protected virtual void ProcessUnfragFormTagContext(HtmlTagContext context, HtmlWriter writer) { if (this.allowForms) { context.WriteTag(); foreach (HtmlTagContextAttribute htmlTagContextAttribute in context.Attributes) { if ((htmlTagContextAttribute.Id == HtmlAttributeId.Src || htmlTagContextAttribute.Id == HtmlAttributeId.Action) && (!this.IsSafeUrl(htmlTagContextAttribute.Value, htmlTagContextAttribute.Id) || !Redir.IsSafeUrl(htmlTagContextAttribute.Value, this.owaContext.HttpContext.Request))) { writer.WriteAttribute(htmlTagContextAttribute.Id, OwaSafeHtmlOutboundCallbacks.BlockedUrlPageValue); } else if (htmlTagContextAttribute.Id != HtmlAttributeId.Target) { htmlTagContextAttribute.Write(); } } this.WriteSafeTargetBlank(writer); return; } this.hasBlockedForms = true; }
protected override void OnLoad(EventArgs e) { if (Redir.IsUrlRefererFBALogonPage(base.Request.UrlReferrer)) { Utilities.EndResponse(this.Context, HttpStatusCode.Forbidden); } string queryStringParameter; bool signedUrl = Redir.GetSignedUrl(base.Request, base.UserContext.Key.Canary.UserContextIdGuid, base.UserContext.Key.Canary.LogonUniqueKey, out queryStringParameter); if (!signedUrl) { queryStringParameter = Utilities.GetQueryStringParameter(base.Request, "URL"); } string queryStringParameter2 = Utilities.GetQueryStringParameter(base.Request, "TranslatedURL", false); bool flag = !string.IsNullOrEmpty(queryStringParameter2); bool flag2 = string.IsNullOrEmpty(Utilities.GetQueryStringParameter(base.Request, "NoDocLnkCls", false)); if (Redir.IsSafeUrl(queryStringParameter, base.Request)) { ErrorInformation errorInformation = null; Uri uri; if (null == (uri = Utilities.TryParseUri(queryStringParameter))) { Utilities.EndResponse(this.Context, HttpStatusCode.Forbidden); } string scheme = uri.Scheme; if (CultureInfo.InvariantCulture.CompareInfo.Compare(scheme, "mailto", CompareOptions.IgnoreCase) == 0) { StringBuilder stringBuilder = new StringBuilder(512); stringBuilder.Append(OwaUrl.ApplicationRoot.GetExplicitUrl(base.OwaContext)); stringBuilder.Append("?ae=Item&a=New&t="); string value = "IPM.Note"; if (base.UserContext.IsSmsEnabled) { int length = "mailto:".Length; if (queryStringParameter.Length > length) { string inputString = queryStringParameter.Substring(length); Participant participant; ProxyAddress proxyAddress; if (Participant.TryParse(inputString, out participant) && ImceaAddress.IsImceaAddress(participant.EmailAddress) && SmtpProxyAddress.TryDeencapsulate(participant.EmailAddress, out proxyAddress) && Utilities.IsMobileRoutingType(proxyAddress.PrefixString)) { value = "IPM.Note.Mobile.SMS"; } } } stringBuilder.Append(value); stringBuilder.Append('&'); stringBuilder.Append("email"); stringBuilder.Append('='); stringBuilder.Append(Utilities.UrlEncode(queryStringParameter)); this.safeUrl = stringBuilder.ToString(); this.isNewMailLinkCreated = true; return; } if (flag2) { this.safeUrl = this.TryNavigateToInternalWssUnc(queryStringParameter, out errorInformation); } if (this.safeUrl == null) { if (flag && Redir.IsSafeUrl(queryStringParameter2, base.Request)) { this.safeUrl = queryStringParameter2; } else { if (errorInformation != null) { Utilities.TransferToErrorPage(base.OwaContext, errorInformation); return; } this.safeUrl = queryStringParameter; } } } else if (flag && Redir.IsSafeUrl(queryStringParameter2, base.Request)) { this.safeUrl = queryStringParameter2; } else { Utilities.EndResponse(this.Context, HttpStatusCode.Forbidden); } if (!signedUrl) { throw new OwaInvalidCanary14Exception(null, "Invalid canary in redir.aspx query."); } }