rnhmjoj/qutebrowser
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
17,090 Commits 1 Branch 0 Tags 112 MiB
27ee3280b2
Commit Graph

1001 Commits

Author SHA1 Message Date
Florian Bruhin
43e58ac865 CVE-2018-10895: Fix CSRF issues with qute://settings/set URL 
In ffc29ee043 (part of v1.0.0), a
qute://settings/set URL was added to change settings.

Contrary to what I apparently believed at the time, it *is* possible for
websites to access `qute://*` URLs (i.e., neither QtWebKit nor QtWebEngine
prohibit such requests, other than the usual cross-origin rules).

In other words, this means a website can e.g. have an `<img>` tag which loads a
`qute://settings/set` URL, which then sets `editor.command` to a bash script.
The result of that is arbitrary code execution.

Fixes #4060
See #2332
 2018-07-11 17:05:23 +02:00
Olmo Kramer
9f5f52360c
Add test cases for url-patterns 2018-07-04 23:52:28 +02:00
Olmo Kramer
332cbf811b
Add test for custom hint group 2018-07-04 22:56:47 +02:00
Olmo Kramer
7aa5db29b5
Add tests for invalid hint group & js click handler 2018-07-04 22:56:47 +02:00
Florian Bruhin
a0f36c5cbf Skip JS test which is too flaky 2018-07-03 14:15:08 +02:00
Florian Bruhin
26d6cf8ef6 Stabilize URL escaping test 2018-07-03 10:29:28 +02:00
Florian Bruhin
f6f713bbfe Skip key forwarding tests on Qt 5.11.1 
See #4036
 2018-07-02 23:19:57 +02:00
Florian Bruhin
6ca11ed95b Adjust SSL test for Qt 5.11 2018-07-02 23:15:04 +02:00
Florian Bruhin
9a14574c9f Skip invalid links on any Qt 5.11 version 
See #3661
 2018-07-02 22:32:59 +02:00
Florian Bruhin
3312c221c4 Stabilize ssl_strict test 2018-06-26 10:26:17 +02:00
Florian Bruhin
85a9f6a08a Fix lint 2018-06-26 10:23:48 +02:00
Florian Bruhin
1bc3d444b6 Stabilize escaping URLs test 2018-06-25 23:02:50 +02:00
Florian Bruhin
87778277e0 Fix SSL error page tests 2018-06-25 22:51:48 +02:00
Florian Bruhin
a02c25dfb1 Don't escape URLs for qute://history 
We only use the URL to set a 'href' attribute, which does not need escaping.

See #4011
Fixes #4012
 2018-06-23 14:27:07 +02:00
Florian Bruhin
5a7869f2fe Fix XSS issue on qute://history 
Fixes #4011
 2018-06-21 21:20:19 +02:00
Jay Kamat
0e7bbccd71
Fix stacking tabs setting with new_tab prev 2018-06-19 12:10:21 -04:00
Jay Kamat
1919029858
Add setting for controlling stacking of new tabs 2018-06-18 18:09:13 -04:00
Florian Bruhin
b1b06fcb43 Fix restore test 2018-06-14 17:42:33 +02:00
Florian Bruhin
11fce30ed0 Stabilize mode_on_change tests 2018-06-14 15:56:48 +02:00
Florian Bruhin
1335fccba1 Merge remote-tracking branch 'origin/pr/3590' into tab-mode 2018-06-14 15:40:58 +02:00
Florian Bruhin
cec63ea449 Merge remote-tracking branch 'origin/pr/3906' 2018-06-14 14:49:30 +02:00
Florian Bruhin
b7c1d7fe37 Fix broken tests 2018-06-11 18:38:22 +02:00
Florian Bruhin
263d298449 Remove the content.developer_extras setting 2018-06-11 18:09:24 +02:00
Florian Bruhin
98c82859b5 Skip "History with view-source URL" on QtWebKit 2018-06-11 15:36:48 +02:00
Florian Bruhin
7f69920158 Merge remote-tracking branch 'origin/pr/3947' 2018-06-11 11:29:14 +02:00
Florian Bruhin
1ba2e3e24b Implement Qt 5.11 devtools support 
See #3010
 2018-06-11 11:07:14 +02:00
Florian Bruhin
c4add62301 Merge remote-tracking branch 'origin/pr/3825' 2018-06-10 17:30:44 +02:00
Florian Bruhin
50fa7743ba Only use OS-specific line separator for hints 2018-06-10 17:21:31 +02:00
Jay Kamat
de127497a2
Press enter to follow links instead of using js 
This codepath may trigger a crash which was fixed by
0e75f3272d.
However, this commit does not make it more likely to happen, and this
patch was backported into arch (at least).

