[evolution/webkit: 132/196] Disable JavaScript, Flash and other plugins in webviews.

[Dan VrÃtil <dvratil src gnome org>]

commit 13c9a91b1df667942fb6ef9218e87a98456a09be
Author: Dan VrÃtil <dvratil redhat com>
Date:   Wed Jan 25 14:48:21 2012 +0100

    Disable JavaScript, Flash and other plugins in webviews.
    
    JavaScript is only enabled in webviews with headers (because we have generated those).

 mail/e-mail-display.c     |   23 +++++++++++++++++++++--
 widgets/misc/e-web-view.c |   13 ++++++++++---
 2 files changed, 31 insertions(+), 5 deletions(-)
---
diff --git a/mail/e-mail-display.c b/mail/e-mail-display.c
index 5492274..98bf935 100644
--- a/mail/e-mail-display.c
+++ b/mail/e-mail-display.c
@@ -75,6 +75,7 @@ struct _EMailDisplayPrivate {
 	gfloat zoom_level;
 
 	WebKitWebSettings *settings;
+        WebKitWebSettings *headers_settings;
 };
 
 enum {
@@ -385,6 +386,11 @@ mail_display_dispose (GObject *object)
 		priv->settings = NULL;
 	}
 
+	if (priv->headers_settings) {
+                g_object_unref (priv->headers_settings);
+                priv->headers_settings = NULL;
+        }
+
 	/* Chain up to parent's dispose() method. */
 	G_OBJECT_CLASS (parent_class)->dispose (object);
 }
@@ -663,7 +669,12 @@ mail_display_setup_webview (EMailDisplay *display,
 
 	web_view = E_WEB_VIEW (e_web_view_new ());
 	webkit_web_view_set_full_content_zoom (WEBKIT_WEB_VIEW (web_view), TRUE);
-	e_web_view_set_settings (web_view, display->priv->settings);
+
+        if (is_header) {
+                e_web_view_set_settings (web_view, display->priv->headers_settings);
+        } else {
+	        e_web_view_set_settings (web_view, display->priv->settings);
+        }
 
 	g_signal_connect (web_view, "navigation-policy-decision-requested",
 		G_CALLBACK (mail_display_link_clicked), display);
@@ -1111,7 +1122,15 @@ mail_display_init (EMailDisplay *display)
 	display->priv->settings = e_web_view_get_default_settings (GTK_WIDGET (display));
 	g_object_bind_property (display, "caret-mode",
 		display->priv->settings, "enable-caret-browsing", 
-		G_BINDING_BIDIRECTIONAL | G_BINDING_SYNC_CREATE);
+		G_BINDING_SYNC_CREATE);
+        g_object_set (display->priv->settings,
+                "enable-scripts", FALSE, NULL);
+
+        display->priv->headers_settings = e_web_view_get_default_settings (GTK_WIDGET (display));
+        g_object_bind_property (display, "caret-mode",
+                display->priv->settings, "enable-caret-browsing",
+                G_BINDING_SYNC_CREATE);
+
 	
 
 	display->priv->box = gtk_box_new (GTK_ORIENTATION_VERTICAL, 10);
diff --git a/widgets/misc/e-web-view.c b/widgets/misc/e-web-view.c
index 7d37e7d..1663135 100644
--- a/widgets/misc/e-web-view.c
+++ b/widgets/misc/e-web-view.c
@@ -2779,9 +2779,16 @@ e_web_view_get_default_settings(GtkWidget *parent_widget)
 	font = gtk_style_context_get_font (context, GTK_STATE_FLAG_NORMAL);
 
 	g_object_set (G_OBJECT (settings),
-		      "default-font-size", (pango_font_description_get_size (font) / PANGO_SCALE),
-		      "default-monospace-font-size", (pango_font_description_get_size (font) / PANGO_SCALE),
-		      "enable-frame-flattening", TRUE, NULL);
+                "default-font-size", (pango_font_description_get_size (font) / PANGO_SCALE),
+                "default-monospace-font-size", (pango_font_description_get_size (font) / PANGO_SCALE),
+                "enable-frame-flattening", TRUE, 
+                "enable-plugins", FALSE,
+                "enable-java-applet", FALSE,
+                "enable-html5-database", FALSE,
+                "enable-html5-local-storage", FALSE,
+                "enable-offline-web-application-cache", FALSE,
+                "enable-site-specific-quirks", TRUE,
+                NULL);
 
 	return settings;	
 }