diff options
author | Florian Bruhin <git@the-compiler.org> | 2018-07-17 12:01:17 +0200 |
---|---|---|
committer | Florian Bruhin <git@the-compiler.org> | 2018-08-15 10:34:07 +0200 |
commit | 93f40116b2e4be2b908b7c37ac00f43a6f8aade9 (patch) | |
tree | 6671c10dcb1e1fba36be300b30ff1b092913c3b6 | |
parent | 79b39d8c7f68a998c7b1332a5a10a1a8cc281e90 (diff) | |
download | qutebrowser-93f40116b2e4be2b908b7c37ac00f43a6f8aade9.tar.gz qutebrowser-93f40116b2e4be2b908b7c37ac00f43a6f8aade9.zip |
Enable XSS auditing by default
Qt disables this by default, but Chromium does have it enabled.
I also submitted a change to Qt to hopefully enable it by default there
starting with Qt 5.12: https://codereview.qt-project.org/#/c/198354/15
This also removes the claim of having a (big) performance impact, as Chromium's
XSS design doc says the opposite:
https://www.chromium.org/developers/design-documents/xss-auditor
(cherry picked from commit a72eee8e39b6d982d936cad999d9f50cd20dc5ce)
-rw-r--r-- | doc/help/settings.asciidoc | 4 | ||||
-rw-r--r-- | qutebrowser/config/configdata.yml | 5 |
2 files changed, 4 insertions, 5 deletions
diff --git a/doc/help/settings.asciidoc b/doc/help/settings.asciidoc index 75e684ffc..dbb03ef0d 100644 --- a/doc/help/settings.asciidoc +++ b/doc/help/settings.asciidoc @@ -2061,13 +2061,13 @@ Default: +pass:[false]+ [[content.xss_auditing]] === content.xss_auditing Monitor load requests for cross-site scripting attempts. -Suspicious scripts will be blocked and reported in the inspector's JavaScript console. Enabling this feature might have an impact on performance. +Suspicious scripts will be blocked and reported in the inspector's JavaScript console. This setting supports URL patterns. Type: <<types,Bool>> -Default: +pass:[false]+ +Default: +pass:[true]+ [[downloads.location.directory]] === downloads.location.directory diff --git a/qutebrowser/config/configdata.yml b/qutebrowser/config/configdata.yml index 2698c34b1..e57459f64 100644 --- a/qutebrowser/config/configdata.yml +++ b/qutebrowser/config/configdata.yml @@ -729,14 +729,13 @@ content.webrtc_public_interfaces_only: content.xss_auditing: type: Bool - default: false + default: true supports_pattern: true desc: >- Monitor load requests for cross-site scripting attempts. Suspicious scripts will be blocked and reported in the inspector's - JavaScript console. Enabling this feature might have an impact on - performance. + JavaScript console. # emacs: ' |