Add --enable-webengine-inspector option

Since the inspector can be a security risk, it's now not linked to developer-extras anymore until QtWebEngine provides a better way to access it. See: https://bugreports.qt.io/browse/QTBUG-50725 http://bouk.co/blog/hacking-developers/
2016-11-23 08:12:13 +01:00 · 2016-11-23 08:12:13 +01:00 · 946e3f93f9
commit 946e3f93f9
parent d99a7bd7ad
9 changed files with 32 additions and 18 deletions
--- a/doc/help/settings.asciidoc
+++ b/doc/help/settings.asciidoc
@ -397,7 +397,7 @@ This setting is only available with the QtWebKit backend.
 === developer-extras
 Enable extra tools for Web developers.

-This needs to be enabled for `:inspector` to work and also adds an _Inspect_ entry to the context menu.
+This needs to be enabled for `:inspector` to work and also adds an _Inspect_ entry to the context menu. For QtWebEngine, see 'qutebrowser --help' instead.

 Valid values:

@ -406,6 +406,8 @@ Valid values:

 Default: +pass:[false]+

+This setting is only available with the QtWebKit backend.
+
 [[general-print-element-backgrounds]]
 === print-element-backgrounds
 Whether the background color and images are also drawn when the page is printed.
--- a/doc/qutebrowser.1.asciidoc
+++ b/doc/qutebrowser.1.asciidoc
@ -59,6 +59,9 @@ show it.
 *--backend* '{webkit,webengine}'::
    Which backend to use (webengine backend is EXPERIMENTAL!).

+*--enable-webengine-inspector*::
+    Enable the web inspector for QtWebEngine. Note that this is a SECURITY RISK and you should not visit untrusted websites with the inspector turned on. See https://bugreports.qt.io/browse/QTBUG-50725 for more details.
+
 === debug arguments
 *-l* '{critical,error,warning,info,debug,vdebug}', *--loglevel* '{critical,error,warning,info,debug,vdebug}'::
    Set loglevel
--- a/qutebrowser/browser/inspector.py
+++ b/qutebrowser/browser/inspector.py
@ -26,7 +26,6 @@ from PyQt5.QtWidgets import QWidget

 from qutebrowser.utils import log, objreg
 from qutebrowser.misc import miscwidgets
-from qutebrowser.config import config


 def create(parent=None):
@ -91,13 +90,6 @@ class AbstractWebInspector(QWidget):
        state_config['geometry']['inspector'] = geom
        super().closeEvent(e)

-    def _check_developer_extras(self):
-        """Check if developer-extras are enabled."""
-        if not config.get('general', 'developer-extras'):
-            raise WebInspectorError(
-                "Please enable developer-extras before using the "
-                "webinspector!")
-
    def inspect(self, page):
        """Inspect the given QWeb(Engine)Page."""
        raise NotImplementedError
--- a/qutebrowser/browser/webengine/webengineinspector.py
+++ b/qutebrowser/browser/webengine/webengineinspector.py
@ -41,13 +41,12 @@ class WebEngineInspector(inspector.AbstractWebInspector):

    def inspect(self, _page):
        """Set up the inspector."""
-        self._check_developer_extras()
        try:
            port = int(os.environ['QTWEBENGINE_REMOTE_DEBUGGING'])
        except KeyError:
            raise inspector.WebInspectorError(
-                "Debugging is not set up correctly. Did you restart after "
-                "setting developer-extras?")
+                "Debugging is not enabled. See 'qutebrowser --help' for "
+                "details.")
        url = QUrl('http://localhost:{}/'.format(port))
        self._widget.load(url)
        self.show()
--- a/qutebrowser/browser/webengine/webenginesettings.py
+++ b/qutebrowser/browser/webengine/webenginesettings.py
@ -106,10 +106,9 @@ def update_settings(section, option):
        _init_stylesheet(profile)


-def init(_args):
+def init(args):
    """Initialize the global QWebSettings."""
-    if config.get('general', 'developer-extras'):
-        # FIXME:qtwebengine Make sure we call globalSettings *after* this...
+    if args.enable_webengine_inspector:
        os.environ['QTWEBENGINE_REMOTE_DEBUGGING'] = str(utils.random_port())

    profile = QWebEngineProfile.defaultProfile()
--- a/qutebrowser/browser/webkit/webkitinspector.py
+++ b/qutebrowser/browser/webkit/webkitinspector.py
@ -23,6 +23,7 @@
 from PyQt5.QtWebKitWidgets import QWebInspector

 from qutebrowser.browser import inspector
+from qutebrowser.config import config


 class WebKitInspector(inspector.AbstractWebInspector):
@ -35,6 +36,9 @@ class WebKitInspector(inspector.AbstractWebInspector):
        self._set_widget(qwebinspector)

    def inspect(self, page):
-        self._check_developer_extras()
+        if not config.get('general', 'developer-extras'):
+            raise inspector.WebInspectorError(
+                "Please enable developer-extras before using the "
+                "webinspector!")
        self._widget.setPage(page)
        self.show()
--- a/qutebrowser/config/configdata.py
+++ b/qutebrowser/config/configdata.py
@ -184,10 +184,12 @@ def data(readonly=False):
             "icons."),

            ('developer-extras',
-             SettingValue(typ.Bool(), 'false'),
+             SettingValue(typ.Bool(), 'false',
+                          backends=[usertypes.Backend.QtWebKit]),
             "Enable extra tools for Web developers.\n\n"
             "This needs to be enabled for `:inspector` to work and also adds "
-             "an _Inspect_ entry to the context menu."),
+             "an _Inspect_ entry to the context menu. For QtWebEngine, see "
+             "'qutebrowser --help' instead."),

            ('print-element-backgrounds',
             SettingValue(typ.Bool(), 'true',
--- a/qutebrowser/qutebrowser.py
+++ b/qutebrowser/qutebrowser.py
@ -66,6 +66,12 @@ def get_argparser():
    parser.add_argument('--backend', choices=['webkit', 'webengine'],
                        help="Which backend to use (webengine backend is "
                             "EXPERIMENTAL!).", default='webkit')
+    parser.add_argument('--enable-webengine-inspector', action='store_true',
+                        help="Enable the web inspector for QtWebEngine. Note "
+                        "that this is a SECURITY RISK and you should not visit "
+                        "untrusted websites with the inspector turned on. See "
+                        "https://bugreports.qt.io/browse/QTBUG-50725 for more "
+                        "details.")

    parser.add_argument('--json-args', help=argparse.SUPPRESS)
    parser.add_argument('--temp-basedir-restarted', help=argparse.SUPPRESS)
--- a/tests/end2end/features/misc.feature
+++ b/tests/end2end/features/misc.feature
@ -130,11 +130,17 @@ Feature: Various utility commands.

    # :inspect

+    @qtwebengine_skip
    Scenario: Inspector without developer extras
        When I set general -> developer-extras to false
        And I run :inspector
        Then the error "Please enable developer-extras before using the webinspector!" should be shown

+    @qtwebkit_skip
+    Scenario: Inspector without --enable-webengine-inspector
+        When I run :inspector
+        Then the error "Debugging is not enabled. See 'qutebrowser --help' for details." should be shown
+
    @no_xvfb @posix @qtwebengine_skip
    Scenario: Inspector smoke test
        When I set general -> developer-extras to true
@ -145,6 +151,7 @@ Feature: Various utility commands.
        Then no crash should happen

    # Different code path as an inspector got created now
+    @qtwebengine_skip
    Scenario: Inspector without developer extras (after smoke)
        When I set general -> developer-extras to false
        And I run :inspector