[epiphany] Disallow top-level navigation to data:// URLs
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany] Disallow top-level navigation to data:// URLs
- Date: Mon, 10 Feb 2020 15:49:49 +0000 (UTC)
commit cba76bc107e26de853571fde16b240f88dd3d8b6
Author: Adrian Perez de Castro <aperez igalia com>
Date: Mon Feb 10 14:39:09 2020 +0200
Disallow top-level navigation to data:// URLs
This is recommended to prevent phishing attacks, see
https://blog.mozilla.org/security/2017/11/27/blocking-top-level-navigations-data-urls-firefox-59/
WebKitGTK has introduced a WebKitSettings.allow-top-navigation-to-data-urls
property which can be used for this when set to FALSE. While trunk already
uses that default, in WebKitGTK 2.28 this defaults to TRUE and needs to be
explicitly set.
embed/ephy-embed-prefs.c | 3 +++
1 file changed, 3 insertions(+)
---
diff --git a/embed/ephy-embed-prefs.c b/embed/ephy-embed-prefs.c
index d47cae0df..3415f4141 100644
--- a/embed/ephy-embed-prefs.c
+++ b/embed/ephy-embed-prefs.c
@@ -501,6 +501,9 @@ ephy_embed_prefs_init (gpointer user_data)
"enable-webaudio", TRUE, /* FIXME:
https://bugs.webkit.org/show_bug.cgi?id=205334 */
"enable-webgl", TRUE, /* FIXME:
https://bugs.webkit.org/show_bug.cgi?id=205335 */
"javascript-can-open-windows-automatically", TRUE,
+#if WEBKIT_CHECK_VERSION (2, 27, 90) && !WEBKIT_CHECK_VERSION (2, 30, 0)
+ "allow-top-navigation-to-data-urls", FALSE,
+#endif
NULL);
for (i = 0; i < G_N_ELEMENTS (webkit_pref_entries); i++) {
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
