Commit Graph

168 Commits

Author SHA1 Message Date
Florian Bruhin
dc82ac3eb2 Move qute_pdfjs to qutescheme.py 2018-09-09 18:35:09 +02:00
Florian Bruhin
92fcc523c5 WIP: Properly signal scheme errors 2018-09-04 23:03:10 +02:00
Florian Bruhin
43e58ac865 CVE-2018-10895: Fix CSRF issues with qute://settings/set URL
In ffc29ee043 (part of v1.0.0), a
qute://settings/set URL was added to change settings.

Contrary to what I apparently believed at the time, it *is* possible for
websites to access `qute://*` URLs (i.e., neither QtWebKit nor QtWebEngine
prohibit such requests, other than the usual cross-origin rules).

In other words, this means a website can e.g. have an `<img>` tag which loads a
`qute://settings/set` URL, which then sets `editor.command` to a bash script.
The result of that is arbitrary code execution.

Fixes #4060
See #2332
2018-07-11 17:05:23 +02:00
Florian Bruhin
0e9159e8e8 Revert "Fix Qt 5.11 issues with clicking invalid links"
This reverts commit 1956590df84a72c7f9a516e805d01529291fccf8.

Turns out the actual issue wasn't due to *invalid* links - it's with links
which have an unknown scheme.

There's still a change in behavior between Qt 5.10 and 5.11 though: Invalid
links are apparently not passed to acceptNavigationRequest (sometimes?) so we
don't show an error message. Instead, we just load about:blank. However,
Chromium does that too and we can't handle a real click easily, so let's just
ignore that one.

See #3661
2018-06-07 13:49:13 +02:00
Florian Bruhin
3d53d0d2c5 Fix Qt 5.11 issues with clicking invalid links
See #3661
2018-06-07 13:48:04 +02:00
Florian Bruhin
b9fc068af5 Add a log-requests debug-flag 2018-05-07 10:23:56 +02:00
Florian Bruhin
6dbd6d1ddf Move test_qt_javascript.py 2018-03-27 07:14:05 +02:00
Florian Bruhin
6ecea8ef17 Revert accidental changes to test_qt_javascript.py 2018-03-27 07:13:17 +02:00
Florian Bruhin
021bb25622 Add regenerating website to contributing.asciidoc
[ci skip]

(cherry picked from commit 9f95736bbe4a00c9cc4a8b222ab3dc55d6bdf96c)
2018-03-26 22:53:46 +02:00
Florian Bruhin
3170e35b31 Simplify QtWebKit scheme handlers 2018-02-11 17:14:41 +01:00
Florian Bruhin
c112290664 Make QtNetwork download manager great^H^H^H^Hlobal again
We originally made it per-window in b502280c06 for
issue #228, but that was back when we still needed window IDs for stuff like
message.info.

Nowadays, there's no reason for it to be per-window anymore. The rest of the
download code can deal with one global download manager (because QtWebEngine has
one), and apart from QNAM code which wasn't used here anyways (as tab_id=None)
there was nothing using the window ID anymore.

