Skip to content

Commit a4388f3

Browse files
Ian Wessmanrentzsch
Ian Wessman
authored and
rentzsch
committed
Make ClickToFlash check the SRC of Flash SWFs against the whitelist.
The detection is not perfect, though it would be greatly enhanced by introducing whitelist wildcards for domains. NOTE: this is intended to resolve #57: <http://rentzsch.lighthouseapp.com/projects/24342/tickets/57-whitelist-the-flash-source-not-the-hosting-page> -wessman Signed-off-by: Jonathan 'Wolf' Rentzsch <[email protected]>
1 parent 9da27d6 commit a4388f3

File tree

3 files changed

+20
-2
lines changed

3 files changed

+20
-2
lines changed

Plugin/CTFWhitelist.h

+1
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ THE SOFTWARE.
3737
- (void) _migrateWhitelist;
3838
- (void) _addWhitelistObserver;
3939
- (BOOL) _isHostWhitelisted;
40+
- (BOOL) _isWhiteListedForHostString:(NSString *)hostString;
4041
- (void) _abortAlert;
4142
- (void) _askToAddCurrentSiteToWhitelist;
4243

Plugin/CTFWhitelist.m

+7-2
Original file line numberDiff line numberDiff line change
@@ -149,8 +149,13 @@ - (void) _addToWhitelistAlertDidEnd: (NSAlert *)alert returnCode: (int)returnCod
149149

150150
- (BOOL) _isHostWhitelisted
151151
{
152-
NSArray *hostWhitelist = [[NSUserDefaults standardUserDefaults] arrayForKey: sHostSiteInfoDefaultsKey];
153-
return hostWhitelist && itemForSite(hostWhitelist, self.host) != nil;
152+
return [self _isWhiteListedForHostString: self.host];
153+
}
154+
155+
- (BOOL) _isWhiteListedForHostString:(NSString *)hostString
156+
{
157+
NSArray *hostWhitelist = [[NSUserDefaults standardUserDefaults] arrayForKey: sHostSiteInfoDefaultsKey];
158+
return hostWhitelist && itemForSite(hostWhitelist, hostString) != nil;
154159
}
155160

156161
- (NSMutableArray *) _mutableSiteInfo

Plugin/Plugin.m

+12
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,7 @@ - (id) initWithArguments:(NSDictionary *)arguments
8686
{
8787
self = [super init];
8888
if (self) {
89+
8990
self.webView = [[[arguments objectForKey:WebPlugInContainerKey] webFrame] webView];
9091

9192
self.container = [arguments objectForKey:WebPlugInContainingElementKey];
@@ -106,6 +107,17 @@ - (id) initWithArguments:(NSDictionary *)arguments
106107
}
107108
}
108109

110+
// Check the SWF src URL itself against the whitelist (allows embbeded videos from whitelisted sites to play, e.g. YouTube)
111+
112+
if( !loadFromWhiteList )
113+
{
114+
NSURL* swfSrc = [NSURL URLWithString:[[arguments objectForKey:WebPlugInAttributesKey] objectForKey:@"src"] ];
115+
116+
if( [self _isWhiteListedForHostString:[swfSrc host] ] )
117+
{
118+
loadFromWhiteList = true;
119+
}
120+
}
109121

110122
// Check for sIFR
111123

0 commit comments

Comments
 (0)