From a4388f32d13f00263d11d9d06f21778bea5724dc Mon Sep 17 00:00:00 2001
From: Ian Wessman <ianjw@Rogue-Scientist-MBP-17.local>
Date: Sun, 1 Mar 2009 09:57:07 +0800
Subject: [PATCH] Make ClickToFlash check the SRC of Flash SWFs against the
 whitelist.

The detection is not perfect, though it would be greatly enhanced by introducing whitelist wildcards for domains.

NOTE: this is intended to resolve #57: <http://rentzsch.lighthouseapp.com/projects/24342/tickets/57-whitelist-the-flash-source-not-the-hosting-page>

-wessman

Signed-off-by: Jonathan 'Wolf' Rentzsch <jwr.git@redshed.net>
---
 Plugin/CTFWhitelist.h |  1 +
 Plugin/CTFWhitelist.m |  9 +++++++--
 Plugin/Plugin.m       | 12 ++++++++++++
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/Plugin/CTFWhitelist.h b/Plugin/CTFWhitelist.h
index 6797fecf..b148b4ba 100644
--- a/Plugin/CTFWhitelist.h
+++ b/Plugin/CTFWhitelist.h
@@ -37,6 +37,7 @@ THE SOFTWARE.
 - (void) _migrateWhitelist;
 - (void) _addWhitelistObserver;
 - (BOOL) _isHostWhitelisted;
+- (BOOL) _isWhiteListedForHostString:(NSString *)hostString;
 - (void) _abortAlert;
 - (void) _askToAddCurrentSiteToWhitelist;
 
diff --git a/Plugin/CTFWhitelist.m b/Plugin/CTFWhitelist.m
index 125def59..c5593b12 100644
--- a/Plugin/CTFWhitelist.m
+++ b/Plugin/CTFWhitelist.m
@@ -149,8 +149,13 @@ - (void) _addToWhitelistAlertDidEnd: (NSAlert *)alert returnCode: (int)returnCod
 
 - (BOOL) _isHostWhitelisted
 {
-    NSArray *hostWhitelist = [[NSUserDefaults standardUserDefaults] arrayForKey: sHostSiteInfoDefaultsKey];
-    return hostWhitelist && itemForSite(hostWhitelist, self.host) != nil;
+	return [self _isWhiteListedForHostString: self.host];
+}
+
+- (BOOL) _isWhiteListedForHostString:(NSString *)hostString
+{
+	NSArray *hostWhitelist = [[NSUserDefaults standardUserDefaults] arrayForKey: sHostSiteInfoDefaultsKey];
+    return hostWhitelist && itemForSite(hostWhitelist, hostString) != nil;
 }
 
 - (NSMutableArray *) _mutableSiteInfo
diff --git a/Plugin/Plugin.m b/Plugin/Plugin.m
index f42cd347..308b4741 100644
--- a/Plugin/Plugin.m
+++ b/Plugin/Plugin.m
@@ -86,6 +86,7 @@ - (id) initWithArguments:(NSDictionary *)arguments
 {
     self = [super init];
     if (self) {
+		
 		self.webView = [[[arguments objectForKey:WebPlugInContainerKey] webFrame] webView];
 		
         self.container = [arguments objectForKey:WebPlugInContainingElementKey];
@@ -106,6 +107,17 @@ - (id) initWithArguments:(NSDictionary *)arguments
             }
         }
 
+		// Check the SWF src URL itself against the whitelist (allows embbeded videos from whitelisted sites to play, e.g. YouTube)
+		
+		if( !loadFromWhiteList )
+		{
+			NSURL* swfSrc = [NSURL URLWithString:[[arguments objectForKey:WebPlugInAttributesKey] objectForKey:@"src"] ];
+			
+			if( [self _isWhiteListedForHostString:[swfSrc host] ] )
+			{
+				loadFromWhiteList = true;
+			}
+		}
         
         // Check for sIFR