Code:
/ Dotnetfx_Win7_3.5.1 / Dotnetfx_Win7_3.5.1 / 3.5.1 / DEVDIV / depot / DevDiv / releases / Orcas / NetFXw7 / wpf / src / Framework / MS / Internal / Controls / webbrowsersite.cs / 1 / webbrowsersite.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // // // // Description: // WebBrowserSite is a sub-class of ActiveXSite. // Used to implement IDocHostUIHandler. // // Copied from WebBrowser.cs in winforms // // History // 06/16/05 - marka - Created // 04/24/08 - ChangoV - Implemented hosting the WebOC in the browser process for IE 7+ Protected Mode. // //----------------------------------------------------------------------------- using System; using System.ComponentModel; using System.Diagnostics; using System.Runtime.InteropServices; using System.Windows; using MS.Win32; using System.Security ; using MS.Internal.PresentationFramework; using System.Windows.Controls; using System.Windows.Interop; using System.Windows.Input; using System.Windows.Threading; using System.Threading; using IComDataObject = System.Runtime.InteropServices.ComTypes.IDataObject; namespace MS.Internal.Controls { // // WebBrowserSite class: // /// ////// Provides a default WebBrowserSite implementation for use in the CreateWebBrowserSite /// method in the WebBrowser class. /// ////// WebOCHostedInBrowserProcess - defense in depth: /// These interface implementations are exposed across a security boundary. We must not allow a /// compromised low-integrity-level browser process to gain elevation of privilege via our process or /// tamper with its state. (Attacking the WebOC via this interface is not interesting, because the WebOC /// is directly accessible in the browser process.) Each interface implementation method must be /// carefully reviewed to ensure that it cannot be abused by disclosing protected resources or by passing /// malicious data to it. /// ////// THREADING ISSUE: When WebBrowser.IsWebOCHostedInBrowserProcess, calls on the interfaces implemented here /// (and on ActiveXSite) arrive on RPC worker threads. This is because CLR objects don't like to stick to /// STA threads. Fortunately, most of the current implementation methods are okay to be called on any thread. /// And if not, switching to the WebBrowser object's thread via the Dispatcher is usually possible & safe. /// In a few scenarios, when we need to call a WebOC method from one of these callback interfaces, we get /// RPC_E_CANTCALLOUT_ININPUTSYNCCALL, which happens because the CLR actually tries to switch to the right /// thread to make the COM call, but that thread is already blocked on an outgoing call (to the WebOC). /// One example is IOleInPlaceSite.OnInPlaceActivate(). /// These failures are silent and safely ignorable for now. If this threading issue becomes more troubling, /// a solution like ActiveXHelper.CreateIDispatchSTAForwarder() is possible. /// internal class WebBrowserSite : ActiveXSite, UnsafeNativeMethods.IDocHostUIHandler, UnsafeNativeMethods.IOleControlSite // partial override { /// ////// WebBrowser implementation of ActiveXSite. Used to override GetHostInfo. /// and "turn on" our redirect notifications. /// ////// Critical - calls base class ctor which is critical. /// [ SecurityCritical ] internal WebBrowserSite(WebBrowser host) : base(host) { } #region IDocHostUIHandler Implementation int UnsafeNativeMethods.IDocHostUIHandler.ShowContextMenu(int dwID, NativeMethods.POINT pt, object pcmdtReserved, object pdispReserved) { // // Returning S_FALSE will allow the native control to do default processing, // i.e., execute the shortcut key. Returning S_OK will cancel the context menu // return NativeMethods.S_FALSE; } ////// Critical - calls critical code. /// If you change this method - you could affect mitigations. /// **Needs to be critical.