From 58e64d28c4d69f992fdaaff55df8e7001ae56ac6 Mon Sep 17 00:00:00 2001
From: Florian Bruhin <me@the-compiler.org>
Date: Sat, 16 Oct 2021 23:15:53 +0200
Subject: Don't register qutebrowserurl: as URL protocol

This was originally intended as a fix for CVE-2021-41146, but it turned out the
same exploit works via e.g. https:// just as well. Still, it makes sense to
remove it.
---
 misc/nsis/install.nsh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/misc/nsis/install.nsh b/misc/nsis/install.nsh
index 362bf9c18..9f0cdf446 100755
--- a/misc/nsis/install.nsh
+++ b/misc/nsis/install.nsh
@@ -357,7 +357,6 @@ Section "Register with Windows" SectionWindowsRegister
     StrCpy $2 "${PRODUCT_NAME}URL"
     StrCpy $3 "${PRODUCT_NAME} URL"
     Goto WriteRegHandler
-    !insertmacro UpdateRegStr SHCTX "SOFTWARE\Classes\$2" "URL Protocol" ""
   ${endif}
 SectionEnd
 
-- 
cgit v1.2.3-54-g00ecf