protected virtual void ProcessUnfragFormTagContext(HtmlTagContext context, HtmlWriter writer)
{
if (this.allowForms)
{
context.WriteTag();
foreach (HtmlTagContextAttribute htmlTagContextAttribute in context.Attributes)
{
if ((htmlTagContextAttribute.Id == HtmlAttributeId.Src || htmlTagContextAttribute.Id == HtmlAttributeId.Action) && (!this.IsSafeUrl(htmlTagContextAttribute.Value, htmlTagContextAttribute.Id) || !Redir.IsSafeUrl(htmlTagContextAttribute.Value, this.owaContext.HttpContext.Request)))
{
writer.WriteAttribute(htmlTagContextAttribute.Id, OwaSafeHtmlOutboundCallbacks.BlockedUrlPageValue);
}
else if (htmlTagContextAttribute.Id != HtmlAttributeId.Target)
{
htmlTagContextAttribute.Write();
}
}
this.WriteSafeTargetBlank(writer);
return;
}
this.hasBlockedForms = true;
}
protected override void OnLoad(EventArgs e)
{
if (Redir.IsUrlRefererFBALogonPage(base.Request.UrlReferrer))
{
Utilities.EndResponse(this.Context, HttpStatusCode.Forbidden);
}
string queryStringParameter;
bool signedUrl = Redir.GetSignedUrl(base.Request, base.UserContext.Key.Canary.UserContextIdGuid, base.UserContext.Key.Canary.LogonUniqueKey, out queryStringParameter);
if (!signedUrl)
{
queryStringParameter = Utilities.GetQueryStringParameter(base.Request, "URL");
}
string queryStringParameter2 = Utilities.GetQueryStringParameter(base.Request, "TranslatedURL", false);
bool flag = !string.IsNullOrEmpty(queryStringParameter2);
bool flag2 = string.IsNullOrEmpty(Utilities.GetQueryStringParameter(base.Request, "NoDocLnkCls", false));
if (Redir.IsSafeUrl(queryStringParameter, base.Request))
{
ErrorInformation errorInformation = null;
Uri uri;
if (null == (uri = Utilities.TryParseUri(queryStringParameter)))
{
Utilities.EndResponse(this.Context, HttpStatusCode.Forbidden);
}
string scheme = uri.Scheme;
if (CultureInfo.InvariantCulture.CompareInfo.Compare(scheme, "mailto", CompareOptions.IgnoreCase) == 0)
{
StringBuilder stringBuilder = new StringBuilder(512);
stringBuilder.Append(OwaUrl.ApplicationRoot.GetExplicitUrl(base.OwaContext));
stringBuilder.Append("?ae=Item&a=New&t=");
string value = "IPM.Note";
if (base.UserContext.IsSmsEnabled)
{
int length = "mailto:".Length;
if (queryStringParameter.Length > length)
{
string inputString = queryStringParameter.Substring(length);
Participant participant;
ProxyAddress proxyAddress;
if (Participant.TryParse(inputString, out participant) && ImceaAddress.IsImceaAddress(participant.EmailAddress) && SmtpProxyAddress.TryDeencapsulate(participant.EmailAddress, out proxyAddress) && Utilities.IsMobileRoutingType(proxyAddress.PrefixString))
{
value = "IPM.Note.Mobile.SMS";
}
}
}
stringBuilder.Append(value);
stringBuilder.Append('&');
stringBuilder.Append("email");
stringBuilder.Append('=');
stringBuilder.Append(Utilities.UrlEncode(queryStringParameter));
this.safeUrl = stringBuilder.ToString();
this.isNewMailLinkCreated = true;
return;
}
if (flag2)
{
this.safeUrl = this.TryNavigateToInternalWssUnc(queryStringParameter, out errorInformation);
}
if (this.safeUrl == null)
{
if (flag && Redir.IsSafeUrl(queryStringParameter2, base.Request))
{
this.safeUrl = queryStringParameter2;
}
else
{
if (errorInformation != null)
{
Utilities.TransferToErrorPage(base.OwaContext, errorInformation);
return;
}
this.safeUrl = queryStringParameter;
}
}
}
else if (flag && Redir.IsSafeUrl(queryStringParameter2, base.Request))
{
this.safeUrl = queryStringParameter2;
}
else
{
Utilities.EndResponse(this.Context, HttpStatusCode.Forbidden);
}
if (!signedUrl)
{
throw new OwaInvalidCanary14Exception(null, "Invalid canary in redir.aspx query.");
}
}