rnhmjoj/qutebrowser
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
16,433 Commits 1 Branch 0 Tags 112 MiB
36b2f5e63f
Commit Graph

135 Commits

Author SHA1 Message Date
Florian Bruhin
36b2f5e63f Remove qute:// backend= argument 2018-09-09 18:35:09 +02:00
Florian Bruhin
dc82ac3eb2 Move qute_pdfjs to qutescheme.py 2018-09-09 18:35:09 +02:00
Florian Bruhin
6293bc5178 Fix lint and test 2018-09-04 23:46:34 +02:00
Florian Bruhin
92fcc523c5 WIP: Properly signal scheme errors 2018-09-04 23:03:10 +02:00
Florian Bruhin
e4a772c61c Fix try-except-raise for pylint 2.0 
See https://github.com/PyCQA/pylint/issues/2302
 2018-07-16 14:44:07 +02:00
Florian Bruhin
43e58ac865 CVE-2018-10895: Fix CSRF issues with qute://settings/set URL 
In ffc29ee043 (part of v1.0.0), a
qute://settings/set URL was added to change settings.

Contrary to what I apparently believed at the time, it *is* possible for
websites to access `qute://*` URLs (i.e., neither QtWebKit nor QtWebEngine
prohibit such requests, other than the usual cross-origin rules).

In other words, this means a website can e.g. have an `<img>` tag which loads a
`qute://settings/set` URL, which then sets `editor.command` to a bash script.
The result of that is arbitrary code execution.

Fixes #4060
See #2332
 2018-07-11 17:05:23 +02:00
Florian Bruhin
c3455d9082 Add a wrapper around sip 
Starting with PyQt 5.11, the sip module now is bundled with PyQt as PyQt.sip.
Having a qutebrowser.qt also helps with #3625, see #995
 2018-07-02 22:32:59 +02:00
Florian Bruhin
a02c25dfb1 Don't escape URLs for qute://history 
We only use the URL to set a 'href' attribute, which does not need escaping.

