From f9d976880e3c570dd20fa7f5f41c536b2bf76451 Mon Sep 17 00:00:00 2001
From: Florian Bruhin <git@the-compiler.org>
Date: Tue, 20 Mar 2018 21:14:04 +0100
Subject: [PATCH 1/2] Disable shared web workers on Qt < 5.11

---
 doc/changelog.asciidoc               |  5 +++++
 qutebrowser/config/configinit.py     | 11 ++++++++++-
 tests/unit/config/test_configinit.py | 16 ++++++++++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc
index 15b89efcf..fc58346b0 100644
--- a/doc/changelog.asciidoc
+++ b/doc/changelog.asciidoc
@@ -29,6 +29,11 @@ Added
 Changed
 ~~~~~~~
 
+- QtWebEngine: Support for JavaScript Shared Web Workers have been disabled on
+  Qt versions older than 5.11 because of security issues in in Chromium.
+  You can get the same effect in earlier versions via
+  `:set qt.args ['disable-shared-workers']`. An equivalent workaround is also
+  contained in Qt 5.9.5 and 5.10.1.
 - The file dialog for downloads now has basic tab completion based on the
   entered text.
 - `:version` now shows OS information for POSIX OS other than Linux/macOS.
diff --git a/qutebrowser/config/configinit.py b/qutebrowser/config/configinit.py
index c7c9362b0..5c06a4a3d 100644
--- a/qutebrowser/config/configinit.py
+++ b/qutebrowser/config/configinit.py
@@ -26,7 +26,8 @@ from PyQt5.QtWidgets import QMessageBox
 
 from qutebrowser.config import (config, configdata, configfiles, configtypes,
                                 configexc, configcommands)
-from qutebrowser.utils import objreg, usertypes, log, standarddir, message
+from qutebrowser.utils import (objreg, usertypes, log, standarddir, message,
+                               qtutils)
 from qutebrowser.misc import msgbox, objects
 
 
@@ -161,4 +162,12 @@ def qt_args(namespace):
             argv += ['--' + name, value]
 
     argv += ['--' + arg for arg in config.val.qt.args]
+
+    if (objects.backend == usertypes.Backend.QtWebEngine and
+            not qtutils.version_check('5.11', compiled=False)):
+        # WORKAROUND equivalent to
+        # https://codereview.qt-project.org/#/c/217932/
+        # Needed for Qt < 5.9.5 and < 5.10.1
+        argv.append('--disable-shared-workers')
+
     return argv
diff --git a/tests/unit/config/test_configinit.py b/tests/unit/config/test_configinit.py
index e7d217d8e..084c2c0d9 100644
--- a/tests/unit/config/test_configinit.py
+++ b/tests/unit/config/test_configinit.py
@@ -347,6 +347,12 @@ class TestQtArgs:
         mocker.patch.object(parser, 'exit', side_effect=Exception)
         return parser
 
+    @pytest.fixture(autouse=True)
+    def patch_version_check(self, monkeypatch):
+        """Make sure no --disable-shared-workers argument gets added."""
+        monkeypatch.setattr(configinit.qtutils, 'version_check',
+                            lambda version, compiled: True)
+
     @pytest.mark.parametrize('args, expected', [
         # No Qt arguments
         (['--debug'], [sys.argv[0]]),
@@ -382,6 +388,16 @@ class TestQtArgs:
         config_stub.val.qt.args = ['bar']
         assert configinit.qt_args(parsed) == [sys.argv[0], '--foo', '--bar']
 
+    def test_shared_workers(self, config_stub, monkeypatch, parser):
+        monkeypatch.setattr(configinit.qtutils, 'version_check',
+                            lambda version, compiled: False)
+        monkeypatch.setattr(configinit.objects, 'backend',
+                            usertypes.Backend.QtWebEngine)
+        parsed = parser.parse_args()
+        expected = [sys.argv[0], '--disable-shared-workers']
+        assert configinit.qt_args(parsed) == expected
+
+
 
 @pytest.mark.parametrize('arg, confval, used', [
     # overridden by commandline arg

From 11696f00733ab44b3414b82cb049e10a6919f2cb Mon Sep 17 00:00:00 2001
From: Florian Bruhin <git@the-compiler.org>
Date: Tue, 20 Mar 2018 22:16:16 +0100
Subject: [PATCH 2/2] Fix test_configinit

---
 tests/unit/config/test_configinit.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tests/unit/config/test_configinit.py b/tests/unit/config/test_configinit.py
index 084c2c0d9..2ee572860 100644
--- a/tests/unit/config/test_configinit.py
+++ b/tests/unit/config/test_configinit.py
@@ -393,12 +393,11 @@ class TestQtArgs:
                             lambda version, compiled: False)
         monkeypatch.setattr(configinit.objects, 'backend',
                             usertypes.Backend.QtWebEngine)
-        parsed = parser.parse_args()
+        parsed = parser.parse_args([])
         expected = [sys.argv[0], '--disable-shared-workers']
         assert configinit.qt_args(parsed) == expected
 
 
-
 @pytest.mark.parametrize('arg, confval, used', [
     # overridden by commandline arg
     ('webkit', 'webengine', usertypes.Backend.QtWebKit),