diff options
author | Leena Miettinen <riitta-leena.miettinen@theqtcompany.com> | 2016-02-03 16:28:47 +0100 |
---|---|---|
committer | Jani Heikkinen <jani.heikkinen@theqtcompany.com> | 2016-02-04 12:58:01 +0000 |
commit | 46b561970579c08af6e2b2df0713f84396e0da0d (patch) | |
tree | 9010cf74d1b9d58fb282ce60e1c35f71ea8b47a0 | |
parent | 2fa97ee1ea69024c83968b8b2bbab8d9baffe66b (diff) |
Doc: QWebEngineSettings::WebAttribute values provide no safety mechanisms
Task-number: QTBUG-45556
Change-Id: Ifc39eba7f9e9324f180feeb0d99fef1434f97d64
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
-rw-r--r-- | src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc b/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc index 3dc23e037..df85c39fb 100644 --- a/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc +++ b/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc @@ -99,7 +99,14 @@ \value LocalStorageEnabled Enables support for the HTML 5 local storage feature. Enabled by default. \value LocalContentCanAccessRemoteUrls - Allows locally loaded documents to access remote URLs. Disabled by default. + Allows locally loaded documents to ignore cross-origin rules so that they can access + remote resources that would normally be blocked, because all remote resources are + considered cross-origin for a local file. Remote access that would not be blocked by + cross-origin rules is still possible when this setting is disabled (default). + Note that disabling this setting does not stop XMLHttpRequests or media elements in + local files from accessing remote content. Basically, it only stops some HTML + subresources, such as scripts, and therefore disabling this setting is not a safety + mechanism. \value XSSAuditingEnabled Monitors load requests for cross-site scripting attempts. Suspicious scripts are blocked and reported in the inspector's JavaScript console. Disabled by default, because it |