See #4011
Fixes #4012
 2018-06-23 14:27:07 +02:00
Florian Bruhin
0864ad4069 Fix shadowing of 'html' name 2018-06-21 22:28:27 +02:00
Florian Bruhin
5a7869f2fe Fix XSS issue on qute://history 
Fixes #4011
 2018-06-21 21:20:19 +02:00
Florian Bruhin
89f019b710 Remove unneeded "except ... as e:" assignments 2018-05-21 20:03:18 +02:00
Florian Bruhin
a796d1f33f Always enable JavaScript for file://, chrome:// and qute:// 
See #3622
 2018-03-05 17:09:47 +01:00
Florian Bruhin
9f163d90e1 Merge remote-tracking branch 'origin/pr/3450' 2018-02-12 22:54:43 +01:00
Simon Doppler
ca199b0d3d
Use separate variable to make pylint happy 2018-02-12 22:51:36 +01:00
Simon Doppler
0b047e3e10
Handle url with trailing slash and without 2018-02-12 22:48:41 +01:00
Simon Doppler
9a0c113f8a
Fix pylint line-too-long error 2018-02-12 22:25:21 +01:00
Simon Doppler
572257921d
Use QUrl().toDisplayString() instead of url() 2018-02-12 16:12:15 +01:00
Simon Doppler
417200fa70
Use QUrl instead of str to compare 2018-02-12 16:06:17 +01:00
Simon Doppler
d6912be223
Update import order 2018-02-12 16:04:48 +01:00
Simon Doppler
0caa5d04d3
Use tabs directly 
also ignore tabs page url in list
 2018-02-12 15:50:56 +01:00
Simon Doppler
71d33a47b3
Remove useless intermediary variables 2018-02-12 15:20:41 +01:00
Simon Doppler
ad50a7bfd2
Move import to external ressources 2018-02-12 15:20:06 +01:00
George Edward Bulmer
9128afa01d Move pastebin_version() to version.py 
This also fixes the introduced cyclic dependencies
 2018-02-07 19:03:05 +00:00
George Edward Bulmer
f45d572677 Some style fixes in PR #3480's review 2018-02-07 17:28:57 +00:00
Bryan Kok
1d568a5cf4 Add feature to pastebin version string 
Added a --paste flag to the :version command and a JS button with corresponding qutescheme URL in the Version debug page to enable pastebinning version.
 2018-02-07 17:28:57 +00:00
Florian Bruhin
6f028e9ad0 Update copyright years 2018-02-05 12:19:50 +01:00
Simon Doppler
02396cb455 Remove useless function 2018-01-22 16:12:45 +01:00
Simon Doppler
f11d7ab489 Check if the window still exists 2018-01-22 16:11:59 +01:00
Simon Doppler
ab9f17b053 Use default value for dictionary item in tabs handler 2018-01-22 16:08:30 +01:00
Marc Jauvin
72c97ca846 sort modes, "normal" mode first 2018-01-17 14:25:07 -05:00
Marc Jauvin
5db4493667 @The-Compiler requested changes addressed. 2018-01-17 10:11:32 -05:00
Marc Jauvin
fb0a418d0a use url even if we do not need it 2018-01-15 16:03:22 -05:00
Marc Jauvin
9b473093b1 silence pylint warning 2018-01-15 15:45:29 -05:00
Marc Jauvin
a2cdb2e4db Merge branch 'patch-issue#24' of https://github.com/mjauvin/qutebrowser into patch-issue#24 2018-01-13 15:55:05 -05:00
Marc Jauvin
48b6c160f5 improve styling as suggested by @jgkamat 2018-01-13 15:52:49 -05:00
Marc Jauvin
4848182204
code cleanup 
- move qute_bindings block AFTER qute_settings block
- remove unnecessary variable declaration
 2018-01-13 01:39:05 -05:00
Marc Jauvin
1e8694f3cc
remove unused module 2018-01-12 17:35:04 -05:00
Marc Jauvin
4ae33deebd
add handler for qute://bindings 2018-01-12 17:24:20 -05:00
Simon Doppler
dea0aa9f7c
Add tabs page 2018-01-08 18:01:42 +01:00
Florian Bruhin
e65c0dd8a7 pylint: Re-enable bad-continuation 
And lots and lots of whitespace changes.
 2017-12-15 19:16:55 +01:00
Florian Bruhin
3f9ded3bed Add missing docstrings 2017-12-15 13:55:06 +01:00
George Edward Bulmer
9f8dbe95e4 Code review changes. 
This fixes the following problems found in a review:

1. Manual modification of the asciidoc has been undone.
2. --output-to-tab has been renamed to the less verbose --output.
3. spawn_output has been changed to spawn-output in the url.
4. Erroneous newline in imports has been removed.
5. output in guiprocess.py has been marked private.
6. If there is no output for either stderr or stdout, say so.
7. Missing space in a text line was added.
8. Redundant initialising of an empty string removed.
 2017-12-08 19:00:46 +00:00
George Edward Bulmer
9f9311840a Add --output-to-tab flag for :spawn. 
This puts the exit status, stdout, and stderr in a new tab.
 2017-12-08 18:00:07 +00:00
Florian Bruhin
dcb4448594 Merge remote-tracking branch 'origin/pr/3345' 2017-12-06 06:51:03 +01:00
mhm@mhm.com
b58cfead05 style fixed 2017-11-30 16:05:01 +01:00
Ryan Farley
5ed8019115 update flake8 and flake8-deprecated 
Updated requirements and adjusted the configuration in `.flake8`; other
files have been modified where the lack of per-file auto-ignore caused
problems, where putty's `# flake8: disable=` syntax could be replaced
with a simpler `noqa`, or where pylint directives already suppressed the
same error.
 2017-11-26 00:16:14 -06:00
mhm@mhm.com
9df149fe8f urlencode fix 2017-11-24 17:15:26 +01:00
mhm@mhm.com
e2d5a443cc lazy sessions 2017-11-21 23:57:06 +01:00
mhm@mhm.com
aa40842848 lazy sessions, docstring formatted, settings renamed, javascript notice changed, insert method changed 2017-11-21 00:38:51 +01:00
mhm@mhm.com
ade7004f8f lazy sessions 2017-11-18 00:48:31 +01:00