rnhmjoj/qutebrowser
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Greasemonkey: restrict page schemes that scripts can run on

Browse Source 
Scripts shouldn't run on qute://settings or source:// etc.

Whitelist from:
https://wiki.greasespot.net/Include_and_exclude_rules
This commit is contained in:
Jimmy 2017-11-05 16:36:09 +13:00
parent 799730f686
commit 41035cb5ca
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
qutebrowser/browser/greasemonkey.py
View File

@ -226,6 +226,10 @@ class GreasemonkeyManager(QObject):
""" """
scripts_reloaded = pyqtSignal() scripts_reloaded = pyqtSignal()
# https://wiki.greasespot.net/Include_and_exclude_rules#Greaseable_schemes
# Limit the schemes scripts can run on due to unreasonable levels of
# exploitability
greaseable_schemes = ['http', 'https', 'ftp', 'file']
def __init__(self, parent=None): def __init__(self, parent=None):
super().__init__(parent) super().__init__(parent)
@ -273,6 +277,8 @@ class GreasemonkeyManager(QObject):
returns a tuple of lists of scripts meant to run at (document-start, returns a tuple of lists of scripts meant to run at (document-start,
document-end, document-idle) document-end, document-idle)
""" """
if url.split(':', 1)[0] not in self.greaseable_schemes:
return [], [], []
match = functools.partial(fnmatch.fnmatch, url) match = functools.partial(fnmatch.fnmatch, url)
tester = (lambda script: tester = (lambda script:
any([match(pat) for pat in script.includes]) and any([match(pat) for pat in script.includes]) and