rnhmjoj/qutebrowser
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't double HTML escape JavaScript messages

Browse Source 
See https://bugreports.qt.io/browse/QTBUG-66104
This commit is contained in:
Florian Bruhin 2018-03-08 18:23:36 +01:00
parent f561272f9a
commit 9af07d86d6
3 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/changelog.asciidoc
View File

@ -116,6 +116,7 @@ Fixed
* Fixed hangs/segfaults on exit with Qt 5.10.1. * Fixed hangs/segfaults on exit with Qt 5.10.1.
* Fixed favicons sometimes getting cleared with Qt 5.10. * Fixed favicons sometimes getting cleared with Qt 5.10.
* Qt download objects are now cleaned up properly when a download is removed. * Qt download objects are now cleaned up properly when a download is removed.
* JavaScript messages are now not double-HTML escaped anymore on Qt < 5.11
- QtWebKit bugfixes: - QtWebKit bugfixes:
* Fixed GreaseMonkey-related crashes. * Fixed GreaseMonkey-related crashes.
* `:view-source` now displays a valid URL. * `:view-source` now displays a valid URL.

15
qutebrowser/browser/shared.py
View File

@ -74,14 +74,15 @@ def authentication_required(url, authenticator, abort_on):
return answer return answer
def javascript_confirm(url, js_msg, abort_on): def javascript_confirm(url, js_msg, abort_on, *, escape_msg=True):
"""Display a javascript confirm prompt.""" """Display a javascript confirm prompt."""
log.js.debug("confirm: {}".format(js_msg)) log.js.debug("confirm: {}".format(js_msg))
if config.val.content.javascript.modal_dialog: if config.val.content.javascript.modal_dialog:
raise CallSuper raise CallSuper
js_msg = html.escape(js_msg) if escape_msg else js_msg
msg = 'From <b>{}</b>:<br/>{}'.format(html.escape(url.toDisplayString()), msg = 'From <b>{}</b>:<br/>{}'.format(html.escape(url.toDisplayString()),
html.escape(js_msg)) js_msg)
urlstr = url.toString(QUrl.RemovePassword | QUrl.FullyEncoded) urlstr = url.toString(QUrl.RemovePassword | QUrl.FullyEncoded)
ans = message.ask('Javascript confirm', msg, ans = message.ask('Javascript confirm', msg,
mode=usertypes.PromptMode.yesno, mode=usertypes.PromptMode.yesno,
@ -89,7 +90,7 @@ def javascript_confirm(url, js_msg, abort_on):
return bool(ans) return bool(ans)
def javascript_prompt(url, js_msg, default, abort_on): def javascript_prompt(url, js_msg, default, abort_on, *, escape_msg=True):
"""Display a javascript prompt.""" """Display a javascript prompt."""
log.js.debug("prompt: {}".format(js_msg)) log.js.debug("prompt: {}".format(js_msg))
if config.val.content.javascript.modal_dialog: if config.val.content.javascript.modal_dialog:
@ -97,8 +98,9 @@ def javascript_prompt(url, js_msg, default, abort_on):
if not config.val.content.javascript.prompt: if not config.val.content.javascript.prompt:
return (False, "") return (False, "")
js_msg = html.escape(js_msg) if escape_msg else js_msg
msg = '<b>{}</b> asks:<br/>{}'.format(html.escape(url.toDisplayString()), msg = '<b>{}</b> asks:<br/>{}'.format(html.escape(url.toDisplayString()),
html.escape(js_msg)) js_msg)
urlstr = url.toString(QUrl.RemovePassword | QUrl.FullyEncoded) urlstr = url.toString(QUrl.RemovePassword | QUrl.FullyEncoded)
answer = message.ask('Javascript prompt', msg, answer = message.ask('Javascript prompt', msg,
mode=usertypes.PromptMode.text, mode=usertypes.PromptMode.text,
@ -111,7 +113,7 @@ def javascript_prompt(url, js_msg, default, abort_on):
return (True, answer) return (True, answer)
def javascript_alert(url, js_msg, abort_on): def javascript_alert(url, js_msg, abort_on, *, escape_msg=True):
"""Display a javascript alert.""" """Display a javascript alert."""
log.js.debug("alert: {}".format(js_msg)) log.js.debug("alert: {}".format(js_msg))
if config.val.content.javascript.modal_dialog: if config.val.content.javascript.modal_dialog:
@ -120,8 +122,9 @@ def javascript_alert(url, js_msg, abort_on):
if not config.val.content.javascript.alert: if not config.val.content.javascript.alert:
return return
js_msg = html.escape(js_msg) if escape_msg else js_msg
msg = 'From <b>{}</b>:<br/>{}'.format(html.escape(url.toDisplayString()), msg = 'From <b>{}</b>:<br/>{}'.format(html.escape(url.toDisplayString()),
html.escape(js_msg)) js_msg)
urlstr = url.toString(QUrl.RemovePassword | QUrl.FullyEncoded) urlstr = url.toString(QUrl.RemovePassword | QUrl.FullyEncoded)
message.ask('Javascript alert', msg, mode=usertypes.PromptMode.alert, message.ask('Javascript alert', msg, mode=usertypes.PromptMode.alert,
abort_on=abort_on, url=urlstr) abort_on=abort_on, url=urlstr)