** /// TreatAsSafe - information returned from this method is innocous. /// lists the set of browser features/options we've enabled. /// [ SecurityCritical, SecurityTreatAsSafe ] int UnsafeNativeMethods.IDocHostUIHandler.GetHostInfo(NativeMethods.DOCHOSTUIINFO info) { WebBrowser wb = (WebBrowser) Host; info.dwDoubleClick = (int) NativeMethods.DOCHOSTUIDBLCLICK.DEFAULT; // // These are the current flags shdocvw uses. Assumed we want the same. // info.dwFlags = (int) ( NativeMethods.DOCHOSTUIFLAG.DISABLE_HELP_MENU | NativeMethods.DOCHOSTUIFLAG.DISABLE_SCRIPT_INACTIVE | NativeMethods.DOCHOSTUIFLAG.ENABLE_INPLACE_NAVIGATION | NativeMethods.DOCHOSTUIFLAG.IME_ENABLE_RECONVERSION | NativeMethods.DOCHOSTUIFLAG.THEME | NativeMethods.DOCHOSTUIFLAG.ENABLE_FORMS_AUTOCOMPLETE | NativeMethods.DOCHOSTUIFLAG.DISABLE_UNTRUSTEDPROTOCOL | NativeMethods.DOCHOSTUIFLAG.LOCAL_MACHINE_ACCESS_CHECK | NativeMethods.DOCHOSTUIFLAG.ENABLE_REDIRECT_NOTIFICATION | NativeMethods.DOCHOSTUIFLAG.NO3DOUTERBORDER); return NativeMethods.S_OK; } int UnsafeNativeMethods.IDocHostUIHandler.EnableModeless(bool fEnable) { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.ShowUI(int dwID, UnsafeNativeMethods.IOleInPlaceActiveObject activeObject, NativeMethods.IOleCommandTarget commandTarget, UnsafeNativeMethods.IOleInPlaceFrame frame, UnsafeNativeMethods.IOleInPlaceUIWindow doc) { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.HideUI() { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.UpdateUI() { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.OnDocWindowActivate(bool fActivate) { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.OnFrameWindowActivate(bool fActivate) { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.ResizeBorder(NativeMethods.COMRECT rect, UnsafeNativeMethods.IOleInPlaceUIWindow doc, bool fFrameWindow) { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.GetOptionKeyPath(string[] pbstrKey, int dw) { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.GetDropTarget(UnsafeNativeMethods.IOleDropTarget pDropTarget, out UnsafeNativeMethods.IOleDropTarget ppDropTarget) { // // Set to null no matter what we return, to prevent the marshaller // from going crazy if the pointer points to random stuff. ppDropTarget = null; return NativeMethods.E_NOTIMPL; } ////// Critical: This code access critical member Host. /// TreatAsSafe: The object returned is sandboxed in the managed environment. /// [SecurityCritical, SecurityTreatAsSafe] int UnsafeNativeMethods.IDocHostUIHandler.GetExternal(out object ppDispatch) { WebBrowser wb = (WebBrowser) Host; ppDispatch = wb.HostingAdaptor.ObjectForScripting; return NativeMethods.S_OK; } ////// Called by the WebOC whenever its IOleInPlaceActiveObject::TranslateAccelerator() is called. /// See also the IOleControlSite.TranslateAccelerator() implementation here. /// int UnsafeNativeMethods.IDocHostUIHandler.TranslateAccelerator(ref System.Windows.Interop.MSG msg, ref Guid group, int nCmdID) { // // Returning S_FALSE will allow the native control to do default processing, // i.e., execute the shortcut key. Returning S_OK will cancel the shortcut key. /* WebBrowser wb = (WebBrowser)this.Host; if (!wb.WebBrowserShortcutsEnabled) { int keyCode = (int)msg.wParam | (int)Control.ModifierKeys; if (msg.message != NativeMethods.WM_CHAR && Enum.IsDefined(typeof(Shortcut), (Shortcut)keyCode)) { return NativeMethods.S_OK; } return NativeMethods.S_FALSE; } */ return NativeMethods.S_FALSE; } int UnsafeNativeMethods.IDocHostUIHandler.TranslateUrl(int dwTranslate, string strUrlIn, out string pstrUrlOut) { // // Set to null no matter what we return, to prevent the marshaller // from going crazy if the pointer points to random stuff. pstrUrlOut = null; return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.FilterDataObject(IComDataObject pDO, out IComDataObject ppDORet) { // // Set to null no matter what we return, to prevent the marshaller // from going crazy if the pointer points to random stuff. ppDORet = null; return NativeMethods.E_NOTIMPL; } #endregion ///See overview of keyboard input handling in WebBrowser.cs. ////// Critical: Access the critical Host property. /// TAS: Host is not exposed. /// WebOCHostedInBrowserProcess: Potential for input spoofing. Currently we handle only the Tab key, /// which is safe. /// [SecurityCritical, SecurityTreatAsSafe] int