From 15c547b3f5cbec2567dfc91866b38c9afd29a6a0 Mon Sep 17 00:00:00 2001
From: Florian Bruhin <me@the-compiler.org>
Date: Fri, 7 Sep 2018 12:24:11 +0200
Subject: [PATCH] Move QuteSchemeHandler._check_initiator to its own method

---
 .../browser/webengine/webenginequtescheme.py  | 44 ++++++++++++-------
 1 file changed, 29 insertions(+), 15 deletions(-)

diff --git a/qutebrowser/browser/webengine/webenginequtescheme.py b/qutebrowser/browser/webengine/webenginequtescheme.py
index 3e39943a6..b94fc3844 100644
--- a/qutebrowser/browser/webengine/webenginequtescheme.py
+++ b/qutebrowser/browser/webengine/webenginequtescheme.py
@@ -39,6 +39,33 @@ class QuteSchemeHandler(QWebEngineUrlSchemeHandler):
             profile.installUrlSchemeHandler(b'chrome-error', self)
             profile.installUrlSchemeHandler(b'chrome-extension', self)
 
+    def _check_initiator(self, job):
+        """Check whether the initiator of the job should be allowed.
+
+        Only the browser itself or qute:// pages should access any of those
+        URLs. The request interceptor further locks down qute://settings/set.
+
+        Args:
+            job: QWebEngineUrlRequestJob
+
+        Return:
+            True if the initiator is allowed, False if it was blocked.
+        """
+        try:
+            initiator = job.initiator()
+        except AttributeError:
+            # Added in Qt 5.11
+            return True
+
+        if initiator.isValid() and initiator.scheme() != 'qute':
+            log.misc.warning("Blocking malicious request from {} to {}"
+                                .format(initiator.toDisplayString(),
+                                        url.toDisplayString()))
+            job.fail(QWebEngineUrlRequestJob.RequestDenied)
+            return False
+
+        return True
+
     def requestStarted(self, job):
         """Handle a request for a qute: scheme.
 
@@ -55,21 +82,8 @@ class QuteSchemeHandler(QWebEngineUrlSchemeHandler):
             job.fail(QWebEngineUrlRequestJob.UrlInvalid)
             return
 
-        # Only the browser itself or qute:// pages should access any of those
-        # URLs.
-        # The request interceptor further locks down qute://settings/set.
-        try:
-            initiator = job.initiator()
-        except AttributeError:
-            # Added in Qt 5.11
-            pass
-        else:
-            if initiator.isValid() and initiator.scheme() != 'qute':
-                log.misc.warning("Blocking malicious request from {} to {}"
-                                 .format(initiator.toDisplayString(),
-                                         url.toDisplayString()))
-                job.fail(QWebEngineUrlRequestJob.RequestDenied)
-                return
+        if not self._check_initiator(job):
+            return
 
         if job.requestMethod() != b'GET':
             job.fail(QWebEngineUrlRequestJob.RequestDenied)