From 27091109a8741436f5bdf2e352d3afb32813eec7 Mon Sep 17 00:00:00 2001 From: Florian Bruhin Date: Tue, 16 Jul 2019 15:15:29 +0200 Subject: Update QtWebKit warning --- qutebrowser/html/warning-webkit.html | 37 ++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/qutebrowser/html/warning-webkit.html b/qutebrowser/html/warning-webkit.html index e175a12ae..e87597bd0 100644 --- a/qutebrowser/html/warning-webkit.html +++ b/qutebrowser/html/warning-webkit.html @@ -7,22 +7,26 @@ qute://warning/webkit to show it again at a later time.

You're using qutebrowser with the QtWebKit backend.

-

Unfortunately, QtWebKit hasn't seen a release (including security updates) -since June 2017, and it also lacks various security features (process -isolation/sandboxing) present in QtWebEngine.

+

While QtWebKit has gained some traction again recently, its latest release +(5.212.0 Alpha 3) is still based on an old upstream WebKit. It also lacks +various security features (process isolation/sandboxing) present in +QtWebEngine. From the upstream release notes:

-

Because of those security issues and the maintaince burden coming with -supporting QtWebKit, support for it will be dropped in a future qutebrowser -release. It's recommended that you use QtWebEngine instead.

+
WARNING: This release is based on old WebKit revision with known +unpatched vulnerabilities. Please use it carefully and avoid visiting untrusted +websites and using it for transmission of sensitive data. Wait for new release +from qtwebkit-dev branch to use it with untrusted content.
+ +

It's recommended that you use QtWebEngine instead.

(Outdated) reasons to use QtWebKit

Most reasons why people preferred the QtWebKit backend aren't relevant anymore:

-

PDF.js support: This qutebrowser release comes with PDF.js support -for QtWebEngine.

+

PDF.js support: Supported with QtWebEngine since qutebrowser v1.5.0.

-

Missing control over Referer header: This qutebrowser release -supports content.headers.referer for QtWebEngine.

+

Missing control over Referer header: content.headers.referer is supported with QtWebEngine since +qutebrowser v1.5.0.

Missing control over cookies: With Qt 5.11 or newer, the content.cookies.accept setting works on QtWebEngine.

@@ -31,11 +35,10 @@ class="mono">content.cookies.accept setting works on QtWebEngine.

class="mono">qt.force_software_rendering setting added in v1.4.0 should hopefully help.

-

Missing support for notifications: Those aren't supported yet in -Qt, but support is planned to be added in Qt 5.13, released around May 2019.

+

Missing support for notifications: With qutebrowser v1.7.0, initial +notification support was added for Qt 5.13.0.

-

Resource usage: This release adds the Resource usage: qutebrowser v1.5.0 added the qt.process_model and qt.low_end_device_mode settings which can be used to decrease the resource usage of QtWebEngine (but come with other drawbacks).

@@ -50,10 +53,8 @@ heaps of security issues...

rendering. With Qt 5.13 (~May 2019) it might be possible to run with Nouveau without software rendering.

-

Wayland: It's possible to use QtWebEngine with XWayland. Some users -also seem to be able to run it natively with Qt 5.11, but currently, QUTE_SKIP_WAYLAND_CHECK=1 needs to be set in the -environment to do so.

+

Wayland: It's possible to use QtWebEngine with XWayland. With Qt +5.11.2 or newer, qutebrowser also runs natively with Wayland.

Instability on FreeBSD: Those seem to be FreeBSD-specific crashes, and unfortunately nobody has looked into them yet so far...

-- cgit v1.2.3-54-g00ecf