UnsafeNativeMethods.IOleControlSite.TranslateAccelerator(ref MSG msg, int grfModifiers) { // Handle tabbing out of the WebOC if (msg.message == NativeMethods.WM_KEYDOWN && (int)msg.wParam == NativeMethods.VK_TAB) { FocusNavigationDirection direction = (grfModifiers & 1/*KEYMOD_SHIFT*/) != 0 ? FocusNavigationDirection.Previous : FocusNavigationDirection.Next; // For the WebOCHostedInBrowserProcess case, we need to switch to the right thread. Host.Dispatcher.Invoke( DispatcherPriority.Send, new SendOrPostCallback(MoveFocusCallback), direction); return NativeMethods.S_OK; } return NativeMethods.S_FALSE; } ////// Critical: Access the critical Host property. /// TAS: Host is not exposed. /// [SecurityCritical, SecurityTreatAsSafe] private void MoveFocusCallback(object direction) { Host.MoveFocus(new TraversalRequest((FocusNavigationDirection)direction)); } }; } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. //------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // // // // Description: // WebBrowserSite is a sub-class of ActiveXSite. // Used to implement IDocHostUIHandler. // // Copied from WebBrowser.cs in winforms // // History // 06/16/05 - marka - Created // 04/24/08 - ChangoV - Implemented hosting the WebOC in the browser process for IE 7+ Protected Mode. // //----------------------------------------------------------------------------- using System; using System.ComponentModel; using System.Diagnostics; using System.Runtime.InteropServices; using System.Windows; using MS.Win32; using System.Security ; using MS.Internal.PresentationFramework; using System.Windows.Controls; using System.Windows.Interop; using System.Windows.Input; using System.Windows.Threading; using System.Threading; using IComDataObject = System.Runtime.InteropServices.ComTypes.IDataObject; namespace MS.Internal.Controls { // // WebBrowserSite class: // /// ////// Provides a default WebBrowserSite implementation for use in the CreateWebBrowserSite /// method in the WebBrowser class. /// ////// WebOCHostedInBrowserProcess - defense in depth: /// These interface implementations are exposed across a security boundary. We must not allow a /// compromised low-integrity-level browser process to gain elevation of privilege via our process or /// tamper with its state. (Attacking the WebOC via this interface is not interesting, because the WebOC /// is directly accessible in the browser process.) Each interface implementation method must be /// carefully reviewed to ensure that it cannot be abused by disclosing protected resources or by passing /// malicious data to it. /// ////// THREADING ISSUE: When WebBrowser.IsWebOCHostedInBrowserProcess, calls on the interfaces implemented here /// (and on ActiveXSite) arrive on RPC worker threads. This is because CLR objects don't like to stick to /// STA threads. Fortunately, most of the current implementation methods are okay to be called on any thread. /// And if not, switching to the WebBrowser object's thread via the Dispatcher is usually possible & safe. /// In a few scenarios, when we need to call a WebOC method from one of these callback interfaces, we get /// RPC_E_CANTCALLOUT_ININPUTSYNCCALL, which happens because the CLR actually tries to switch to the right /// thread to make the COM call, but that thread is already blocked on an outgoing call (to the WebOC). /// One example is IOleInPlaceSite.OnInPlaceActivate(). /// These failures are silent and safely ignorable for now. If this threading issue becomes more troubling, /// a solution like ActiveXHelper.CreateIDispatchSTAForwarder() is possible. /// internal class WebBrowserSite : ActiveXSite, UnsafeNativeMethods.IDocHostUIHandler, UnsafeNativeMethods.IOleControlSite // partial override { /// ////// WebBrowser implementation of ActiveXSite. Used to override GetHostInfo. /// and "turn on" our redirect notifications. /// ////// Critical - calls base class ctor which is critical. /// [ SecurityCritical ] internal WebBrowserSite(WebBrowser host) : base(host) { } #region IDocHostUIHandler Implementation int UnsafeNativeMethods.IDocHostUIHandler.ShowContextMenu(int dwID, NativeMethods.POINT pt, object pcmdtReserved, object pdispReserved) { // // Returning S_FALSE will allow the native control to do default processing, // i.e., execute the shortcut key. Returning S_OK will cancel the context menu // return NativeMethods.S_FALSE; } ////// Critical - calls critical code. /// If you change this method - you could affect mitigations. /// **Needs to be critical.