Merge remote-tracking branch 'origin/pr/5299'

3 files changed, 87 insertions, 1 deletions

diff --git a/doc/help/settings.asciidoc b/doc/help/settings.asciidoc
index 22859f9d7..9c576a283 100644
--- a/doc/help/settings.asciidoc
+++ b/doc/help/settings.asciidoc
@@ -173,6 +173,7 @@
 |<<content.register_protocol_handler,content.register_protocol_handler>>|Allow websites to register protocol handlers via `navigator.registerProtocolHandler`.
 |<<content.site_specific_quirks,content.site_specific_quirks>>|Enable quirks (such as faked user agent headers) needed to get specific sites to work properly.
 |<<content.ssl_strict,content.ssl_strict>>|Validate SSL handshakes.
+|<<content.unknown_url_scheme_policy,content.unknown_url_scheme_policy>>|How navigation requests to URLs with unknown schemes are handled.
 |<<content.user_stylesheets,content.user_stylesheets>>|List of user stylesheet filenames to use.
 |<<content.webgl,content.webgl>>|Enable WebGL.
 |<<content.webrtc_ip_handling_policy,content.webrtc_ip_handling_policy>>|Which interfaces to expose via WebRTC.
@@ -2283,6 +2284,24 @@ Valid values:
 
 Default: +pass:[ask]+
 
+[[content.unknown_url_scheme_policy]]
+=== content.unknown_url_scheme_policy
+How navigation requests to URLs with unknown schemes are handled.
+
+Type: <<types,String>>
+
+Valid values:
+
+ * +disallow-unknown-url-schemes+: Disallows all navigation requests to URLs with unknown schemes.
+ * +allow-unknown-url-schemes-from-user-interaction+: Allows navigation requests to URLs with unknown schemes that are issued from user-interaction (like a mouse-click), whereas other navigation requests (for example from JavaScript) are suppressed.
+ * +allow-all-unknown-url-schemes+: Allows all navigation requests to URLs with unknown schemes.
+
+Default: +pass:[allow-unknown-url-schemes-from-user-interaction]+
+
+On QtWebEngine, this setting requires Qt 5.11 or newer.
+
+On QtWebKit, this setting is unavailable.
+
 [[content.user_stylesheets]]
 === content.user_stylesheets
 List of user stylesheet filenames to use.
diff --git a/qutebrowser/browser/webengine/webenginesettings.py b/qutebrowser/browser/webengine/webenginesettings.py
index a1c1a40f9..4e295ce81 100644
--- a/qutebrowser/browser/webengine/webenginesettings.py
+++ b/qutebrowser/browser/webengine/webenginesettings.py
@@ -36,7 +36,7 @@ from qutebrowser.browser.webengine import spell, webenginequtescheme
 from qutebrowser.config import config, websettings
 from qutebrowser.config.websettings import AttributeInfo as Attr
 from qutebrowser.utils import (utils, standarddir, qtutils, message, log,
-                               urlmatch)
+                               urlmatch, usertypes)
 
 # The default QWebEngineProfile
 default_profile = typing.cast(QWebEngineProfile, None)
@@ -76,6 +76,10 @@ class _SettingsWrapper:
         for settings in self._settings:
             settings.setDefaultTextEncoding(encoding)
 
+    def setUnknownUrlSchemePolicy(self, policy):
+        for settings in self._settings:
+            settings.setUnknownUrlSchemePolicy(policy)
+
     def testAttribute(self, attribute):
         return self._settings[0].testAttribute(attribute)
 
@@ -88,6 +92,9 @@ class _SettingsWrapper:
     def defaultTextEncoding(self):
         return self._settings[0].defaultTextEncoding()
 
+    def unknownUrlSchemePolicy(self):
+        return self._settings[0].unknownUrlSchemePolicy()
+
 
 class WebEngineSettings(websettings.AbstractSettings):
 
@@ -151,6 +158,19 @@ class WebEngineSettings(websettings.AbstractSettings):
         'fonts.web.family.fantasy': QWebEngineSettings.FantasyFont,
     }
 
+    # Only Qt >= 5.11 support UnknownUrlSchemePolicy
+    try:
+        _UNKNOWN_URL_SCHEME_POLICY = {
+            'disallow-unknown-url-schemes':
+                QWebEngineSettings.DisallowUnknownUrlSchemes,
+            'allow-unknown-url-schemes-from-user-interaction':
+                QWebEngineSettings.AllowUnknownUrlSchemesFromUserInteraction,
+            'allow-all-unknown-url-schemes':
+                QWebEngineSettings.AllowAllUnknownUrlSchemes,
+        }
+    except AttributeError:
+        _UNKNOWN_URL_SCHEME_POLICY = None
+
     # Mapping from WebEngineSettings::initDefaults in
     # qtwebengine/src/core/web_engine_settings.cpp
     _FONT_TO_QFONT = {
@@ -162,6 +182,33 @@ class WebEngineSettings(websettings.AbstractSettings):
         QWebEngineSettings.FantasyFont: QFont.Fantasy,
     }
 
+    def set_unknown_url_scheme_policy(
+            self, policy: typing.Union[str, usertypes.Unset]) -> bool:
+        """Set the UnknownUrlSchemePolicy to use.
+
+        Return:
+            True if there was a change, False otherwise.
+        """
+        old_value = self._settings.unknownUrlSchemePolicy()
+        if isinstance(policy, usertypes.Unset):
+            self._settings.resetUnknownUrlSchemePolicy()
+            new_value = self._settings.unknownUrlSchemePolicy()
+        else:
+            new_value = self._UNKNOWN_URL_SCHEME_POLICY[policy]
+            self._settings.setUnknownUrlSchemePolicy(new_value)
+        return old_value != new_value
+
+    def _update_setting(self, setting, value):
+        if setting == 'content.unknown_url_scheme_policy':
+            if self._UNKNOWN_URL_SCHEME_POLICY:
+                return self.set_unknown_url_scheme_policy(value)
+            return False
+        return super()._update_setting(setting, value)
+
+    def init_settings(self):
+        super().init_settings()
+        self.update_setting('content.unknown_url_scheme_policy')
+
     def __init__(self, settings):
         super().__init__(settings)
         # Attributes which don't exist in all Qt versions.
diff --git a/qutebrowser/config/configdata.yml b/qutebrowser/config/configdata.yml
index 6a8c3d840..e7fe20c21 100644
--- a/qutebrowser/config/configdata.yml
+++ b/qutebrowser/config/configdata.yml
@@ -380,6 +380,26 @@ content.default_encoding:
     The encoding must be a string describing an encoding such as _utf-8_,
     _iso-8859-1_, etc.
 
+content.unknown_url_scheme_policy:
+  type:
+    name: String
+    valid_values:
+      - disallow-unknown-url-schemes: "Disallows all navigation requests to
+          URLs with unknown schemes."
+      - allow-unknown-url-schemes-from-user-interaction: "Allows navigation
+          requests to URLs with unknown schemes that are issued from
+          user-interaction (like a mouse-click), whereas other navigation
+          requests (for example from JavaScript) are suppressed."
+      - allow-all-unknown-url-schemes: "Allows all navigation requests to
+          URLs with unknown schemes."
+  default: allow-unknown-url-schemes-from-user-interaction
+  backend:
+    QtWebEngine: Qt 5.11
+    QtWebKit: false
+  supports_pattern: true
+  desc: >-
+    How navigation requests to URLs with unknown schemes are handled.
+
 content.windowed_fullscreen:
   type: Bool
   default: false