Make ClickToFlash check the SRC of Flash SWFs against the whitelist.

The detection is not perfect, though it would be greatly enhanced by introducing whitelist wildcards for domains. NOTE: this is intended to resolve #57: <http://rentzsch.lighthouseapp.com/projects/24342/tickets/57-whitelist-the-flash-source-not-the-hosting-page> -wessman Signed-off-by: Jonathan 'Wolf' Rentzsch <jwr.git@redshed.net>
rentzsch · Mar 1, 2009 · a4388f3 · a4388f3
1 parent 9da27d6
commit a4388f3
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 2 deletions.
diff --git a/Plugin/CTFWhitelist.h b/Plugin/CTFWhitelist.h
@@ -37,6 +37,7 @@ THE SOFTWARE.
 - (void) _migrateWhitelist;
 - (void) _addWhitelistObserver;
 - (BOOL) _isHostWhitelisted;
+- (BOOL) _isWhiteListedForHostString:(NSString *)hostString;
 - (void) _abortAlert;
 - (void) _askToAddCurrentSiteToWhitelist;
 

diff --git a/Plugin/CTFWhitelist.m b/Plugin/CTFWhitelist.m
@@ -149,8 +149,13 @@ - (void) _addToWhitelistAlertDidEnd: (NSAlert *)alert returnCode: (int)returnCod
 
 - (BOOL) _isHostWhitelisted
 {
-    NSArray *hostWhitelist = [[NSUserDefaults standardUserDefaults] arrayForKey: sHostSiteInfoDefaultsKey];
-    return hostWhitelist && itemForSite(hostWhitelist, self.host) != nil;
+	return [self _isWhiteListedForHostString: self.host];
+}
+
+- (BOOL) _isWhiteListedForHostString:(NSString *)hostString
+{
+	NSArray *hostWhitelist = [[NSUserDefaults standardUserDefaults] arrayForKey: sHostSiteInfoDefaultsKey];
+    return hostWhitelist && itemForSite(hostWhitelist, hostString) != nil;
 }
 
 - (NSMutableArray *) _mutableSiteInfo

diff --git a/Plugin/Plugin.m b/Plugin/Plugin.m
@@ -86,6 +86,7 @@ - (id) initWithArguments:(NSDictionary *)arguments
 {
     self = [super init];
     if (self) {
+
 		self.webView = [[[arguments objectForKey:WebPlugInContainerKey] webFrame] webView];
 
         self.container = [arguments objectForKey:WebPlugInContainingElementKey];
@@ -106,6 +107,17 @@ - (id) initWithArguments:(NSDictionary *)arguments
             }
         }
 
+		// Check the SWF src URL itself against the whitelist (allows embbeded videos from whitelisted sites to play, e.g. YouTube)
+
+		if( !loadFromWhiteList )
+		{
+			NSURL* swfSrc = [NSURL URLWithString:[[arguments objectForKey:WebPlugInAttributesKey] objectForKey:@"src"] ];
+
+			if( [self _isWhiteListedForHostString:[swfSrc host] ] )
+			{
+				loadFromWhiteList = true;
+			}
+		}
 
         // Check for sIFR