In the future, we may be able to use <enter> on qtwebkit with js,
without triggering this crash
 2018-06-09 15:42:44 -07:00
Florian Bruhin
8bf7cb539a Mark modal window test as flaky 2018-06-07 22:57:16 +02:00
Florian Bruhin
999513d5d8 Skip invalid link tests on Qt 5.11 
Qt 5.11 just loads about:blank and doesn't let us catch this in
acceptNavigationRequest, but the same happens in Chromium as well.

See #3661
 2018-06-07 13:49:28 +02:00
Florian Bruhin
8cc3804119 Don't run test with failed download on Qt 5.11 
Looks like we can't use an <a> tag with download-attribute to trigger a failed
download in the test on Qt 5.11...

See #2298, #3661
 2018-06-06 21:12:23 +02:00
Jay Kamat
c33a887b2d
Add support for following tab selected elements to :follow-selected 2018-05-25 12:39:36 -07:00
Jay Kamat
71d55e9213
Refocus command prompt after a new tab is opened when in command mode 2018-05-11 08:49:13 -07:00
Jay Kamat
95093b82c9
Refocus webview after spawning a background tab 2018-05-10 10:15:01 -07:00
Jay Kamat
bc9f178a08
Add test for tab-bg focus 2018-05-09 15:34:01 -07:00
Florian Bruhin
8531f89ca3 Merge remote-tracking branch 'origin/pr/3789' 2018-05-08 11:45:20 +02:00
Florian Bruhin
49bdcd5a97 Merge remote-tracking branch 'origin/pr/3796' 2018-05-03 13:58:26 +02:00
rr-
537aa22d64 Change clipboard mocking 2018-04-18 11:00:05 +02:00
rr-
30d3612a17 Add test for rapid yanking 2018-04-18 10:59:54 +02:00
Jay Kamat
cbb246fd0b
Update tests for new implementation 2018-04-16 23:28:32 -04:00
Florian Bruhin
4a78519b63 Mark opening/closing window via JS test as flaky 2018-04-16 17:14:47 +02:00
Slackhead
62aa9bdbb3 Added debug() logging for next/prev-tab and test scenarios 2018-04-09 02:03:02 +01:00
Slackhead
fac546e9b4 Remove test scenarios for last/first tab when wrap is off 2018-04-08 18:56:16 +01:00
Jay Kamat
76dbfa7305
Allow searching for double semicolons 
Possibly breaks scripts using :search with ;; to split commands. A
workaround is to put the :search command at the end.
 2018-04-05 17:20:50 -04:00
Jay Kamat
9ad6cef369
Add a test for leading arguments 2018-04-01 21:00:02 -04:00
Jay Kamat
cb8a75577e
Add tests for hinting with --first 2018-03-30 15:03:08 -04:00
Florian Bruhin
005fa8b675 Fix newline 2018-03-28 09:14:26 +02:00
Florian Bruhin
c7e5033eaa Set MainWindow as parent of TabbedBrowser 
If we close the MainWindow (and it gets deleted), we need to make sure to delete
the TabbedBrowser as well.

