From 1002f4d9844dde87e9e14c0991699ea2a57e412e Mon Sep 17 00:00:00 2001
From: "Jay Freeman (saurik)" <saurik@saurik.com>
Date: Thu, 30 Oct 2014 05:19:26 -0700
Subject: [PATCH] Block evil attempts to redirect to the App Store.

---
 CyteKit/WebViewController.h  |  1 +
 CyteKit/WebViewController.mm | 30 ++++++++++++++++++++++++++++--
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/CyteKit/WebViewController.h b/CyteKit/WebViewController.h
index 96186c16..24832242 100644
--- a/CyteKit/WebViewController.h
+++ b/CyteKit/WebViewController.h
@@ -56,6 +56,7 @@
     bool ready_;
 
     _transient NSNumber *sensitive_;
+    _H<NSURL> appstore_;
 
     _H<NSString> title_;
     _H<NSMutableSet> loading_;
diff --git a/CyteKit/WebViewController.mm b/CyteKit/WebViewController.mm
index 7d91177f..f1448e1a 100644
--- a/CyteKit/WebViewController.mm
+++ b/CyteKit/WebViewController.mm
@@ -461,10 +461,29 @@ float CYScrollViewDecelerationRateNormal;
     NSLog(@"decidePolicyForNavigationAction:%@ request:%@ %@ frame:%@", action, request, [request allHTTPHeaderFields], frame);
 #endif
 
+    NSURL *url(request == nil ? nil : [request URL]);
+    if ([[url scheme] isEqualToString:@"itms-appss"] || [[url absoluteString] hasPrefix:@"https://itunes.apple.com/app/"]) {
+        appstore_ = url;
+
+        UIAlertView *alert = [[[UIAlertView alloc]
+            initWithTitle:UCLocalize("APP_STORE_REDIRECT")
+            message:nil
+            delegate:self
+            cancelButtonTitle:UCLocalize("CANCEL")
+            otherButtonTitles:
+                UCLocalize("ALLOW"),
+            nil
+        ] autorelease];
+
+        [alert setContext:@"itmsappss"];
+        [alert show];
+
+        [listener ignore];
+        return;
+    }
+
     if ([frame parentFrame] == nil) {
         if (!error_) {
-            NSURL *url(request == nil ? nil : [request URL]);
-
             if (request_ != nil && ![[request_ URL] isEqual:url] && ![self allowsNavigationAction]) {
                 if (url != nil)
                     [self pushRequest:request forAction:action asPop:NO];
@@ -734,6 +753,13 @@ float CYScrollViewDecelerationRateNormal;
 
         challenge_ = nil;
 
+        [alert dismissWithClickedButtonIndex:-1 animated:YES];
+    } else if ([context isEqualToString:@"itmsappss"]) {
+        if (button == [alert cancelButtonIndex]) {
+        } else if (button == [alert firstOtherButtonIndex]) {
+            [delegate_ openURL:appstore_];
+        }
+
         [alert dismissWithClickedButtonIndex:-1 animated:YES];
     } else if ([context isEqualToString:@"submit"]) {
         if (button == [alert cancelButtonIndex]) {
-- 
2.45.2