CreateMediaAccessPermission(String uri)
{
CodeAccessPermission codeAccessPermission = null;
if (uri != null)
{
// do a Case invariant dotnet culture specific string compare
if (String.Compare(SafeSecurityHelper.IMAGE, uri, true /*Ignore case*/, System.Windows.Markup.TypeConverterHelper.InvariantEnglishUS) == 0)
{
codeAccessPermission = new MediaPermission(MediaPermissionAudio.NoAudio,
MediaPermissionVideo.NoVideo,
MediaPermissionImage.AllImage);
}
else
{
// we allow access to pack: bits so assuming scheme is not pack: we demand
if (String.Compare((System.Windows.Navigation.BaseUriHelper.GetResolvedUri(System.Windows.Navigation.BaseUriHelper.BaseUri, new Uri(uri, UriKind.RelativeOrAbsolute))).Scheme,
PackUriHelper.UriSchemePack, true /* ignore case */,
System.Windows.Markup.TypeConverterHelper.InvariantEnglishUS) != 0)
{
// Creating a URI is fine it is going the other way that is risky
if (!SecurityHelper.CallerHasWebPermission(new Uri(uri, UriKind.RelativeOrAbsolute)))
{
codeAccessPermission = new MediaPermission(MediaPermissionAudio.NoAudio,
MediaPermissionVideo.NoVideo,
MediaPermissionImage.AllImage);
}
}
}
}
else
{
codeAccessPermission = new MediaPermission(MediaPermissionAudio.NoAudio,
MediaPermissionVideo.NoVideo,
MediaPermissionImage.AllImage);
}
return(codeAccessPermission);
}
public void BeforeNavigate2(object pDisp, ref object url, ref object flags, ref object targetFrameName, ref object postData, ref object headers, ref bool cancel)
{
bool newNavigationInitiated = false;
bool cancelRequested = false;
try
{
Debug.Assert(url == null || url is string, "invalid url type");
Debug.Assert(targetFrameName == null || targetFrameName is string, "invalid targetFrameName type");
Debug.Assert(headers == null || headers is string, "invalid headers type");
//
// Due to a
if (targetFrameName == null)
{
targetFrameName = "";
}
if (headers == null)
{
headers = "";
}
string urlString = (string)url;
Uri source = String.IsNullOrEmpty(urlString) ? null : new Uri(urlString);
UnsafeNativeMethods.IWebBrowser2 axIWebBrowser2 = (UnsafeNativeMethods.IWebBrowser2)pDisp;
// If _parent.AxIWebBrowser2 != axIWebBrowser2, navigation happens in a nested [i]frame.
// in that case we do not want to enforce site locking as we want the default IE behavior to take
// over.
if (_parent.AxIWebBrowser2 == axIWebBrowser2)
{
// The NavigatingToAboutBlank property indicates whether we are navigating to "about:blank"
// as a result of navigating to null or stream/string navigation.
// We set the NavigatingToAboutBlank bit to true in the WebBrowser DoNavigate method. When the above
// conditions occur, the NavigatingToAboutBlank is true and the source must be "about:blank".
//
// But when end user navigates away from the current about:blank page (by clicking
// on a hyperlink, Goback/Forward), or programmatically call GoBack and Forward,
// When we get the navigating event, NavigatingToAboutBlank is true, but the source is not "about:blank".
// Clear the NavigatingToAboutBlank bit in that case.
if ((_parent.NavigatingToAboutBlank) &&
String.Compare(urlString, WebBrowser.AboutBlankUriString, StringComparison.OrdinalIgnoreCase) != 0)
{
_parent.NavigatingToAboutBlank = false;
}
// Site locking for top level WebOC navigation
// "about:blank is not enabled in partial trust publicly.
// We enable it internally to navigate to null.
if ((!_parent.NavigatingToAboutBlank) &&
!SecurityHelper.CallerHasWebPermission(source) &&
!IsAllowedScriptScheme(source))
{
cancelRequested = true;
}
else
{
// When source set to null or navigating to stream/string, we navigate to "about:blank"
// internally. Make sure we pass null in the event args.
if (_parent.NavigatingToAboutBlank)
{
source = null;
}
NavigatingCancelEventArgs e = new NavigatingCancelEventArgs(source,
null, null, null, NavigationMode.New, null, null, true);
// TFS Dev10 520954 - Launching a navigation from the Navigating event handler causes reentrancy.
