/// <summary> /// Navigates to the specified URI if it matches the pre-registered cached target URI (spoofing prevention). /// </summary> /// <param name="sourceElement">Source for the RequestNavigateEventArgs.</param> /// <param name="targetUri">URI to navigate to.</param> /// <param name="targetWindow">Target window for the RequestNavigateEventArgs.</param> private static void NavigateToUri(IInputElement sourceElement, Uri targetUri, string targetWindow) { Debug.Assert(targetUri != null); // // This prevents against multi-threaded spoofing attacks. // DependencyObject dObj = (DependencyObject)sourceElement; dObj.VerifyAccess(); // // Spoofing countermeasure makes sure the URI hasn't changed since display in the status bar. // Uri cachedUri = Hyperlink.s_cachedNavigateUri.Value; // ShouldPreventUriSpoofing is checked last in order to avoid incurring a first-chance SecurityException // in common scenarios. if (cachedUri == null || cachedUri.Equals(targetUri) || !ShouldPreventUriSpoofing) { // Need to mark as visited // We treat FixedPage seperately to maintain backward compatibility // with the original separate FixedPage implementation of this, which // calls the GetLinkUri method. if (!(sourceElement is Hyperlink)) { targetUri = FixedPage.GetLinkUri(sourceElement, targetUri); } RequestNavigateEventArgs navigateArgs = new RequestNavigateEventArgs(targetUri, targetWindow); navigateArgs.Source = sourceElement; sourceElement.RaiseEvent(navigateArgs); if (navigateArgs.Handled) { // // The browser's status bar should be cleared. Otherwise it will still show the // hyperlink address after navigation has completed. // !! We have to do this after the current callstack is unwound in order to keep // the anti-spoofing state valid. A particular attach is to do a bogus call to // DoClick() in a mouse click preview event and then change the NavigateUri. // dObj.Dispatcher.BeginInvoke(DispatcherPriority.Send, new System.Threading.SendOrPostCallback(ClearStatusBarAndCachedUri), sourceElement); } } }
private static void NavigateToUri(IInputElement sourceElement, Uri targetUri, string targetWindow) { DependencyObject dependencyObject = (DependencyObject)sourceElement; dependencyObject.VerifyAccess(); Uri value = Hyperlink.s_cachedNavigateUri.Value; if (value == null || value.Equals(targetUri) || !Hyperlink.ShouldPreventUriSpoofing) { if (!(sourceElement is Hyperlink)) { targetUri = FixedPage.GetLinkUri(sourceElement, targetUri); } RequestNavigateEventArgs requestNavigateEventArgs = new RequestNavigateEventArgs(targetUri, targetWindow); requestNavigateEventArgs.Source = sourceElement; sourceElement.RaiseEvent(requestNavigateEventArgs); if (requestNavigateEventArgs.Handled) { dependencyObject.Dispatcher.BeginInvoke(DispatcherPriority.Send, new SendOrPostCallback(Hyperlink.ClearStatusBarAndCachedUri), sourceElement); } } }