// note: tests show that it only applies to Silverlight policy (seems to work with Flash) // and only if we're not granting full access (i.e. '/' with all subpaths) // https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=466043 private bool CheckOriginalPath(Uri uri) { // Path Restriction for cross-domain requests // http://msdn.microsoft.com/en-us/library/cc838250(VS.95).aspx string original = uri.OriginalString; // applies to the *path* only (not the query part) int query = original.IndexOf('?'); if (query != -1) { original = original.Substring(0, query); } if (original.Contains('%') || original.Contains("./") || original.Contains("..")) { // special case when no path restriction applies - i.e. the above characters are accepted by SL if (AccessPolicyList.Count != 1) { return(false); } AccessPolicy policy = AccessPolicyList [0]; if (policy.GrantedResources.Count != 1) { return(false); } GrantTo gt = policy.GrantedResources [0]; if (gt.Resources.Count != 1) { return(false); } Resource r = gt.Resources [0]; return(r.IncludeSubpaths && (r.Path == "/")); } return(true); }
static void ReadGrantToElement(XmlReader reader, AccessPolicy policy) { var v = new GrantTo(); bool valid = true; if (reader.HasAttributes || reader.IsEmptyElement) { reader.Skip(); return; } reader.ReadStartElement("grant-to", String.Empty); for (reader.MoveToContent(); reader.NodeType != XmlNodeType.EndElement; reader.MoveToContent()) { if (reader.NodeType != XmlNodeType.Element) { throw new XmlException(String.Format("Unexpected grant-to content: {0}", reader.NodeType)); } if (!String.IsNullOrEmpty(reader.NamespaceURI)) { reader.Skip(); continue; } switch (reader.LocalName) { case "resource": var r = CreateResource(reader); if (r == null) { valid = false; } else { v.Resources.Add(r); } break; case "socket-resource": // ignore everything that is not TCP if (reader.GetAttribute("protocol") != "tcp") { break; } // we can merge them all together inside a policy policy.PortMask |= ParsePorts(reader.GetAttribute("port")); break; default: valid = false; break; } reader.Skip(); } if (valid) { policy.GrantedResources.Add(v); } reader.ReadEndElement(); }
static void ReadGrantToElement (XmlReader reader, AccessPolicy policy) { var v = new GrantTo (); bool valid = true; if (reader.HasAttributes || reader.IsEmptyElement) { reader.Skip (); return; } reader.ReadStartElement ("grant-to", String.Empty); for (reader.MoveToContent (); reader.NodeType != XmlNodeType.EndElement; reader.MoveToContent ()) { if (IsNonElement (reader) || !String.IsNullOrEmpty (reader.NamespaceURI)) { reader.Skip (); continue; } switch (reader.LocalName) { case "resource": var r = CreateResource (reader); if (r == null) valid = false; else v.Resources.Add (r); break; case "socket-resource": // ignore everything that is not TCP if (reader.GetAttribute ("protocol") != "tcp") break; // we can merge them all together inside a policy policy.PortMask |= ParsePorts (reader.GetAttribute ("port")); break; default: valid = false; break; } reader.Skip (); } if (valid) policy.GrantedResources.Add (v); reader.ReadEndElement (); }