zervo/seb-win-refactoring
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SEBWIN-514: Fixed issue with URL-encoded requests.

Browse source
This commit is contained in:
Damian Büchel 2021-08-31 18:15:26 +02:00
parent d6c4c69745
commit 09141d44cc
2 changed files with 25 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
SafeExamBrowser.Browser/Handlers/RequestHandler.cs
View file

@ -8,6 +8,7 @@
using System;
using System.IO;
using System.Net;
using System.Text.RegularExpressions;
using CefSharp;
using SafeExamBrowser.Browser.Contracts.Filters;
@ -190,30 +191,37 @@ namespace SafeExamBrowser.Browser.Handlers
private bool Block(IRequest request)
{
var block = false;
var url = WebUtility.UrlDecode(request.Url);
var isValidUrl = Uri.TryCreate(url, UriKind.Absolute, out _);
if (settings.Filter.ProcessMainRequests && request.ResourceType == ResourceType.MainFrame)
if (settings.Filter.ProcessMainRequests && request.ResourceType == ResourceType.MainFrame && isValidUrl)
{
var result = filter.Process(new Request { Url = request.Url });
var result = filter.Process(new Request { Url = url });
// We apparently can't filter chrome extension requests, as this prevents the rendering of PDFs.
if (result == FilterResult.Block && !request.Url.StartsWith("chrome-extension://"))
if (result == FilterResult.Block && !url.StartsWith("chrome-extension://"))
{
block = true;
logger.Info($"Blocked main request{(windowSettings.UrlPolicy.CanLog() ? $" for '{request.Url}'" : "")} ({request.ResourceType}, {request.TransitionType}).");
logger.Info($"Blocked main request{(windowSettings.UrlPolicy.CanLog() ? $" for '{url}'" : "")} ({request.ResourceType}, {request.TransitionType}).");
}
}
if (settings.Filter.ProcessContentRequests && request.ResourceType != ResourceType.MainFrame)
if (settings.Filter.ProcessContentRequests && request.ResourceType != ResourceType.MainFrame && isValidUrl)
{
var result = filter.Process(new Request { Url = request.Url });
var result = filter.Process(new Request { Url = url });
if (result == FilterResult.Block)
{
block = true;
logger.Info($"Blocked content request{(windowSettings.UrlPolicy.CanLog() ? $" for '{request.Url}'" : "")} ({request.ResourceType}, {request.TransitionType}).");
logger.Info($"Blocked content request{(windowSettings.UrlPolicy.CanLog() ? $" for '{url}'" : "")} ({request.ResourceType}, {request.TransitionType}).");
}
}
if (!isValidUrl)
{
logger.Warn($"Filter could not process request{(windowSettings.UrlPolicy.CanLog() ? $" for '{url}'" : "")} ({request.ResourceType}, {request.TransitionType})!");
}
return block;
}
}

13
SafeExamBrowser.Browser/Handlers/ResourceHandler.cs
View file

@ -9,6 +9,7 @@
using System;
using System.Collections.Specialized;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Mime;
using System.Security.Cryptography;
@ -146,17 +147,23 @@ namespace SafeExamBrowser.Browser.Handlers
private bool Block(IRequest request)
{
var block = false;
var url = WebUtility.UrlDecode(request.Url);
var isValidUri = Uri.TryCreate(url, UriKind.Absolute, out _);
if (settings.Filter.ProcessContentRequests)
if (settings.Filter.ProcessContentRequests && isValidUri)
{
var result = filter.Process(new Request { Url = request.Url });
var result = filter.Process(new Request { Url = url });
if (result == FilterResult.Block)
{
block = true;
logger.Info($"Blocked content request{(windowSettings.UrlPolicy.CanLog() ? $" for '{request.Url}'" : "")} ({request.ResourceType}, {request.TransitionType}).");
logger.Info($"Blocked content request{(windowSettings.UrlPolicy.CanLog() ? $" for '{url}'" : "")} ({request.ResourceType}, {request.TransitionType}).");
}
}
else if (!isValidUri)
{
logger.Warn($"Filter could not process request{(windowSettings.UrlPolicy.CanLog() ? $" for '{url}'" : "")} ({request.ResourceType}, {request.TransitionType})!");
}
return block;
}