I would like to prevent my application to display web pages other than from a certain domain (i.e. example.com).
My initial idea was to check the request URL in the OnBeforeBrowse event handler.
public bool OnBeforeBrowse(IWebBrowser browser, IRequest request, bool isRedirect)
{
return !IsPageAllowed(request.Url);
}
This looks doable, except for the fact that all embedded resources on a allowed page are also triggering this event.
For example, i have a YouTube video embedded on my page there are two additional requests triggered by the video element.
If i cancel those requests, video is not rendered at all.
Here is a simple log output from my request:
15:09:22.5809442 - OnBeforeBrowse: http://example.com/, TransitionType=LinkClicked, isRedirect=False
15:09:22.6705460 - OnBeforeBrowse: http://www.youtube.com/embed/XYZ, TransitionType=LinkClicked, isRedirect=False
15:09:22.7715542 - OnBeforeBrowse: http://www.youtube.com/embed/XYZ, TransitionType=LinkClicked, isRedirect=True
15:09:25.1232542 - OnBeforeBrowse: http://not-allowed-domain.com TransitionType=LinkClicked, isRedirect=False
Further more, if i try to navigate away from the allowed page by clicking on a external link (with disabled restriction check), i get new event and isRedirect flag is set to False, which is quite confusing.
Thanks
In my project I've implemented the following solution:
HashSet whiteList = new HashSet() {
"http://example.com/",
"http://www.youtube.com/embed/",
...
}