Gabriel Ivăncescu : msscript.ocx: Implement UseSafeSubset properly by setting the interface safety options.

Alexandre Julliard julliard at winehq.org
Fri Sep 4 15:47:32 CDT 2020


Module: wine
Branch: master
Commit: fb746414e2323d66e17772a8c20e1fda3bf6c58b
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=fb746414e2323d66e17772a8c20e1fda3bf6c58b

Author: Gabriel Ivăncescu <gabrielopcode at gmail.com>
Date:   Thu Sep  3 17:50:26 2020 +0300

msscript.ocx: Implement UseSafeSubset properly by setting the interface safety options.

Signed-off-by: Gabriel Ivăncescu <gabrielopcode at gmail.com>
Signed-off-by: Jacek Caban <jacek at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/msscript.ocx/msscript.c       | 40 ++++++++++------
 dlls/msscript.ocx/tests/msscript.c | 93 ++++++++++++++++++++++++++++++++++++--
 2 files changed, 117 insertions(+), 16 deletions(-)

diff --git a/dlls/msscript.ocx/msscript.c b/dlls/msscript.ocx/msscript.c
index 7ddcb8f73d..ed17be90d8 100644
--- a/dlls/msscript.ocx/msscript.c
+++ b/dlls/msscript.ocx/msscript.c
@@ -2426,9 +2426,30 @@ static const IScriptErrorVtbl ScriptErrorVtbl = {
     ScriptError_Clear
 };
 
-static HRESULT init_script_host(ScriptControl *control, const CLSID *clsid, ScriptHost **ret)
+static HRESULT set_safety_opts(IActiveScript *script, VARIANT_BOOL use_safe_subset)
 {
     IObjectSafety *objsafety;
+    HRESULT hr;
+
+    hr = IActiveScript_QueryInterface(script, &IID_IObjectSafety, (void**)&objsafety);
+    if (FAILED(hr)) {
+        FIXME("Could not get IObjectSafety, %#x\n", hr);
+        return hr;
+    }
+
+    hr = IObjectSafety_SetInterfaceSafetyOptions(objsafety, &IID_IActiveScriptParse, INTERFACESAFE_FOR_UNTRUSTED_DATA,
+                                                 use_safe_subset ? INTERFACESAFE_FOR_UNTRUSTED_DATA : 0);
+    IObjectSafety_Release(objsafety);
+    if (FAILED(hr)) {
+        FIXME("SetInterfaceSafetyOptions failed, %#x\n", hr);
+        return hr;
+    }
+
+    return hr;
+}
+
+static HRESULT init_script_host(ScriptControl *control, const CLSID *clsid, ScriptHost **ret)
+{
     ScriptHost *host;
     HRESULT hr;
 
@@ -2455,18 +2476,8 @@ static HRESULT init_script_host(ScriptControl *control, const CLSID *clsid, Scri
         goto failed;
     }
 
-    hr = IActiveScript_QueryInterface(host->script, &IID_IObjectSafety, (void**)&objsafety);
-    if (FAILED(hr)) {
-        FIXME("Could not get IObjectSafety, %#x\n", hr);
-        goto failed;
-    }
-
-    hr = IObjectSafety_SetInterfaceSafetyOptions(objsafety, &IID_IActiveScriptParse, INTERFACESAFE_FOR_UNTRUSTED_DATA, 0);
-    IObjectSafety_Release(objsafety);
-    if (FAILED(hr)) {
-        FIXME("SetInterfaceSafetyOptions failed, %#x\n", hr);
-        goto failed;
-    }
+    hr = set_safety_opts(host->script, control->use_safe_subset);
+    if (FAILED(hr)) goto failed;
 
     hr = IActiveScript_SetScriptSite(host->script, &host->IActiveScriptSite_iface);
     if (FAILED(hr)) {
@@ -2850,6 +2861,9 @@ static HRESULT WINAPI ScriptControl_put_UseSafeSubset(IScriptControl *iface, VAR
     ScriptControl *This = impl_from_IScriptControl(iface);
     TRACE("(%p)->(%x)\n", This, use_safe_subset);
 
+    if (This->host && This->use_safe_subset != use_safe_subset)
+        set_safety_opts(This->host->script, use_safe_subset);
+
     This->use_safe_subset = use_safe_subset;
     return S_OK;
 }
diff --git a/dlls/msscript.ocx/tests/msscript.c b/dlls/msscript.ocx/tests/msscript.c
index e6d139fd75..a6ec0992c8 100644
--- a/dlls/msscript.ocx/tests/msscript.c
+++ b/dlls/msscript.ocx/tests/msscript.c
@@ -91,6 +91,7 @@ static const WCHAR vbW[] = {'V','B','S','c','r','i','p','t',0};
 
