Skip to content

Commit

Permalink
Make ClickToFlash check the SRC of Flash SWFs against the whitelist.
Browse files Browse the repository at this point in the history
The detection is not perfect, though it would be greatly enhanced by introducing whitelist wildcards for domains.

NOTE: this is intended to resolve #57: <http://rentzsch.lighthouseapp.com/projects/24342/tickets/57-whitelist-the-flash-source-not-the-hosting-page>

-wessman

Signed-off-by: Jonathan 'Wolf' Rentzsch <[email protected]>
  • Loading branch information
Ian Wessman authored and rentzsch committed Mar 1, 2009
1 parent 9da27d6 commit a4388f3
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 2 deletions.
1 change: 1 addition & 0 deletions Plugin/CTFWhitelist.h
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ THE SOFTWARE.
- (void) _migrateWhitelist;
- (void) _addWhitelistObserver;
- (BOOL) _isHostWhitelisted;
- (BOOL) _isWhiteListedForHostString:(NSString *)hostString;
- (void) _abortAlert;
- (void) _askToAddCurrentSiteToWhitelist;

Expand Down
9 changes: 7 additions & 2 deletions Plugin/CTFWhitelist.m
Original file line number Diff line number Diff line change
Expand Up @@ -149,8 +149,13 @@ - (void) _addToWhitelistAlertDidEnd: (NSAlert *)alert returnCode: (int)returnCod

- (BOOL) _isHostWhitelisted
{
NSArray *hostWhitelist = [[NSUserDefaults standardUserDefaults] arrayForKey: sHostSiteInfoDefaultsKey];
return hostWhitelist && itemForSite(hostWhitelist, self.host) != nil;
return [self _isWhiteListedForHostString: self.host];
}

- (BOOL) _isWhiteListedForHostString:(NSString *)hostString
{
NSArray *hostWhitelist = [[NSUserDefaults standardUserDefaults] arrayForKey: sHostSiteInfoDefaultsKey];
return hostWhitelist && itemForSite(hostWhitelist, hostString) != nil;
}

- (NSMutableArray *) _mutableSiteInfo
Expand Down
12 changes: 12 additions & 0 deletions Plugin/Plugin.m
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ - (id) initWithArguments:(NSDictionary *)arguments
{
self = [super init];
if (self) {

self.webView = [[[arguments objectForKey:WebPlugInContainerKey] webFrame] webView];

self.container = [arguments objectForKey:WebPlugInContainingElementKey];
Expand All @@ -106,6 +107,17 @@ - (id) initWithArguments:(NSDictionary *)arguments
}
}

// Check the SWF src URL itself against the whitelist (allows embbeded videos from whitelisted sites to play, e.g. YouTube)

if( !loadFromWhiteList )
{
NSURL* swfSrc = [NSURL URLWithString:[[arguments objectForKey:WebPlugInAttributesKey] objectForKey:@"src"] ];

if( [self _isWhiteListedForHostString:[swfSrc host] ] )
{
loadFromWhiteList = true;
}
}

// Check for sIFR

Expand Down

0 comments on commit a4388f3

Please sign in to comment.