2

I'm using the DotNetBrowser in my WPF emailing application to display the emails content. I'd like to block every remote content and remote images. I use this email privacy tester to check if I can correctly block the remote content.

I checked the documentation of the DotNetBrowser and I found that it's possible to disable couple of things using the BrowserPreferences setting. I disabled everything with the following piece of code:

BrowserPreferences pref = new BrowserPreferences {
    ImagesEnabled = false,
    JavaScriptEnabled = false,
    PluginsEnabled = false,
    WebAudioEnabled = false,
    ApplicationCacheEnabled = false,
    LocalStorageEnabled = false,
    AllowDisplayingInsecureContent = false,
    AllowRunningInsecureContent = false,
    ...
};

wpfBrowserView.Browser.Preferences = pref;
wpfBrowserView.Browser.LoadHTML(myHtml);

But this blocks just couple of the possible harmful contents. Then I set a custom LoadHandler, where I could prevent couple of more cases:

MyBrowserLoadHandler loadHandler = new MyBrowserLoadHandler();
loadHandler.Load += args => {
    // just don't allow to load the content
};
wpfBrowserView.Browser.LoadHandler = loadHandler;

This is not enough, because it still fails two of them (the Link Prefetch and the CSS link tag).

I don't want to do a static analysis on the email's html to handle those cases as well, so I'm searching for an easier way to do it. For example in the Android's WebView, it's just two methods to call (setBlockNetworkLoads(true) and setBlockNetworkImage(true)) and it does the whole thing. Is there a solution like this in DotNetBrowser?

Attila Szász
  • 707
  • 4
  • 22

1 Answers1

2

Finally I found the solution. I dropped out all of my tries what I posted above, and tried another way. The DotNetBrowser has a resource handler and you can set what kind of resources you'd like to allow to load and what not. Here is my code:

var network = wpfBrowserView.Browser.Context.NetworkService;
var resourceHandler = new MyResourceHandler();
resourceHandler.Load += args => {
    ResourceType resource = args.Parameters.ResourceType;

    switch (resource) {
        case ResourceType.PREFETCH:
        case ResourceType.IMAGE:
        case ResourceType.MEDIA:
        case ResourceType.OBJECT:
        case ResourceType.STYLESHEET:
        case ResourceType.FONT_RESOURCE:
        case ResourceType.SUB_RESOURCE:
            return false;
        default:
            // allow to load for the others
            return true;
    }
};

network.ResourceHandler = resourceHandler;

And the custom resource handler:

public class ResourceLoadEventArgs {
    public ResourceParams Parameters { get; set; }
}

public delegate bool ResourceLoadHandler(ResourceLoadEventArgs args);

public class MyResourceHandler : ResourceHandler {
    public event ResourceLoadHandler Load;

    public bool CanLoadResource(ResourceParams parameters) {
        return Load?.Invoke(new ResourceLoadEventArgs { Parameters = parameters }) ?? true;
    }
}

So, adding this piece of code before loading the html into the browser view, it causes to pass every test in the email privacy tester. Then you can put a button for the user to load the remote content, and when the user clicks on it, you can allow every resource.

Attila Szász
  • 707
  • 4
  • 22