Also see #3456 which was the original motivation for this change.
2018-02-11 16:15:29 +01:00
Florian Bruhin
6f028e9ad0 Update copyright years 2018-02-05 12:19:50 +01:00
Florian Bruhin
003ec31848 Merge remote-tracking branch 'origin/pr/3333' 2017-12-02 14:47:24 +01:00
Ryan Roden-Corrent
822f6bae2c Fix webkitelem test.
Now that it checks tab.is_deleted we need to mock that.
2017-12-01 07:28:02 -05:00
Florian Bruhin
b5dd647678 Upgrade pydocstyle/flake8-docstrings
See #3320
2017-11-26 20:30:32 +01:00
Florian Bruhin
b9aa5df5ed Add unit tests for UnicodeEncodeError handling 2017-11-08 07:47:11 +01:00
Florian Bruhin
0b86b302a2 pylint: Turn off some more too-many-* stuff globally
Humans are just better at judging what's okay here than a machine.
2017-10-31 07:35:00 +01:00
Florian Bruhin
280dddda6b Set backend in TestRectOnView.test_zoomed 2017-10-20 08:07:10 +02:00
Florian Bruhin
6c3f90146f Make qtutils.version_check strict by default
This also renames 'strict' to 'compiled' to be more descriptive.
It also fixes a crash when starting qutebrowser with an older compiled Qt
version which was introduced recently (calling setSpellCheckEnabled).
2017-10-08 19:08:37 +02:00
Florian Bruhin
ef1c83862b Use utils.is_* for platform checks everywhere 2017-09-20 11:10:24 +02:00
Florian Bruhin
3a5241b642 Start using attrs
Closes #1073
2017-09-19 22:21:45 +02:00
Florian Bruhin
7226750363 Bump up Hypothesis deadline globally 2017-09-19 15:08:56 +02:00
Florian Bruhin
bb073e1709 Bump up another hypothesis deadline 2017-09-19 13:38:44 +02:00
Florian Bruhin
a23492fe27 Bump up hypothesis deadline for Content-Disposition test 2017-09-19 11:16:03 +02:00
Florian Bruhin
51afe14965 Set backend to QtWebKit in cookie tests 2017-09-19 11:07:11 +02:00
Florian Bruhin
852baaa8c3 Drop support for Qt < 5.7.1
See #2742
2017-09-18 23:01:17 +02:00
Ryan Roden-Corrent
71b71dbc58 Merge remote-tracking branch 'upstream/master' into HEAD 2017-08-06 18:13:49 -04:00
Florian Bruhin
fba25338be Merge pull request #2295 from rcorre/really_complete
Completion refactor V3
2017-07-21 15:05:43 +02:00
Iordanis Grigoriou
c9fd182dba Adjust suggested_fn_from_title, add tests 2017-07-08 16:28:58 +02:00
Iordanis Grigoriou
82d194cf2e Improve function docstring, add more tests 2017-07-06 21:37:11 +02:00
Iordanis Grigoriou
3bfafb5e50 Refactor suggested_fn_from_title, add unit tests 2017-07-06 17:41:54 +02:00
Florian Bruhin
0cdd3ff82f Update some more references to old config options 2017-07-04 16:46:02 +02:00
Florian Bruhin
9db4a8cb43 Clean up test_cache 2017-07-04 15:08:04 +02:00
Florian Bruhin
22b0f2fd24 Various simple test updates for new config
test_cache
test_cookies
test_webkitelem
test_cmdutils
test_runners
test_completionwidget
test_messageview
test_editor
test_miscwidgets
test_sessions
test_urlutils
test_utils
test_prompt
statusbar/test_*
test_cmdhistory
test_tabwidget
test_tab
test_downloads
test_networkmanager
2017-07-04 15:08:04 +02:00
Florian Bruhin
556f49d367 Add PACFetcher.fetch
Let's not try to download proxies during tests...
2017-07-04 15:08:04 +02:00
Ryan Roden-Corrent
1e1335aa5e Make various SQL code review changes.
- Fix outdated comments
- Use mock specs when possible
- More precise error message check in test_import_txt_invalid.
- Fix copyright message
- Tweak missing pyqt error message
- Dead code: remove group_by and where from sqlcategory.
  With the new separate completion table, these are no longer used.
- Move test_history out of webkit/. History is no longer purely webkit
  related, it could be webengine.
2017-07-03 09:45:08 -04:00
Ryan Roden-Corrent
6ac940fa32 Fix pylint/coverage errors.
Ensure 100% coverage for sqlcategory and history, and fix some linter
errors
2017-06-27 12:33:51 -04:00
Ryan Roden-Corrent
866f4653c7 Fix spelling existant -> existent. 2017-06-25 22:14:38 -04:00
Ryan Roden-Corrent
0f585eda4f Bring history.py back to 100% coverage.
The code of debug_dump_history was tweaked to handle a possible
OSException that can be thrown by open, which I noticed while trying to
test it.
2017-06-20 21:41:43 -04:00
Ryan Roden-Corrent
1fe1813431 Fix pylint errors. 2017-06-19 07:44:11 -04:00
Ryan Roden-Corrent
fa39b82b3c Backup old history file after import.
Instead of removing it, move it to history.bak.
2017-06-19 07:44:11 -04:00
Ryan Roden-Corrent
a6a9ad72f9 Fix test_history_interface.
This was still using a history dict instead of SQL history.
2017-06-19 07:44:11 -04:00
Ryan Roden-Corrent
3a4ef09f58 More sql code review fixes 2017-06-19 07:44:11 -04:00
Ryan Roden-Corrent
6fc61d12fc Assorted small fixes for sql code review. 2017-06-19 07:44:11 -04:00
Ryan Roden-Corrent
309b6ba32c Move _import_history to history.py.
Also adjusts the history import test to operate at a higher level and
ensure the old text file is removed (or isn't, in the case of an error).
2017-06-19 07:44:11 -04:00
Ryan Roden-Corrent
20000088de Add debug-dump-history and fix sql history tests.
Trying to read from the sql database from another process was flaky.
This adds a debug-dump-history command which is used by the history BDD
tests to validate the history contents.

It outputs history in the old pre-SQL text format, so it might be
useful for those who want to manipulate their history as text.
2017-06-19 07:44:11 -04:00
Ryan Roden-Corrent
87643040a4 Fix test_history for python < 3.6.
Mock.assert_called is only in python 3.6. For earlier versions we must
use `assert m.called`.

Weird errors only appearing in CI, trying to debug...
2017-06-19 07:44:11 -04:00
Ryan Roden-Corrent
eb61269068 Fix qute://history javascript for SQL.
Returning "next" was no longer possible as the SQL query does not fetch
more items than necessary. This is solved by using a start time, a
limit, and an offset. The offset is needed to prevent fetching duplicate
items if multiple entries have the same timestamp.

Two of the history tests that relied on qute://history were changed to
rely on qute://history/data instead to make them less failure-prone.
2017-06-19 07:44:11 -04:00
Ryan Roden-Corrent
44080b8ad4 Fix flake8 errors in test_history 2017-06-19 07:44:11 -04:00
Ryan Roden-Corrent
e661fb7446 Fix test_history.
History doesn't depend on standarddir anymore, the history file path get passed
by app.py.
2017-06-19 07:44:11 -04:00