From d6c4c697459d0eea76204b5ee49c8eb2ddfcebb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Damian=20B=C3=BCchel?= Date: Tue, 24 Aug 2021 15:23:17 +0200 Subject: [PATCH] SEBWIN-514: Fixed bug leading to crash when mailto-URL is HTML encoded. --- .../Handlers/RequestHandler.cs | 34 +++++++++++++++---- 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/SafeExamBrowser.Browser/Handlers/RequestHandler.cs b/SafeExamBrowser.Browser/Handlers/RequestHandler.cs index a84fcb64..bf27d222 100644 --- a/SafeExamBrowser.Browser/Handlers/RequestHandler.cs +++ b/SafeExamBrowser.Browser/Handlers/RequestHandler.cs @@ -52,7 +52,16 @@ namespace SafeExamBrowser.Browser.Handlers this.windowSettings = windowSettings; } - protected override bool GetAuthCredentials(IWebBrowser webBrowser, IBrowser browser, string originUrl, bool isProxy, string host, int port, string realm, string scheme, IAuthCallback callback) + protected override bool GetAuthCredentials( + IWebBrowser webBrowser, + IBrowser browser, + string originUrl, + bool isProxy, + string host, + int port, + string realm, + string scheme, + IAuthCallback callback) { if (isProxy) { @@ -70,7 +79,15 @@ namespace SafeExamBrowser.Browser.Handlers return base.GetAuthCredentials(webBrowser, browser, originUrl, isProxy, host, port, realm, scheme, callback); } - protected override IResourceRequestHandler GetResourceRequestHandler(IWebBrowser webBrowser, IBrowser browser, IFrame frame, IRequest request, bool isNavigation, bool isDownload, string requestInitiator, ref bool disableDefaultHandling) + protected override IResourceRequestHandler GetResourceRequestHandler( + IWebBrowser webBrowser, + IBrowser browser, + IFrame frame, + IRequest request, + bool isNavigation, + bool isDownload, + string requestInitiator, + ref bool disableDefaultHandling) { return resourceHandler; } @@ -104,7 +121,13 @@ namespace SafeExamBrowser.Browser.Handlers return base.OnBeforeBrowse(webBrowser, browser, frame, request, userGesture, isRedirect); } - protected override bool OnOpenUrlFromTab(IWebBrowser webBrowser, IBrowser browser, IFrame frame, string targetUrl, WindowOpenDisposition targetDisposition, bool userGesture) + protected override bool OnOpenUrlFromTab( + IWebBrowser webBrowser, + IBrowser browser, + IFrame frame, + string targetUrl, + WindowOpenDisposition targetDisposition, + bool userGesture) { switch (targetDisposition) { @@ -120,9 +143,8 @@ namespace SafeExamBrowser.Browser.Handlers private bool IsConfigurationFile(IRequest request, out string downloadUrl) { - var uri = new Uri(request.Url); - var uriExtension = Path.GetExtension(uri.AbsolutePath); - var isConfigurationFile = string.Equals(appConfig.ConfigurationFileExtension, uriExtension, StringComparison.OrdinalIgnoreCase); + var isValidUri = Uri.TryCreate(request.Url, UriKind.RelativeOrAbsolute, out var uri); + var isConfigurationFile = isValidUri && string.Equals(appConfig.ConfigurationFileExtension, Path.GetExtension(uri.AbsolutePath), StringComparison.OrdinalIgnoreCase); downloadUrl = request.Url;