Skip to content
Browse files

Make ClickToFlash check the SRC of Flash SWFs against the whitelist.

The detection is not perfect, though it would be greatly enhanced by introducing whitelist wildcards for domains.

NOTE: this is intended to resolve #57: <http://rentzsch.lighthouseapp.com/projects/24342/tickets/57-whitelist-the-flash-source-not-the-hosting-page>

-wessman

Signed-off-by: Jonathan 'Wolf' Rentzsch <jwr.git@redshed.net>
  • Loading branch information...
1 parent 9da27d6 commit a4388f32d13f00263d11d9d06f21778bea5724dc Ian Wessman committed with
Showing with 20 additions and 2 deletions.
  1. +1 −0 Plugin/CTFWhitelist.h
  2. +7 −2 Plugin/CTFWhitelist.m
  3. +12 −0 Plugin/Plugin.m
View
1 Plugin/CTFWhitelist.h
@@ -37,6 +37,7 @@ THE SOFTWARE.
- (void) _migrateWhitelist;
- (void) _addWhitelistObserver;
- (BOOL) _isHostWhitelisted;
+- (BOOL) _isWhiteListedForHostString:(NSString *)hostString;
- (void) _abortAlert;
- (void) _askToAddCurrentSiteToWhitelist;
View
9 Plugin/CTFWhitelist.m
@@ -149,8 +149,13 @@ - (void) _addToWhitelistAlertDidEnd: (NSAlert *)alert returnCode: (int)returnCod
- (BOOL) _isHostWhitelisted
{
- NSArray *hostWhitelist = [[NSUserDefaults standardUserDefaults] arrayForKey: sHostSiteInfoDefaultsKey];
- return hostWhitelist && itemForSite(hostWhitelist, self.host) != nil;
+ return [self _isWhiteListedForHostString: self.host];
+}
+
+- (BOOL) _isWhiteListedForHostString:(NSString *)hostString
+{
+ NSArray *hostWhitelist = [[NSUserDefaults standardUserDefaults] arrayForKey: sHostSiteInfoDefaultsKey];
+ return hostWhitelist && itemForSite(hostWhitelist, hostString) != nil;
}
- (NSMutableArray *) _mutableSiteInfo
View
12 Plugin/Plugin.m
@@ -86,6 +86,7 @@ - (id) initWithArguments:(NSDictionary *)arguments
{
self = [super init];
if (self) {
+
self.webView = [[[arguments objectForKey:WebPlugInContainerKey] webFrame] webView];
self.container = [arguments objectForKey:WebPlugInContainingElementKey];
@@ -106,6 +107,17 @@ - (id) initWithArguments:(NSDictionary *)arguments
}
}
+ // Check the SWF src URL itself against the whitelist (allows embbeded videos from whitelisted sites to play, e.g. YouTube)
+
+ if( !loadFromWhiteList )
+ {
+ NSURL* swfSrc = [NSURL URLWithString:[[arguments objectForKey:WebPlugInAttributesKey] objectForKey:@"src"] ];
+
+ if( [self _isWhiteListedForHostString:[swfSrc host] ] )
+ {
+ loadFromWhiteList = true;
+ }
+ }
// Check for sIFR

0 comments on commit a4388f3

Please sign in to comment.
Something went wrong with that request. Please try again.