** /// TreatAsSafe - information returned from this method is innocous. /// lists the set of browser features/options we've enabled. /// [ SecurityCritical, SecurityTreatAsSafe ] int UnsafeNativeMethods.IDocHostUIHandler.GetHostInfo(NativeMethods.DOCHOSTUIINFO info) { WebBrowser wb = (WebBrowser) Host; info.dwDoubleClick = (int) NativeMethods.DOCHOSTUIDBLCLICK.DEFAULT; // // These are the current flags shdocvw uses. Assumed we want the same. // info.dwFlags = (int) ( NativeMethods.DOCHOSTUIFLAG.DISABLE_HELP_MENU | NativeMethods.DOCHOSTUIFLAG.DISABLE_SCRIPT_INACTIVE | NativeMethods.DOCHOSTUIFLAG.ENABLE_INPLACE_NAVIGATION | NativeMethods.DOCHOSTUIFLAG.IME_ENABLE_RECONVERSION | NativeMethods.DOCHOSTUIFLAG.THEME | NativeMethods.DOCHOSTUIFLAG.ENABLE_FORMS_AUTOCOMPLETE | NativeMethods.DOCHOSTUIFLAG.DISABLE_UNTRUSTEDPROTOCOL | NativeMethods.DOCHOSTUIFLAG.LOCAL_MACHINE_ACCESS_CHECK | NativeMethods.DOCHOSTUIFLAG.ENABLE_REDIRECT_NOTIFICATION | NativeMethods.DOCHOSTUIFLAG.NO3DOUTERBORDER); return NativeMethods.S_OK; } int UnsafeNativeMethods.IDocHostUIHandler.EnableModeless(bool fEnable) { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.ShowUI(int dwID, UnsafeNativeMethods.IOleInPlaceActiveObject activeObject, NativeMethods.IOleCommandTarget commandTarget, UnsafeNativeMethods.IOleInPlaceFrame frame, UnsafeNativeMethods.IOleInPlaceUIWindow doc) { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.HideUI() { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.UpdateUI() { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.OnDocWindowActivate(bool fActivate) { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.OnFrameWindowActivate(bool fActivate) { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.ResizeBorder(NativeMethods.COMRECT rect, UnsafeNativeMethods.IOleInPlaceUIWindow doc, bool fFrameWindow) { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.GetOptionKeyPath(string[] pbstrKey, int dw) { return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.GetDropTarget(UnsafeNativeMethods.IOleDropTarget pDropTarget, out UnsafeNativeMethods.IOleDropTarget ppDropTarget) { // // Set to null no matter what we return, to prevent the marshaller // from going crazy if the pointer points to random stuff. ppDropTarget = null; return NativeMethods.E_NOTIMPL; } ////// Critical: This code access critical member Host. /// TreatAsSafe: The object returned is sandboxed in the managed environment. /// [SecurityCritical, SecurityTreatAsSafe] int UnsafeNativeMethods.IDocHostUIHandler.GetExternal(out object ppDispatch) { WebBrowser wb = (WebBrowser) Host; ppDispatch = wb.HostingAdaptor.ObjectForScripting; return NativeMethods.S_OK; } ////// Called by the WebOC whenever its IOleInPlaceActiveObject::TranslateAccelerator() is called. /// See also the IOleControlSite.TranslateAccelerator() implementation here. /// int UnsafeNativeMethods.IDocHostUIHandler.TranslateAccelerator(ref System.Windows.Interop.MSG msg, ref Guid group, int nCmdID) { // // Returning S_FALSE will allow the native control to do default processing, // i.e., execute the shortcut key. Returning S_OK will cancel the shortcut key. /* WebBrowser wb = (WebBrowser)this.Host; if (!wb.WebBrowserShortcutsEnabled) { int keyCode = (int)msg.wParam | (int)Control.ModifierKeys; if (msg.message != NativeMethods.WM_CHAR && Enum.IsDefined(typeof(Shortcut), (Shortcut)keyCode)) { return NativeMethods.S_OK; } return NativeMethods.S_FALSE; } */ return NativeMethods.S_FALSE; } int UnsafeNativeMethods.IDocHostUIHandler.TranslateUrl(int dwTranslate, string strUrlIn, out string pstrUrlOut) { // // Set