diff options
author | Florian Bruhin <git@the-compiler.org> | 2018-03-08 18:23:36 +0100 |
---|---|---|
committer | Florian Bruhin <git@the-compiler.org> | 2018-03-08 18:23:36 +0100 |
commit | 9af07d86d66272f4726b7d3d89b55e844757df52 (patch) | |
tree | 8da99195efb9cc7d48b98fb6be60b250062e3516 | |
parent | f561272f9aa71dd1f171eaecb2d64e44688069a4 (diff) | |
download | qutebrowser-9af07d86d66272f4726b7d3d89b55e844757df52.tar.gz qutebrowser-9af07d86d66272f4726b7d3d89b55e844757df52.zip |
Don't double HTML escape JavaScript messages
See https://bugreports.qt.io/browse/QTBUG-66104
-rw-r--r-- | doc/changelog.asciidoc | 1 | ||||
-rw-r--r-- | qutebrowser/browser/shared.py | 15 | ||||
-rw-r--r-- | qutebrowser/browser/webengine/webview.py | 12 |
3 files changed, 19 insertions, 9 deletions
diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc index 26294d7ca..5bb2a3818 100644 --- a/doc/changelog.asciidoc +++ b/doc/changelog.asciidoc @@ -116,6 +116,7 @@ Fixed * Fixed hangs/segfaults on exit with Qt 5.10.1. * Fixed favicons sometimes getting cleared with Qt 5.10. * Qt download objects are now cleaned up properly when a download is removed. + * JavaScript messages are now not double-HTML escaped anymore on Qt < 5.11 - QtWebKit bugfixes: * Fixed GreaseMonkey-related crashes. * `:view-source` now displays a valid URL. diff --git a/qutebrowser/browser/shared.py b/qutebrowser/browser/shared.py index d82b741e5..238fdc1cc 100644 --- a/qutebrowser/browser/shared.py +++ b/qutebrowser/browser/shared.py @@ -74,14 +74,15 @@ def authentication_required(url, authenticator, abort_on): return answer -def javascript_confirm(url, js_msg, abort_on): +def javascript_confirm(url, js_msg, abort_on, *, escape_msg=True): """Display a javascript confirm prompt.""" log.js.debug("confirm: {}".format(js_msg)) if config.val.content.javascript.modal_dialog: raise CallSuper + js_msg = html.escape(js_msg) if escape_msg else js_msg msg = 'From <b>{}</b>:<br/>{}'.format(html.escape(url.toDisplayString()), - html.escape(js_msg)) + js_msg) urlstr = url.toString(QUrl.RemovePassword | QUrl.FullyEncoded) ans = message.ask('Javascript confirm', msg, mode=usertypes.PromptMode.yesno, @@ -89,7 +90,7 @@ def javascript_confirm(url, js_msg, abort_on): return bool(ans) -def javascript_prompt(url, js_msg, default, abort_on): +def javascript_prompt(url, js_msg, default, abort_on, *, escape_msg=True): """Display a javascript prompt.""" log.js.debug("prompt: {}".format(js_msg)) if config.val.content.javascript.modal_dialog: @@ -97,8 +98,9 @@ def javascript_prompt(url, js_msg, default, abort_on): if not config.val.content.javascript.prompt: return (False, "") + js_msg = html.escape(js_msg) if escape_msg else js_msg msg = '<b>{}</b> asks:<br/>{}'.format(html.escape(url.toDisplayString()), - html.escape(js_msg)) + js_msg) urlstr = url.toString(QUrl.RemovePassword | QUrl.FullyEncoded) answer = message.ask('Javascript prompt', msg, mode=usertypes.PromptMode.text, @@ -111,7 +113,7 @@ def javascript_prompt(url, js_msg, default, abort_on): return (True, answer) -def javascript_alert(url, js_msg, abort_on): +def javascript_alert(url, js_msg, abort_on, *, escape_msg=True): """Display a javascript alert.""" log.js.debug("alert: {}".format(js_msg)) if config.val.content.javascript.modal_dialog: @@ -120,8 +122,9 @@ def javascript_alert(url, js_msg, abort_on): if not config.val.content.javascript.alert: return + js_msg = html.escape(js_msg) if escape_msg else js_msg msg = 'From <b>{}</b>:<br/>{}'.format(html.escape(url.toDisplayString()), - html.escape(js_msg)) + js_msg) urlstr = url.toString(QUrl.RemovePassword | QUrl.FullyEncoded) message.ask('Javascript alert', msg, mode=usertypes.PromptMode.alert, abort_on=abort_on, url=urlstr) diff --git a/qutebrowser/browser/webengine/webview.py b/qutebrowser/browser/webengine/webview.py index 91c5bfab6..1e8c442fc 100644 --- a/qutebrowser/browser/webengine/webview.py +++ b/qutebrowser/browser/webengine/webview.py @@ -243,10 +243,12 @@ class WebEnginePage(QWebEnginePage): """Override javaScriptConfirm to use qutebrowser prompts.""" if self._is_shutting_down: return False + escape_msg = qtutils.version_check('5.11') # QTBUG-66104 try: return shared.javascript_confirm(url, js_msg, abort_on=[self.loadStarted, - self.shutting_down]) + self.shutting_down], + escape_msg=escape_msg) except shared.CallSuper: return super().javaScriptConfirm(url, js_msg) @@ -256,12 +258,14 @@ class WebEnginePage(QWebEnginePage): # https://www.riverbankcomputing.com/pipermail/pyqt/2016-November/038293.html def javaScriptPrompt(self, url, js_msg, default): """Override javaScriptPrompt to use qutebrowser prompts.""" + escape_msg = qtutils.version_check('5.11') # QTBUG-66104 if self._is_shutting_down: return (False, "") try: return shared.javascript_prompt(url, js_msg, default, abort_on=[self.loadStarted, - self.shutting_down]) + self.shutting_down], + escape_msg=escape_msg) except shared.CallSuper: return super().javaScriptPrompt(url, js_msg, default) @@ -269,10 +273,12 @@ class WebEnginePage(QWebEnginePage): """Override javaScriptAlert to use qutebrowser prompts.""" if self._is_shutting_down: return + escape_msg = qtutils.version_check('5.11') # QTBUG-66104 try: shared.javascript_alert(url, js_msg, abort_on=[self.loadStarted, - self.shutting_down]) + self.shutting_down], + escape_msg=escape_msg) except shared.CallSuper: super().javaScriptAlert(url, js_msg) |