
||||||
|
return init_key("CLSID\\"TESTACTIVEX_CLSID"\\Implemented Categories\\{7dd95801-9882-11cf-9fa9-00aa006c42c4}",
|
||||||
|
NULL, init);
|
||||||
|
}
|
||||||
|
|
||||||
static void test_security(void)
|
static void test_security(void)
|
||||||
{
|
{
|
||||||
IInternetHostSecurityManager *sec_mgr;
|
IInternetHostSecurityManager *sec_mgr;
|
||||||
|
@ -673,6 +705,7 @@ static void test_security(void)
|
||||||
cs.pUnk = (IUnknown*)&AXObjectSafety;
|
cs.pUnk = (IUnknown*)&AXObjectSafety;
|
||||||
cs.dwFlags = 0;
|
cs.dwFlags = 0;
|
||||||
|
|
||||||
|
ax_objsafe = TRUE;
|
||||||
SET_EXPECT(AXQueryInterface_IActiveScript);
|
SET_EXPECT(AXQueryInterface_IActiveScript);
|
||||||
SET_EXPECT(AXQueryInterface_IObjectSafety);
|
SET_EXPECT(AXQueryInterface_IObjectSafety);
|
||||||
SET_EXPECT(AXGetInterfaceSafetyOptions);
|
SET_EXPECT(AXGetInterfaceSafetyOptions);
|
||||||
|
@ -689,6 +722,55 @@ static void test_security(void)
|
||||||
ok(*(DWORD*)ppolicy == URLPOLICY_ALLOW, "policy = %x\n", *(DWORD*)ppolicy);
|
ok(*(DWORD*)ppolicy == URLPOLICY_ALLOW, "policy = %x\n", *(DWORD*)ppolicy);
|
||||||
CoTaskMemFree(ppolicy);
|
CoTaskMemFree(ppolicy);
|
||||||
|
|
||||||
|
ax_objsafe = FALSE;
|
||||||
|
SET_EXPECT(AXQueryInterface_IActiveScript);
|
||||||
|
SET_EXPECT(AXQueryInterface_IObjectSafety);
|
||||||
|
hres = IInternetHostSecurityManager_QueryCustomPolicy(sec_mgr, &GUID_CUSTOM_CONFIRMOBJECTSAFETY,
|
||||||
|
&ppolicy, &policy_size, (BYTE*)&cs, sizeof(cs), 0);
|
||||||
|
CHECK_CALLED(AXQueryInterface_IActiveScript);
|
||||||
|
CHECK_CALLED(AXQueryInterface_IObjectSafety);
|
||||||
|
|
||||||
|
ok(hres == S_OK, "QueryCusromPolicy failed: %08x\n", hres);
|
||||||
|
ok(policy_size == sizeof(DWORD), "policy_size = %d\n", policy_size);
|
||||||
|
ok(*(DWORD*)ppolicy == URLPOLICY_DISALLOW, "policy = %x\n", *(DWORD*)ppolicy);
|
||||||
|
CoTaskMemFree(ppolicy);
|
||||||
|
|
||||||
|
if(set_safe_reg(TRUE)) {
|
||||||
|
ax_objsafe = FALSE;
|
||||||
|
SET_EXPECT(AXQueryInterface_IActiveScript);
|
||||||
|
SET_EXPECT(AXQueryInterface_IObjectSafety);
|
||||||
|
hres = IInternetHostSecurityManager_QueryCustomPolicy(sec_mgr, &GUID_CUSTOM_CONFIRMOBJECTSAFETY,
|
||||||
|
&ppolicy, &policy_size, (BYTE*)&cs, sizeof(cs), 0);
|
||||||
|
CHECK_CALLED(AXQueryInterface_IActiveScript);
|
||||||
|
CHECK_CALLED(AXQueryInterface_IObjectSafety);
|
||||||
|
|
||||||
|
ok(hres == S_OK, "QueryCusromPolicy failed: %08x\n", hres);
|
||||||
|
ok(policy_size == sizeof(DWORD), "policy_size = %d\n", policy_size);
|
||||||
|
ok(*(DWORD*)ppolicy == URLPOLICY_ALLOW, "policy = %x\n", *(DWORD*)ppolicy);
|
||||||
|
CoTaskMemFree(ppolicy);
|
||||||
|
|
||||||
|
ax_objsafe = TRUE;
|
||||||
|
SET_EXPECT(AXQueryInterface_IActiveScript);
|
||||||
|
SET_EXPECT(AXQueryInterface_IObjectSafety);
|
||||||
|
SET_EXPECT(AXGetInterfaceSafetyOptions);
|
||||||
|
SET_EXPECT(AXSetInterfaceSafetyOptions);
|
||||||
|
hres = IInternetHostSecurityManager_QueryCustomPolicy(sec_mgr, &GUID_CUSTOM_CONFIRMOBJECTSAFETY,
|
||||||
|
&ppolicy, &policy_size, (BYTE*)&cs, sizeof(cs), 0);
|
||||||
|
CHECK_CALLED(AXQueryInterface_IActiveScript);
|
||||||
|
CHECK_CALLED(AXQueryInterface_IObjectSafety);
|
||||||
|
CHECK_CALLED(AXGetInterfaceSafetyOptions);
|
||||||
|
CHECK_CALLED(AXSetInterfaceSafetyOptions);
|
||||||
|
|
||||||
|
ok(hres == S_OK, "QueryCusromPolicy failed: %08x\n", hres);
|
||||||
|
ok(policy_size == sizeof(DWORD), "policy_size = %d\n", policy_size);
|
||||||
|
ok(*(DWORD*)ppolicy == URLPOLICY_ALLOW, "policy = %x\n", *(DWORD*)ppolicy);
|
||||||
|
CoTaskMemFree(ppolicy);
|
||||||
|
|
||||||
|
set_safe_reg(FALSE);
|
||||||
|
}else {
|
||||||
|
skip("Could not set safety registry\n");
|
||||||
|
}
|
||||||
|
|
||||||
IInternetHostSecurityManager_Release(sec_mgr);
|
IInternetHostSecurityManager_Release(sec_mgr);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1510,28 +1592,6 @@ static void test_simple_script(void)
|
||||||
CHECK_CALLED(Close);
|
CHECK_CALLED(Close);
|
||||||
}
|
}
|
||||||
|
|
||||||
static BOOL init_key(const char *key_name, const char *def_value, BOOL init)
|
|
||||||
{
|
|
||||||
HKEY hkey;
|
|
||||||
DWORD res;
|
|
||||||
|
|
||||||
if(!init) {
|
|
||||||
RegDeleteKey(HKEY_CLASSES_ROOT, key_name);
|
|
||||||
return TRUE;
|
|
||||||
}
|
|
||||||
|
|
||||||
res = RegCreateKeyA(HKEY_CLASSES_ROOT, key_name, &hkey);
|
|
||||||
if(res != ERROR_SUCCESS)
|
|
||||||
return FALSE;
|
|
||||||
|
|
||||||
if(def_value)
|
|
||||||
res = RegSetValueA(hkey, NULL, REG_SZ, def_value, strlen(def_value));
|
|
||||||
|
|
||||||
RegCloseKey(hkey);
|
|
||||||
|
|
||||||
return res == ERROR_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
static BOOL init_registry(BOOL init)
|
static BOOL init_registry(BOOL init)
|
||||||
{
|
{
|
||||||
return init_key("TestScript\\CLSID", TESTSCRIPT_CLSID, init)
|
return init_key("TestScript\\CLSID", TESTSCRIPT_CLSID, init)
|
||||||
|
|
Loading…
Reference in New Issue