Commit Graph

1264 Commits

Author SHA1 Message Date
Florian Bruhin
e50b6912a7 Fix pylint 2.0 useless-return cases
See https://github.com/PyCQA/pylint/issues/2300
2018-07-16 14:33:11 +02:00
Florian Bruhin
43e58ac865 CVE-2018-10895: Fix CSRF issues with qute://settings/set URL
In ffc29ee043 (part of v1.0.0), a
qute://settings/set URL was added to change settings.

Contrary to what I apparently believed at the time, it *is* possible for
websites to access `qute://*` URLs (i.e., neither QtWebKit nor QtWebEngine
prohibit such requests, other than the usual cross-origin rules).

In other words, this means a website can e.g. have an `<img>` tag which loads a
`qute://settings/set` URL, which then sets `editor.command` to a bash script.
The result of that is arbitrary code execution.

Fixes #4060
See #2332
2018-07-11 17:05:23 +02:00
Florian Bruhin
42a3622906 Ignore a new Qt 5.11 lowlevel message 2018-07-03 15:38:29 +02:00
Florian Bruhin
a0f36c5cbf Skip JS test which is too flaky 2018-07-03 14:15:08 +02:00
Florian Bruhin
4d1e56a8c6 Ignore "Lost UI shared context" error happening on AppVeyor 2018-07-03 13:39:34 +02:00
Florian Bruhin
7e8c741937 Set compiled=False for BDD Qt comparisons
We often check for bugs and not APIs there.
2018-07-03 13:10:15 +02:00
Florian Bruhin
26d6cf8ef6 Stabilize URL escaping test 2018-07-03 10:29:28 +02:00
Florian Bruhin
f6f713bbfe Skip key forwarding tests on Qt 5.11.1
See #4036
2018-07-02 23:19:57 +02:00
Florian Bruhin
6ca11ed95b Adjust SSL test for Qt 5.11 2018-07-02 23:15:04 +02:00
Florian Bruhin
9a14574c9f Skip invalid links on any Qt 5.11 version
See #3661
2018-07-02 22:32:59 +02:00
Florian Bruhin
3312c221c4 Stabilize ssl_strict test 2018-06-26 10:26:17 +02:00
Florian Bruhin
85a9f6a08a Fix lint 2018-06-26 10:23:48 +02:00
Florian Bruhin
1bc3d444b6 Stabilize escaping URLs test 2018-06-25 23:02:50 +02:00
Florian Bruhin
87778277e0 Fix SSL error page tests 2018-06-25 22:51:48 +02:00
Florian Bruhin
a02c25dfb1 Don't escape URLs for qute://history
We only use the URL to set a 'href' attribute, which does not need escaping.

See #4011
Fixes #4012
2018-06-23 14:27:07 +02:00
Florian Bruhin
9a5439e5d0 Re-add waiting for QQuickWidget
Apparently this is still needed on some PyQt versions.
2018-06-21 22:22:04 +02:00
Florian Bruhin
5a7869f2fe Fix XSS issue on qute://history
Fixes #4011
2018-06-21 21:20:19 +02:00
Florian Bruhin
62d8b5b574 Don't depend on PyQt5.QtQuickWidgets to get RWHV
Some distributions (at least FreeBSD) don't package that module, so let's not
rely on it.
2018-06-21 17:14:29 +02:00
Florian Bruhin
b1b06fcb43 Fix restore test 2018-06-14 17:42:33 +02:00
Florian Bruhin
11fce30ed0 Stabilize mode_on_change tests 2018-06-14 15:56:48 +02:00
Florian Bruhin
1335fccba1 Merge remote-tracking branch 'origin/pr/3590' into tab-mode 2018-06-14 15:40:58 +02:00
Florian Bruhin
cec63ea449 Merge remote-tracking branch 'origin/pr/3906' 2018-06-14 14:49:30 +02:00
Florian Bruhin
b7c1d7fe37 Fix broken tests 2018-06-11 18:38:22 +02:00
Florian Bruhin
263d298449 Remove the content.developer_extras setting 2018-06-11 18:09:24 +02:00
Florian Bruhin
98c82859b5 Skip "History with view-source URL" on QtWebKit 2018-06-11 15:36:48 +02:00
Florian Bruhin
649c9f37cd Fix import 2018-06-11 11:35:37 +02:00
Florian Bruhin
7f69920158 Merge remote-tracking branch 'origin/pr/3947' 2018-06-11 11:29:14 +02:00
Florian Bruhin
1ba2e3e24b Implement Qt 5.11 devtools support
See #3010
2018-06-11 11:07:14 +02:00
Florian Bruhin
c4add62301 Merge remote-tracking branch 'origin/pr/3825' 2018-06-10 17:30:44 +02:00
Florian Bruhin
50fa7743ba Only use OS-specific line separator for hints 2018-06-10 17:21:31 +02:00
Jay Kamat
de127497a2
Press enter to follow links instead of using js
This codepath may trigger a crash which was fixed by
0e75f3272d.
However, this commit does not make it more likely to happen, and this
patch was backported into arch (at least).