12
qutebrowser/browser/webengine/webview.py
View File

@ -243,10 +243,12 @@ class WebEnginePage(QWebEnginePage):
"""Override javaScriptConfirm to use qutebrowser prompts.""" """Override javaScriptConfirm to use qutebrowser prompts."""
if self._is_shutting_down: if self._is_shutting_down:
return False return False
escape_msg = qtutils.version_check('5.11') # QTBUG-66104
try: try:
return shared.javascript_confirm(url, js_msg, return shared.javascript_confirm(url, js_msg,
abort_on=[self.loadStarted, abort_on=[self.loadStarted,
self.shutting_down]) self.shutting_down],
escape_msg=escape_msg)
except shared.CallSuper: except shared.CallSuper:
return super().javaScriptConfirm(url, js_msg) return super().javaScriptConfirm(url, js_msg)
@ -256,12 +258,14 @@ class WebEnginePage(QWebEnginePage):
# https://www.riverbankcomputing.com/pipermail/pyqt/2016-November/038293.html # https://www.riverbankcomputing.com/pipermail/pyqt/2016-November/038293.html
def javaScriptPrompt(self, url, js_msg, default): def javaScriptPrompt(self, url, js_msg, default):
"""Override javaScriptPrompt to use qutebrowser prompts.""" """Override javaScriptPrompt to use qutebrowser prompts."""
escape_msg = qtutils.version_check('5.11') # QTBUG-66104
if self._is_shutting_down: if self._is_shutting_down:
return (False, "") return (False, "")
try: try:
return shared.javascript_prompt(url, js_msg, default, return shared.javascript_prompt(url, js_msg, default,
abort_on=[self.loadStarted, abort_on=[self.loadStarted,
self.shutting_down]) self.shutting_down],
escape_msg=escape_msg)
except shared.CallSuper: except shared.CallSuper:
return super().javaScriptPrompt(url, js_msg, default) return super().javaScriptPrompt(url, js_msg, default)
@ -269,10 +273,12 @@ class WebEnginePage(QWebEnginePage):
"""Override javaScriptAlert to use qutebrowser prompts.""" """Override javaScriptAlert to use qutebrowser prompts."""
if self._is_shutting_down: if self._is_shutting_down:
return return
escape_msg = qtutils.version_check('5.11') # QTBUG-66104
try: try:
shared.javascript_alert(url, js_msg, shared.javascript_alert(url, js_msg,
abort_on=[self.loadStarted, abort_on=[self.loadStarted,
self.shutting_down]) self.shutting_down],
escape_msg=escape_msg)
except shared.CallSuper: except shared.CallSuper:
super().javaScriptAlert(url, js_msg) super().javaScriptAlert(url, js_msg)