From 9af07d86d66272f4726b7d3d89b55e844757df52 Mon Sep 17 00:00:00 2001 From: Florian Bruhin Date: Thu, 8 Mar 2018 18:23:36 +0100 Subject: Don't double HTML escape JavaScript messages See https://bugreports.qt.io/browse/QTBUG-66104 --- doc/changelog.asciidoc | 1 + qutebrowser/browser/shared.py | 15 +++++++++------ qutebrowser/browser/webengine/webview.py | 12 +++++++++--- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc index 26294d7ca..5bb2a3818 100644 --- a/doc/changelog.asciidoc +++ b/doc/changelog.asciidoc @@ -116,6 +116,7 @@ Fixed * Fixed hangs/segfaults on exit with Qt 5.10.1. * Fixed favicons sometimes getting cleared with Qt 5.10. * Qt download objects are now cleaned up properly when a download is removed. + * JavaScript messages are now not double-HTML escaped anymore on Qt < 5.11 - QtWebKit bugfixes: * Fixed GreaseMonkey-related crashes. * `:view-source` now displays a valid URL. diff --git a/qutebrowser/browser/shared.py b/qutebrowser/browser/shared.py index d82b741e5..238fdc1cc 100644 --- a/qutebrowser/browser/shared.py +++ b/qutebrowser/browser/shared.py @@ -74,14 +74,15 @@ def authentication_required(url, authenticator, abort_on): return answer -def javascript_confirm(url, js_msg, abort_on): +def javascript_confirm(url, js_msg, abort_on, *, escape_msg=True): """Display a javascript confirm prompt.""" log.js.debug("confirm: {}".format(js_msg)) if config.val.content.javascript.modal_dialog: raise CallSuper + js_msg = html.escape(js_msg) if escape_msg else js_msg msg = 'From {}:
{}'.format(html.escape(url.toDisplayString()), - html.escape(js_msg)) + js_msg) urlstr = url.toString(QUrl.RemovePassword | QUrl.FullyEncoded) ans = message.ask('Javascript confirm', msg, mode=usertypes.PromptMode.yesno, @@ -89,7 +90,7 @@ def javascript_confirm(url, js_msg, abort_on): return bool(ans) -def javascript_prompt(url, js_msg, default, abort_on): +def javascript_prompt(url, js_msg, default, abort_on, *, escape_msg=True): """Display a javascript prompt.""" log.js.debug("prompt: {}".format(js_msg)) if config.val.content.javascript.modal_dialog: @@ -97,8 +98,9 @@ def javascript_prompt(url, js_msg, default, abort_on): if not config.val.content.javascript.prompt: return (False, "") + js_msg = html.escape(js_msg) if escape_msg else js_msg msg = '{} asks:
{}'.format(html.escape(url.toDisplayString()), - html.escape(js_msg)) + js_msg) urlstr = url.toString(QUrl.RemovePassword | QUrl.FullyEncoded) answer = message.ask('Javascript prompt', msg, mode=usertypes.PromptMode.text, @@ -111,7 +113,7 @@ def javascript_prompt(url, js_msg, default, abort_on): return (True, answer) -def javascript_alert(url, js_msg, abort_on): +def javascript_alert(url, js_msg, abort_on, *, escape_msg=True): """Display a javascript alert.""" log.js.debug("alert: {}".format(js_msg)) if config.val.content.javascript.modal_dialog: @@ -120,8 +122,9 @@ def javascript_alert(url, js_msg, abort_on): if not config.val.content.javascript.alert: return + js_msg = html.escape(js_msg) if escape_msg else js_msg msg = 'From {}:
{}'.format(html.escape(url.toDisplayString()), - html.escape(js_msg)) + js_msg) urlstr = url.toString(QUrl.RemovePassword | QUrl.FullyEncoded) message.ask('Javascript alert', msg, mode=usertypes.PromptMode.alert, abort_on=abort_on, url=urlstr) diff --git a/qutebrowser/browser/webengine/webview.py b/qutebrowser/browser/webengine/webview.py index 91c5bfab6..1e8c442fc 100644 --- a/qutebrowser/browser/webengine/webview.py +++ b/qutebrowser/browser/webengine/webview.py @@ -243,10 +243,12 @@ class WebEnginePage(QWebEnginePage): """Override javaScriptConfirm to use qutebrowser prompts.""" if self._is_shutting_down: return False + escape_msg = qtutils.version_check('5.11') # QTBUG-66104 try: return shared.javascript_confirm(url, js_msg, abort_on=[self.loadStarted, - self.shutting_down]) + self.shutting_down], + escape_msg=escape_msg) except shared.CallSuper: return super().javaScriptConfirm(url, js_msg) @@ -256,12 +258,14 @@ class WebEnginePage(QWebEnginePage): # https://www.riverbankcomputing.com/pipermail/pyqt/2016-November/038293.html def javaScriptPrompt(self, url, js_msg, default): """Override javaScriptPrompt to use qutebrowser prompts.""" + escape_msg = qtutils.version_check('5.11') # QTBUG-66104 if self._is_shutting_down: return (False, "") try: return shared.javascript_prompt(url, js_msg, default, abort_on=[self.loadStarted, - self.shutting_down]) + self.shutting_down], + escape_msg=escape_msg) except shared.CallSuper: return super().javaScriptPrompt(url, js_msg, default) @@ -269,10 +273,12 @@ class WebEnginePage(QWebEnginePage): """Override javaScriptAlert to use qutebrowser prompts.""" if self._is_shutting_down: return + escape_msg = qtutils.version_check('5.11') # QTBUG-66104 try: shared.javascript_alert(url, js_msg, abort_on=[self.loadStarted, - self.shutting_down]) + self.shutting_down], + escape_msg=escape_msg) except shared.CallSuper: super().javaScriptAlert(url, js_msg) -- cgit v1.2.3-54-g00ecf