// For more info, see WebBrowser.LastNavigation. This is a point of possible reentrancy. Whenever
// a new navigation is started during the call to the Navigating event handler, we need to cancel
// out the current navigation.
Guid lastNavigation = _parent.LastNavigation;
// Fire navigating event. Events are only fired for top level navigation.
_parent.OnNavigating(e);
// TFS Dev10 520954 - Launching a navigation from the Navigating event handler causes reentrancy.
// For more info, see WebBrowser.LastNavigation. If _lastNavigation has changed during the call to
// the event handlers for Navigating, we know a new navigation has been initialized.
if (_parent.LastNavigation != lastNavigation)
{
newNavigationInitiated = true;
}
cancelRequested = e.Cancel;
}
}
}
// We disable this to suppress FXCop warning since in this case we really want to catch all exceptions
// please refer to comment below
#pragma warning disable 6502
catch
{
// This is an interesting pattern of putting a try catch block around this that catches everything,
// The reason I do this is based on a conversation with Microsoft. What happens here is if there is
// an exception in any of the code above then navigation still continues since COM interop eats up
// the exception. But what we want is for this navigation to fail.
// There fore I catch all exceptions and cancel navigation
cancelRequested = true;
}
#pragma warning restore 6502
finally
{
// Clean the WebBrowser control state if navigation cancelled.
//
// TFS Dev10 520954 - Launching a navigation from the Navigating event handler causes reentrancy.
// For more info, see WebBrowser.LastNavigation. A new navigation started during event handling for
// the Navigating event will have touched the control's global state. In case the navigation was
// cancelled in order to start a new navigation, we shouldn't tamper with that new state.
if (cancelRequested && !newNavigationInitiated)
{
_parent.CleanInternalState();
}
// TFS Dev10 520954 - Launching a navigation from the Navigating event handler causes reentrancy.
// For more info, see WebBrowser.LastNavigation. Whenever a new navigation is started during the
// call to the Navigating event handler, we need to cancel out the current navigation.
if (cancelRequested || newNavigationInitiated)
{
cancel = true;
}
}
}
// Token: 0x06002D80 RID: 11648 RVA: 0x000CCE8C File Offset: 0x000CB08C
internal static bool CanNavigateToUri(Uri uri)
{
return(!uri.IsAbsoluteUri || uri.IsUnc || uri.Scheme == Uri.UriSchemeHttp || uri.Scheme == Uri.UriSchemeHttps || uri.Scheme == Uri.UriSchemeMailto || (uri.Scheme == PackUriHelper.UriSchemePack && !string.IsNullOrEmpty(uri.Fragment)) || SecurityHelper.CallerHasWebPermission(uri));
}
public void BeforeNavigate2(object pDisp, ref object url, ref object flags, ref object targetFrameName, ref object postData, ref object headers, ref bool cancel)
{
bool flag = false;
bool flag2 = false;
try
{
if (targetFrameName == null)
{
targetFrameName = "";
}
if (headers == null)
{
headers = "";
}
string text = (string)url;
Uri uri = string.IsNullOrEmpty(text) ? null : new Uri(text);
UnsafeNativeMethods.IWebBrowser2 webBrowser = (UnsafeNativeMethods.IWebBrowser2)pDisp;
if (this._parent.AxIWebBrowser2 == webBrowser)
{
if (this._parent.NavigatingToAboutBlank && string.Compare(text, "about:blank", StringComparison.OrdinalIgnoreCase) != 0)
{
this._parent.NavigatingToAboutBlank = false;
}
if (!this._parent.NavigatingToAboutBlank && !SecurityHelper.CallerHasWebPermission(uri) && !WebBrowserEvent.IsAllowedScriptScheme(uri))
{
flag2 = true;
}
else
{
if (this._parent.NavigatingToAboutBlank)
{
uri = null;
}
NavigatingCancelEventArgs navigatingCancelEventArgs = new NavigatingCancelEventArgs(uri, null, null, null, NavigationMode.New, null, null, true);
Guid lastNavigation = this._parent.LastNavigation;
this._parent.OnNavigating(navigatingCancelEventArgs);
if (this._parent.LastNavigation != lastNavigation)
{
flag = true;
}
flag2 = navigatingCancelEventArgs.Cancel;
}
}
}
catch
{
flag2 = true;
}
finally
{
if (flag2 && !flag)
{
this._parent.CleanInternalState();
}
if (flag2 || flag)
{
cancel = true;
}
}
}