[arch-commits] Commit in qutebrowser/trunk (initiator.patch)
Morten Linderud
foxboron at archlinux.org
Wed Oct 3 14:48:58 UTC 2018
Date: Wednesday, October 3, 2018 @ 14:48:57
Author: foxboron
Revision: 389225
removed patch
Deleted:
qutebrowser/trunk/initiator.patch
-----------------+
initiator.patch | 75 ------------------------------------------------------
1 file changed, 75 deletions(-)
Deleted: initiator.patch
===================================================================
--- initiator.patch 2018-10-03 14:40:59 UTC (rev 389224)
+++ initiator.patch 2018-10-03 14:48:57 UTC (rev 389225)
@@ -1,75 +0,0 @@
-diff --git a/qutebrowser/browser/webengine/webenginequtescheme.py b/qutebrowser/browser/webengine/webenginequtescheme.py
-index 3eb7c7df1..3ddbf48f4 100644
---- a/qutebrowser/browser/webengine/webenginequtescheme.py
-+++ b/qutebrowser/browser/webengine/webenginequtescheme.py
-@@ -19,7 +19,7 @@
-
- """QtWebEngine specific qute://* handlers and glue code."""
-
--from PyQt5.QtCore import QBuffer, QIODevice
-+from PyQt5.QtCore import QBuffer, QIODevice, QUrl
- from PyQt5.QtWebEngineCore import (QWebEngineUrlSchemeHandler,
- QWebEngineUrlRequestJob)
-
-@@ -39,6 +39,37 @@ class QuteSchemeHandler(QWebEngineUrlSchemeHandler):
- profile.installUrlSchemeHandler(b'chrome-error', self)
- profile.installUrlSchemeHandler(b'chrome-extension', self)
-
-+ def _check_initiator(self, job):
-+ """Check whether the initiator of the job should be allowed.
-+
-+ Only the browser itself or qute:// pages should access any of those
-+ URLs. The request interceptor further locks down qute://settings/set.
-+
-+ Args:
-+ job: QWebEngineUrlRequestJob
-+
-+ Return:
-+ True if the initiator is allowed, False if it was blocked.
-+ """
-+ try:
-+ initiator = job.initiator()
-+ except AttributeError:
-+ # Added in Qt 5.11
-+ return True
-+
-+ if initiator == QUrl('null') and not qtutils.version_check('5.12'):
-+ # WORKAROUND for https://bugreports.qt.io/browse/QTBUG-70421
-+ return True
-+
-+ if initiator.isValid() and initiator.scheme() != 'qute':
-+ log.misc.warning("Blocking malicious request from {} to {}".format(
-+ initiator.toDisplayString(),
-+ job.requestUrl().toDisplayString()))
-+ job.fail(QWebEngineUrlRequestJob.RequestDenied)
-+ return False
-+
-+ return True
-+
- def requestStarted(self, job):
- """Handle a request for a qute: scheme.
-
-@@ -55,21 +86,8 @@ class QuteSchemeHandler(QWebEngineUrlSchemeHandler):
- job.fail(QWebEngineUrlRequestJob.UrlInvalid)
- return
-
-- # Only the browser itself or qute:// pages should access any of those
-- # URLs.
-- # The request interceptor further locks down qute://settings/set.
-- try:
-- initiator = job.initiator()
-- except AttributeError:
-- # Added in Qt 5.11
-- pass
-- else:
-- if initiator.isValid() and initiator.scheme() != 'qute':
-- log.misc.warning("Blocking malicious request from {} to {}"
-- .format(initiator.toDisplayString(),
-- url.toDisplayString()))
-- job.fail(QWebEngineUrlRequestJob.RequestDenied)
-- return
-+ if not self._check_initiator(job):
-+ return
-
- if job.requestMethod() != b'GET':
- job.fail(QWebEngineUrlRequestJob.RequestDenied)
More information about the arch-commits
mailing list