diff options
author | Florian Bruhin <me@the-compiler.org> | 2021-10-16 23:15:53 +0200 |
---|---|---|
committer | Florian Bruhin <me@the-compiler.org> | 2021-10-21 16:01:54 +0200 |
commit | 58e64d28c4d69f992fdaaff55df8e7001ae56ac6 (patch) | |
tree | 67f1f3f7da7fb9bf2e14a11d95478f7e6b1456cb | |
parent | 8f46ba3f6dc7b18375f7aa63c48a1fe461190430 (diff) | |
download | qutebrowser-58e64d28c4d69f992fdaaff55df8e7001ae56ac6.tar.gz qutebrowser-58e64d28c4d69f992fdaaff55df8e7001ae56ac6.zip |
Don't register qutebrowserurl: as URL protocol
This was originally intended as a fix for CVE-2021-41146, but it turned out the
same exploit works via e.g. https:// just as well. Still, it makes sense to
remove it.
-rwxr-xr-x | misc/nsis/install.nsh | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/misc/nsis/install.nsh b/misc/nsis/install.nsh index 362bf9c18..9f0cdf446 100755 --- a/misc/nsis/install.nsh +++ b/misc/nsis/install.nsh @@ -357,7 +357,6 @@ Section "Register with Windows" SectionWindowsRegister StrCpy $2 "${PRODUCT_NAME}URL" StrCpy $3 "${PRODUCT_NAME} URL" Goto WriteRegHandler - !insertmacro UpdateRegStr SHCTX "SOFTWARE\Classes\$2" "URL Protocol" "" ${endif} SectionEnd |