to null no matter what we return, to prevent the marshaller // from going crazy if the pointer points to random stuff. pstrUrlOut = null; return NativeMethods.E_NOTIMPL; } int UnsafeNativeMethods.IDocHostUIHandler.FilterDataObject(IComDataObject pDO, out IComDataObject ppDORet) { // // Set to null no matter what we return, to prevent the marshaller // from going crazy if the pointer points to random stuff. ppDORet = null; return NativeMethods.E_NOTIMPL; } #endregion ///See overview of keyboard input handling in WebBrowser.cs. ////// Critical: Access the critical Host property. /// TAS: Host is not exposed. /// WebOCHostedInBrowserProcess: Potential for input spoofing. Currently we handle only the Tab key, /// which is safe. /// [SecurityCritical, SecurityTreatAsSafe] int UnsafeNativeMethods.IOleControlSite.TranslateAccelerator(ref MSG msg, int grfModifiers) { // Handle tabbing out of the WebOC if (msg.message == NativeMethods.WM_KEYDOWN && (int)msg.wParam == NativeMethods.VK_TAB) { FocusNavigationDirection direction = (grfModifiers & 1/*KEYMOD_SHIFT*/) != 0 ? FocusNavigationDirection.Previous : FocusNavigationDirection.Next; // For the WebOCHostedInBrowserProcess case, we need to switch to the right thread. Host.Dispatcher.Invoke( DispatcherPriority.Send, new SendOrPostCallback(MoveFocusCallback), direction); return NativeMethods.S_OK; } return NativeMethods.S_FALSE; } ////// Critical: Access the critical Host property. /// TAS: Host is not exposed. /// [SecurityCritical, SecurityTreatAsSafe] private void MoveFocusCallback(object direction) { Host.MoveFocus(new TraversalRequest((FocusNavigationDirection)direction)); } }; } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- InfoCardRSAOAEPKeyExchangeDeformatter.cs
- WindowsFormsHost.cs
- MaterialCollection.cs
- XmlC14NWriter.cs
- DSASignatureFormatter.cs
- HtmlTableCell.cs
- DoubleAnimation.cs
- RectAnimationUsingKeyFrames.cs
- DataGridItemCollection.cs
- Configuration.cs
- CodeAttachEventStatement.cs
- StructuredType.cs
- Guid.cs
- TcpTransportBindingElement.cs
- AsymmetricSignatureDeformatter.cs
- ListBase.cs
- ProtectedProviderSettings.cs
- EastAsianLunisolarCalendar.cs
- CopyAttributesAction.cs
- WmpBitmapEncoder.cs
- DetailsViewPageEventArgs.cs
- AngleUtil.cs
- ColorContext.cs
- SHA512Managed.cs
- ListSourceHelper.cs
- FormViewUpdateEventArgs.cs
- SchemaCollectionCompiler.cs
- Model3D.cs
- PeerInvitationResponse.cs
- ClaimTypeElementCollection.cs
- GridViewRowPresenter.cs
- ECDsa.cs
- RepeaterItemCollection.cs
- Cursors.cs
- RootNamespaceAttribute.cs
- ResourceManagerWrapper.cs
- GroupBox.cs
- AsyncCompletedEventArgs.cs
- TreeViewDesigner.cs
- WebPartConnectVerb.cs
- UIPermission.cs
- ButtonPopupAdapter.cs
- DatatypeImplementation.cs
- Comparer.cs
- PropertyManager.cs
- EncoderFallback.cs
- CallContext.cs
- MetadataArtifactLoaderXmlReaderWrapper.cs
- EraserBehavior.cs
- HttpContext.cs
- WorkflowExecutor.cs
- Exceptions.cs
- MetadataItem.cs
- RsaSecurityTokenAuthenticator.cs
- FontSource.cs
- WebPartConnectVerb.cs
- TCPListener.cs
- SubMenuStyleCollectionEditor.cs
- CompatibleComparer.cs
- OpCodes.cs
- TreeWalker.cs
- CompiledIdentityConstraint.cs
- Win32KeyboardDevice.cs
- RadioButtonRenderer.cs
- ServiceConfigurationTraceRecord.cs
- LineInfo.cs
- EntityStoreSchemaFilterEntry.cs
- _LazyAsyncResult.cs
- TextLineResult.cs
- Walker.cs
- MultiPageTextView.cs
- CacheHelper.cs
- DbDeleteCommandTree.cs
- SimpleWorkerRequest.cs
- SystemIPAddressInformation.cs
- RewritingPass.cs
- TypeNameConverter.cs
- ListBindingHelper.cs
- MappingException.cs
- errorpatternmatcher.cs
- SelectionChangedEventArgs.cs
- UnsafeNativeMethods.cs
- COM2IPerPropertyBrowsingHandler.cs
- ContextInformation.cs
- ViewEventArgs.cs
- GeometryGroup.cs
- CdpEqualityComparer.cs
- ButtonField.cs
- AddInStore.cs
- OdbcException.cs
- WebScriptEndpoint.cs
- remotingproxy.cs
- SslStreamSecurityUpgradeProvider.cs
- NumberSubstitution.cs
- Canvas.cs
- DNS.cs
- AsymmetricKeyExchangeDeformatter.cs
- GPStream.cs
- Size3DValueSerializer.cs
- _AcceptOverlappedAsyncResult.cs