summaryrefslogtreecommitdiffstats
path: root/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc
diff options
context:
space:
mode:
Diffstat (limited to 'src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc')
-rw-r--r--src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc b/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc
index 6b518a1f2..461af086a 100644
--- a/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc
+++ b/src/webenginewidgets/doc/src/qwebenginesettings_lgpl.qdoc
@@ -101,7 +101,14 @@
\value LocalStorageEnabled
Enables support for the HTML 5 local storage feature. Enabled by default.
\value LocalContentCanAccessRemoteUrls
- Allows locally loaded documents to access remote URLs. Disabled by default.
+ Allows locally loaded documents to ignore cross-origin rules so that they can access
+ remote resources that would normally be blocked, because all remote resources are
+ considered cross-origin for a local file. Remote access that would not be blocked by
+ cross-origin rules is still possible when this setting is disabled (default).
+ Note that disabling this setting does not stop XMLHttpRequests or media elements in
+ local files from accessing remote content. Basically, it only stops some HTML
+ subresources, such as scripts, and therefore disabling this setting is not a safety
+ mechanism.
\value XSSAuditingEnabled
Monitors load requests for cross-site scripting attempts. Suspicious scripts are blocked
and reported in the inspector's JavaScript console. Disabled by default, because it
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-02 12:31:10 +0000