In the future, we may be able to use <enter> on qtwebkit with js,
without triggering this crash
2018-06-09 15:42:44 -07:00
Florian Bruhin
ec88c15390 Fix waiting for initial focus object with Qt 5.11 workarounds
This was broken in d32d541ac0 because now
apparently PyQt knows it's a QQuickWidget.
2018-06-09 20:05:26 +02:00
Florian Bruhin
88f2873a79 Allow more values for the qt.force_software_rendering setting 2018-06-09 16:21:10 +02:00
Florian Bruhin
a13618fe2a Merge branch 'pyup-scheduled-update-2018-06-04' 2018-06-07 22:57:48 +02:00
Florian Bruhin
8bf7cb539a Mark modal window test as flaky 2018-06-07 22:57:16 +02:00
Florian Bruhin
11b957f24b tests: Adjust getting markers for pytest 3.6 2018-06-07 19:29:01 +02:00
Florian Bruhin
596041c40e Go back to using an invalid scheme for invalid_link.html
Otherwise, this breaks the tests on Qt 5.10
2018-06-07 15:30:28 +02:00
Florian Bruhin
999513d5d8 Skip invalid link tests on Qt 5.11
Qt 5.11 just loads about:blank and doesn't let us catch this in
acceptNavigationRequest, but the same happens in Chromium as well.

See #3661
2018-06-07 13:49:28 +02:00
Florian Bruhin
d059197bc9 Use a valid scheme in invalid_link.html
This is to avoid triggering QTBUG-63378 which fails differently with a custom
scheme.

See #3661
2018-06-07 13:49:22 +02:00
Florian Bruhin
8cc3804119 Don't run test with failed download on Qt 5.11
Looks like we can't use an <a> tag with download-attribute to trigger a failed
download in the test on Qt 5.11...

See #2298, #3661
2018-06-06 21:12:23 +02:00
Jay Kamat
c33a887b2d
Add support for following tab selected elements to :follow-selected 2018-05-25 12:39:36 -07:00
Jay Kamat
71d55e9213
Refocus command prompt after a new tab is opened when in command mode 2018-05-11 08:49:13 -07:00
Jay Kamat
95093b82c9
Refocus webview after spawning a background tab 2018-05-10 10:15:01 -07:00
Jay Kamat
bc9f178a08
Add test for tab-bg focus 2018-05-09 15:34:01 -07:00
Florian Bruhin
8531f89ca3 Merge remote-tracking branch 'origin/pr/3789' 2018-05-08 11:45:20 +02:00
Florian Bruhin
49bdcd5a97 Merge remote-tracking branch 'origin/pr/3796' 2018-05-03 13:58:26 +02:00
Florian Bruhin
e789296b7f Handle new focus object for Qt 5.11
See https://codereview.qt-project.org/#/c/221408/10 and #3661:
https://github.com/qutebrowser/qutebrowser/issues/3661#issuecomment-375969315
2018-04-23 16:54:47 +02:00
rr-
537aa22d64 Change clipboard mocking 2018-04-18 11:00:05 +02:00
rr-
30d3612a17 Add test for rapid yanking 2018-04-18 10:59:54 +02:00
Jay Kamat
cbb246fd0b
Update tests for new implementation 2018-04-16 23:28:32 -04:00