 DEFINE_EXPECT(CreateInstance);
 DEFINE_EXPECT(SetInterfaceSafetyOptions);
+DEFINE_EXPECT(SetInterfaceSafetyOptions_UseSafeSubset);
 DEFINE_EXPECT(InitNew);
 DEFINE_EXPECT(Close);
 DEFINE_EXPECT(Bind);
@@ -278,12 +279,13 @@ static HRESULT WINAPI ObjectSafety_GetInterfaceSafetyOptions(IObjectSafety *ifac
 static HRESULT WINAPI ObjectSafety_SetInterfaceSafetyOptions(IObjectSafety *iface, REFIID riid,
         DWORD mask, DWORD options)
 {
-    CHECK_EXPECT(SetInterfaceSafetyOptions);
+    if (options == INTERFACESAFE_FOR_UNTRUSTED_DATA)
+        CHECK_EXPECT(SetInterfaceSafetyOptions_UseSafeSubset);
+    else
+        CHECK_EXPECT(SetInterfaceSafetyOptions);
 
     ok(IsEqualGUID(&IID_IActiveScriptParse, riid), "unexpected riid %s\n", wine_dbgstr_guid(riid));
-
     ok(mask == INTERFACESAFE_FOR_UNTRUSTED_DATA, "option mask = %x\n", mask);
-    ok(options == 0, "options = %x\n", options);
 
     return S_OK;
 }
@@ -2100,6 +2102,91 @@ static void test_UseSafeSubset(void)
     ok(use_safe_subset == VARIANT_TRUE, "got %d\n", use_safe_subset);
 
     IScriptControl_Release(sc);
+
+    /* custom script engine */
+    if (have_custom_engine)
+    {
+        hr = CoCreateInstance(&CLSID_ScriptControl, NULL, CLSCTX_INPROC_SERVER | CLSCTX_INPROC_HANDLER,
+                              &IID_IScriptControl, (void **)&sc);
+        ok(hr == S_OK, "Failed to create IScriptControl interface: 0x%08x.\n", hr);
+
+        SET_EXPECT(CreateInstance);
+        SET_EXPECT(SetInterfaceSafetyOptions);
+        SET_EXPECT(SetScriptSite);
+        SET_EXPECT(QI_IActiveScriptParse);
+        SET_EXPECT(InitNew);
+
+        str = SysAllocString(L"testscript");
+        hr = IScriptControl_put_Language(sc, str);
+        ok(hr == S_OK, "got 0x%08x\n", hr);
+        SysFreeString(str);
+
+        CHECK_CALLED(CreateInstance);
+        CHECK_CALLED(SetInterfaceSafetyOptions);
+        CHECK_CALLED(SetScriptSite);
+        CHECK_CALLED(QI_IActiveScriptParse);
+        CHECK_CALLED(InitNew);
+
+        hr = IScriptControl_get_UseSafeSubset(sc, &use_safe_subset);
+        ok(hr == S_OK, "got 0x%08x\n", hr);
+        ok(use_safe_subset == VARIANT_FALSE, "got %d\n", use_safe_subset);
+
+        SET_EXPECT(SetInterfaceSafetyOptions_UseSafeSubset);
+        hr = IScriptControl_put_UseSafeSubset(sc, VARIANT_TRUE);
+        ok(hr == S_OK, "got 0x%08x\n", hr);
+        CHECK_CALLED(SetInterfaceSafetyOptions_UseSafeSubset);
+
+        hr = IScriptControl_get_UseSafeSubset(sc, &use_safe_subset);
+        ok(hr == S_OK, "got 0x%08x\n", hr);
+        ok(use_safe_subset == VARIANT_TRUE, "got %d\n", use_safe_subset);
+
+        hr = IScriptControl_put_UseSafeSubset(sc, VARIANT_TRUE);
+        ok(hr == S_OK, "got 0x%08x\n", hr);
+
+        SET_EXPECT(SetInterfaceSafetyOptions);
+        hr = IScriptControl_put_UseSafeSubset(sc, VARIANT_FALSE);
+        ok(hr == S_OK, "got 0x%08x\n", hr);
+        CHECK_CALLED(SetInterfaceSafetyOptions);
+
+        hr = IScriptControl_put_UseSafeSubset(sc, VARIANT_FALSE);
+        ok(hr == S_OK, "got 0x%08x\n", hr);
+
+        IActiveScriptSite_Release(site);
+
+        SET_EXPECT(Close);
+        IScriptControl_Release(sc);
+        CHECK_CALLED(Close);
+
+        hr = CoCreateInstance(&CLSID_ScriptControl, NULL, CLSCTX_INPROC_SERVER | CLSCTX_INPROC_HANDLER,
+                              &IID_IScriptControl, (void **)&sc);
+        ok(hr == S_OK, "Failed to create IScriptControl interface: 0x%08x.\n", hr);
+
+        hr = IScriptControl_put_UseSafeSubset(sc, VARIANT_TRUE);
+        ok(hr == S_OK, "got 0x%08x\n", hr);
+
+        SET_EXPECT(CreateInstance);
+        SET_EXPECT(SetInterfaceSafetyOptions_UseSafeSubset);
+        SET_EXPECT(SetScriptSite);
+        SET_EXPECT(QI_IActiveScriptParse);
+        SET_EXPECT(InitNew);
+
+        str = SysAllocString(L"testscript");
+        hr = IScriptControl_put_Language(sc, str);
+        ok(hr == S_OK, "got 0x%08x\n", hr);
+        SysFreeString(str);
+
+        CHECK_CALLED(CreateInstance);
+        CHECK_CALLED(SetInterfaceSafetyOptions_UseSafeSubset);
+        CHECK_CALLED(SetScriptSite);
+        CHECK_CALLED(QI_IActiveScriptParse);
+        CHECK_CALLED(InitNew);
+
+        IActiveScriptSite_Release(site);
+
+        SET_EXPECT(Close);
+        IScriptControl_Release(sc);
+        CHECK_CALLED(Close);
+    }
 }
 
 static void test_State(void)




More information about the wine-cvs mailing list