/// <summary>
/// Navigates to the specified URI if it matches the pre-registered cached target URI (spoofing prevention).
/// </summary>
/// <param name="sourceElement">Source for the RequestNavigateEventArgs.</param>
/// <param name="targetUri">URI to navigate to.</param>
/// <param name="targetWindow">Target window for the RequestNavigateEventArgs.</param>
private static void NavigateToUri(IInputElement sourceElement, Uri targetUri, string targetWindow)
{
Debug.Assert(targetUri != null);
//
// This prevents against multi-threaded spoofing attacks.
//
DependencyObject dObj = (DependencyObject)sourceElement;
dObj.VerifyAccess();
//
// Spoofing countermeasure makes sure the URI hasn't changed since display in the status bar.
//
Uri cachedUri = Hyperlink.s_cachedNavigateUri.Value;
// ShouldPreventUriSpoofing is checked last in order to avoid incurring a first-chance SecurityException
// in common scenarios.
if (cachedUri == null || cachedUri.Equals(targetUri) || !ShouldPreventUriSpoofing)
{
// Need to mark as visited
// We treat FixedPage seperately to maintain backward compatibility
// with the original separate FixedPage implementation of this, which
// calls the GetLinkUri method.
if (!(sourceElement is Hyperlink))
{
targetUri = FixedPage.GetLinkUri(sourceElement, targetUri);
}
RequestNavigateEventArgs navigateArgs = new RequestNavigateEventArgs(targetUri, targetWindow);
navigateArgs.Source = sourceElement;
sourceElement.RaiseEvent(navigateArgs);
if (navigateArgs.Handled)
{
//
// The browser's status bar should be cleared. Otherwise it will still show the
// hyperlink address after navigation has completed.
// !! We have to do this after the current callstack is unwound in order to keep
// the anti-spoofing state valid. A particular attach is to do a bogus call to
// DoClick() in a mouse click preview event and then change the NavigateUri.
//
dObj.Dispatcher.BeginInvoke(DispatcherPriority.Send,
new System.Threading.SendOrPostCallback(ClearStatusBarAndCachedUri), sourceElement);
}
}
}
private static void NavigateToUri(IInputElement sourceElement, Uri targetUri, string targetWindow)
{
DependencyObject dependencyObject = (DependencyObject)sourceElement;
dependencyObject.VerifyAccess();
Uri value = Hyperlink.s_cachedNavigateUri.Value;
if (value == null || value.Equals(targetUri) || !Hyperlink.ShouldPreventUriSpoofing)
{
if (!(sourceElement is Hyperlink))
{
targetUri = FixedPage.GetLinkUri(sourceElement, targetUri);
}
RequestNavigateEventArgs requestNavigateEventArgs = new RequestNavigateEventArgs(targetUri, targetWindow);
requestNavigateEventArgs.Source = sourceElement;
sourceElement.RaiseEvent(requestNavigateEventArgs);
if (requestNavigateEventArgs.Handled)
{
dependencyObject.Dispatcher.BeginInvoke(DispatcherPriority.Send, new SendOrPostCallback(Hyperlink.ClearStatusBarAndCachedUri), sourceElement);
}
}
}