Don't strip info when loading PAC from a file

qutebrowser/browser/network/pac.py

@@ -199,18 +199,23 @@ class PACResolver:
             err = "Cannot resolve FindProxyForURL function, got '{}' instead"
             raise EvalProxyError(err.format(self._resolver.toString()))
 
-    def resolve(self, query):
+    def resolve(self, query, from_file=False):
         """Resolve a proxy via PAC.
 
         Args:
             query: QNetworkProxyQuery.
+            from_file: Whether the proxy info is coming from a file.
 
         Return:
             A list of QNetworkProxy objects in order of preference.
         """
+        if from_file:
+            string_flags = QUrl.PrettyDecoded
+        else:
             string_flags = QUrl.RemoveUserInfo
             if query.url().scheme() == 'https':
                 string_flags |= QUrl.RemovePath | QUrl.RemoveQuery
+
         result = self._resolver.call([query.url().toString(string_flags),
                                       query.peerHostName()])
         result_str = result.toString()
@@ -239,6 +244,7 @@ class PACFetcher(QObject):
         assert url.scheme().startswith(pac_prefix)
         url.setScheme(url.scheme()[len(pac_prefix):])
 
+        self._pac_url = url
         self._manager = QNetworkAccessManager()
         self._manager.setProxy(QNetworkProxy(QNetworkProxy.NoProxy))
         self._reply = self._manager.get(QNetworkRequest(url))
@@ -295,8 +301,9 @@ class PACFetcher(QObject):
         Return a list of QNetworkProxy objects in order of preference.
         """
         self._wait()
+        from_file = self._pac_url.scheme() == 'file'
         try:
-            return self._pac.resolve(query)
+            return self._pac.resolve(query, from_file=from_file)
         except (EvalProxyError, ParseProxyError) as e:
             log.network.exception("Error in PAC resolution: {}.".format(e))
             # .invalid is guaranteed to be inaccessible in RFC 6761.

tests/unit/browser/webkit/network/test_pac.py

@@ -182,7 +182,16 @@ def test_fail_return():
     ('https://secret@example.com', False),  # user stripped with HTTPS
     ('https://user:secret@example.com', False),  # password stripped with HTTPS
 ])
-def test_secret_url(url, has_secret):
+@pytest.mark.parametrize('from_file', [True, False])
+def test_secret_url(url, has_secret, from_file):
+    """Make sure secret parts in an URL are stripped correctly.
+
+    The following parts are considered secret:
+        - If the PAC info is loaded from a local file, nothing.
+        - If the URL to resolve is a HTTP URL, the username/password.
+        - If the URL to resolve is a HTTPS URL, the username/password, query
+          and path.
+    """
     test_str = """
         function FindProxyForURL(domain, host) {{
             has_secret = domain.indexOf("secret") !== -1;
@@ -194,7 +203,7 @@ def test_secret_url(url, has_secret):
         }}
     """.format('true' if (has_secret or from_file) else 'false')
     res = pac.PACResolver(test_str)
-    res.resolve(QNetworkProxyQuery(QUrl(url)))
+    res.resolve(QNetworkProxyQuery(QUrl(url)), from_file=from_file)
 
 
 # See https://github.com/qutebrowser/qutebrowser/pull/1891#issuecomment-259222615