Fixes #3781
 2018-03-28 08:58:07 +02:00
Florian Bruhin
d4ea1df232 Improve window_open.html tests 2018-03-25 19:56:48 +02:00
Florian Bruhin
f1789effdc Stabilize navigate.feature on Qt 5.11 
Looks like we get qute://help as URL from the previous test otherwise?
See #3661
 2018-03-23 10:29:25 +01:00
Florian Bruhin
e43f0a61b9 Move all QWebEngineScript related code out of webenginesettings 
It looks like there's some issue with QWebEngineScript in a profile, at least
with older Qt versions...

See #3497, #3377
 2018-03-19 17:33:02 +01:00
Marc Jauvin
b7159d780a Merge 'origin/master' into tab-input-mode 2018-03-16 14:28:36 -04:00
Florian Bruhin
c0fdf19756 Merge remote-tracking branch 'origin/pr/3704' 2018-03-14 08:06:24 +01:00
Marc Jauvin
c9f6cd507b address requested changes 
- add INPUT_MODES & PROMPT_MODES constants in modeman
- use those in tabbedbrowser and modeman
- fix debug logs format to be more human readable
- fix associated tests for new debug logs
 2018-03-13 23:31:48 -04:00
Jay Kamat
35beff98a9
Add test for #3711 2018-03-13 19:18:42 -04:00
Ryan Roden-Corrent
38bb3673db Preserve a backup if editor callback fails. 
Currently the editor deletes its temp file whenever editing is finished.
With this patch, the file will not be deleted if the editor callback
encounters an exception.

One example is if the tab containing the edited element is closed. The
editor errors with "Edited element vanished", but with this patch it
will also print "Backup at ..." so the user does not lose their work.

Resolves #1596.

Supersedes #3641, using the cleaner approach started in #1677.
 2018-03-12 08:34:50 -04:00
Florian Bruhin
f0a649e101 Mark another GreaseMonkey test as flaky 
See #3238
 2018-03-11 14:29:54 +01:00
Florian Bruhin
06bccfeb78 Improve error message for QtWebEngine inspector 2018-03-06 12:57:38 +01:00
Florian Bruhin
69a58c9597 Remove Qt 5.8 support and tests 
With QtWebKit it's probably okay to still use it (*cough* Hyperbola
GNU/Linux-libre^tm *cough*), and only blacklisting it with QtWebEngine would be
quite some effort.

