/** * For a given msg hdr, iterate through the list of remote content blocking criteria. * returns nsIContentPolicy::REJECT if the msg hdr fails any of these tests. * * @param aRequestingLocation cannot be null */ nsresult nsMsgContentPolicy::AllowRemoteContentForMsgHdr(nsIMsgDBHdr * aMsgHdr, nsIURI * aRequestingLocation, nsIURI * aContentLocation, PRInt16 *aDecision) { NS_ENSURE_ARG_POINTER(aMsgHdr); // Case #1, check the db hdr for the remote content policy on this particular message PRUint32 remoteContentPolicy = kNoRemoteContentPolicy; aMsgHdr->GetUint32Property("remoteContentPolicy", &remoteContentPolicy); // Case #2, check if the message is in an RSS folder PRBool isRSS = PR_FALSE; IsRSSArticle(aRequestingLocation, &isRSS); // Case #3, the domain for the remote image is in our white list PRBool trustedDomain = IsTrustedDomain(aContentLocation); // Case 4 is expensive as we're looking up items in the address book. So if // either of the two previous items means we load the data, just do it. if (isRSS || remoteContentPolicy == kAllowRemoteContent || trustedDomain) { *aDecision = nsIContentPolicy::ACCEPT; return NS_OK; } // Case #4, author is in our white list.. PRBool allowForSender = PR_FALSE; AllowRemoteContentForSender(aMsgHdr, &allowForSender); *aDecision = allowForSender ? nsIContentPolicy::ACCEPT : nsIContentPolicy::REJECT_REQUEST; if (*aDecision == nsIContentPolicy::REJECT_REQUEST && !remoteContentPolicy) // kNoRemoteContentPolicy means we have never set a value on the message aMsgHdr->SetUint32Property("remoteContentPolicy", kBlockRemoteContent); return NS_OK; // always return success }
/** * The default for this function will be to reject the content request. * When determining if to allow the request for a given msg hdr, the function * will go through the list of remote content blocking criteria: * * #1 Allow if there is a db header for a manual override. * #2 Allow if the message is in an RSS folder. * #3 Allow if the domain for the remote image in our white list. * #4 Allow if the author has been specifically white listed. */ PRInt16 nsMsgContentPolicy::ShouldAcceptRemoteContentForMsgHdr(nsIMsgDBHdr *aMsgHdr, nsIURI *aRequestingLocation, nsIURI *aContentLocation) { if (!aMsgHdr) return static_cast<PRInt16>(nsIContentPolicy::REJECT_REQUEST); // Case #1, check the db hdr for the remote content policy on this particular // message. PRUint32 remoteContentPolicy = kNoRemoteContentPolicy; aMsgHdr->GetUint32Property("remoteContentPolicy", &remoteContentPolicy); // Case #2, check if the message is in an RSS folder bool isRSS = false; IsRSSArticle(aRequestingLocation, &isRSS); // Case #3, the domain for the remote image is in our white list bool trustedDomain = IsTrustedDomain(aContentLocation); // Case 4 is expensive as we're looking up items in the address book. So if // either of the two previous items means we load the data, just do it. if (isRSS || remoteContentPolicy == kAllowRemoteContent || trustedDomain) return nsIContentPolicy::ACCEPT; // Case #4, author is in our white list.. bool allowForSender = ShouldAcceptRemoteContentForSender(aMsgHdr); PRInt16 result = allowForSender ? static_cast<PRInt16>(nsIContentPolicy::ACCEPT) : static_cast<PRInt16>(nsIContentPolicy::REJECT_REQUEST); // kNoRemoteContentPolicy means we have never set a value on the message if (result == nsIContentPolicy::REJECT_REQUEST && !remoteContentPolicy) aMsgHdr->SetUint32Property("remoteContentPolicy", kBlockRemoteContent); return result; }