Fixes #3608
 2018-03-06 11:04:59 +01:00
Florian Bruhin
0e2a39da2a Fix tests for keyboard parsing change 2018-03-06 07:39:41 +01:00
Florian Bruhin
155a1901c0 Merge branch 'keys' 2018-03-04 22:50:41 +01:00
Florian Bruhin
7fd0b52360 Add missing newline 
[ci skip]
 2018-02-28 08:11:23 +01:00
Florian Bruhin
f3aaa1084a Migrate spell tests to unittests 2018-02-28 08:08:23 +01:00
Florian Bruhin
d9ae3fd5aa Fix more hinting issues 2018-02-26 20:49:02 +01:00
Florian Bruhin
8bce2ba8e8 Fix expected message 2018-02-26 20:03:21 +01:00
Florian Bruhin
f1b20f6dc4 Fix forward_unbound_keys test 2018-02-26 20:02:43 +01:00
Florian Bruhin
1444634abb Fix :fake-key test 2018-02-26 14:26:12 +01:00
Florian Bruhin
353753c03c Merge remote-tracking branch 'origin/pr/3620' 2018-02-26 07:26:24 +01:00
Florian Bruhin
de0aa32c11 Merge remote-tracking branch 'origin/pr/3626' 2018-02-26 07:20:34 +01:00
Jay Kamat
76bf35cbdd
Add qtbug60673 markers to relevant tests 2018-02-25 19:00:15 -05:00
Jay Kamat
7a8fa5f46e
Implement deduplication of searches on webkit 2018-02-25 18:40:16 -05:00
Florian Bruhin
54713f57e5 Merge remote-tracking branch 'origin/pr/3624' 2018-02-25 21:09:56 +01:00
Florian Bruhin
52b5492c6a Merge branch 'per-url' 2018-02-25 19:44:51 +01:00
Florian Bruhin
ba88fc43e0 Stabilize error page test 2018-02-25 19:40:38 +01:00
Florian Bruhin
4c147b77c1 Add a test for the error page workaround 2018-02-25 16:35:02 +01:00
Jay Kamat
4602afe770
Add a webengine duplicate search test 2018-02-23 18:13:20 -05:00
Jay Kamat
820ffed07f
Remove test blacklists for 5.10 2018-02-23 18:06:57 -05:00
Florian Bruhin
98b2b67b8b Add tests for per-URL JavaScript settings 2018-02-23 15:08:07 +01:00
Jay Kamat
cb8d62866c
Blacklist qt versions 5.8.0 through 5.9.4 for caret tests 2018-02-22 18:34:15 -05:00
Jay Kamat
c16c625feb
Add basic tests for searching and caret mode 2018-02-22 10:28:35 -05:00
Florian Bruhin
ecfd4a77a0 Merge remote-tracking branch 'origin/pr/3562' 2018-02-21 10:11:40 +01:00
Florian Bruhin
7c1fb1d215 Refactor acceptNavigationRequest handling to use signals 2018-02-19 22:07:53 +01:00
Marc Jauvin
620a966d1e add debug logs and adjust tests to use them 2018-02-14 09:58:23 -05:00
Marc Jauvin
9b8a182a78 history-clear does nothing to help here 2018-02-13 17:03:01 -05:00
Marc Jauvin
f94e12008a fix the tests by clearing history 2018-02-13 16:23:56 -05:00
Marc Jauvin
e38df261cb skip this test for qt>=5.10 until the log problem gets resolved 2018-02-13 13:00:44 -05:00
Marc Jauvin
6214c38d7e add input_mode tests for tabs.mode_on_change 2018-02-12 18:11:32 -05:00
Florian Bruhin
47451aa495 Open qute://tabs with :buffer 2018-02-12 23:00:26 +01:00
George Edward Bulmer
2f4910f1f2 Add test for escaping {{url}} 2018-02-11 14:17:28 +00:00
Florian Bruhin
52d7ff79fc Skip another scroll test with Qt 5.10 and Travis 2018-02-10 20:15:17 +01:00
Florian Bruhin
0b5ba828db Add missing test 2018-02-09 22:23:07 +01:00
Florian Bruhin
e0dd7970d8 Skip fragment test 
Looks like this now XPASSes with Qt 5.10 on Windows
 2018-02-08 20:23:34 +01:00
Florian Bruhin
ea80ded8d5 Try to stabilize editor end2end test 
Let's also wait until we're sure the mtime changed here.
 2018-02-08 20:21:25 +01:00
Florian Bruhin
53e7d13c2d Skip failing scrolling tests on Qt 5.10 on Travis 
See #3572
 2018-02-08 10:42:55 +01:00
Florian Bruhin
3306247ae5 Merge branch 'editor-watch' 2018-02-07 22:31:49 +01:00
Florian Bruhin
01ccbc679d Fix lint 2018-02-07 22:26:32 +01:00
Florian Bruhin
aa3970c83e Merge branch 'pr/3371' 2018-02-07 18:26:19 +01:00
Florian Bruhin
1c662ae94c Revive iframe test as flaky 
See #1525
 2018-02-07 18:25:25 +01:00
Florian Bruhin
0bdee1e292 Stabilize the flaky iframe test 
The test above this one loads hello.txt, but we don't wait for the "load
finished" message, so it can arrive after the previous test already finished and
make this test not wait properly.

However, we also can't easily wait for the load finished message in the
previous test as it only appears with QtWebEngine, not QtWebKit.

As a workaround, we simply load another file in that test, to circumvent this
kind of cross-interaction.
 2018-02-07 18:16:03 +01:00