| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
There are no more sub frame resources under test url, so nothing to
check for firstPartyUrl and initiator.
Change-Id: I12ddf33ec2909d9a427a9819725d941960575612
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit a282c7a36f8707e0777df201855ef0a8a1980de1)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty dd45b1a1..3f594ea1:
> [Backport] Security bug 1155297 (3/3)
> [Backport] Security bug 1155297 (2/3)
> [Backport] Security bug 1155297 (1/3)
> [Backport] Security bug 1192552
> [Backport] CVE-2021-21225: Out of bounds memory access in V8 (2/2)
> [Backport] CVE-2021-21225: Out of bounds memory access in V8 (1/2)
> [Backport] CVE-2021-21224: Type Confusion in V8
> [Backport] CVE-2021-21223: Integer overflow in Mojo
> [Backport] CVE-2021-21222: Heap buffer overflow in V8
Task-number: QTBUG-92895
Change-Id: I9c5c3aa451d8a4cab018e23a6407fd0e1f7a58de
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty c38ae3ec..dd45b1a1:
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (5/5)
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (4/5)
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (3/5)
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (2/5)
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (1/5)
> [Backport] Security bug 1184441
> [Backport] Security bug 1162424
Task-number: QTBUG-92895
Change-Id: I04217fe2026d0087e4b7bd9bc6d5e8fcb5e25ebd
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 6764c29f..c38ae3ec:
> [Backport] Security bug 1190525
> [Backport] Security bug 1161759
> [Backport] Security bug 1175503
> [Backport] Security bugs 1175522 and 1181276
> [Backport] CVE-2021-21219: Uninitialized Use in PDFium
> [Backport] CVE-2021-21217 and CVE-2021-21218: Uninitialized Use in PDFium
> [Backport] CVE-2021-21214: Use after free in Network API
> [Backport] CVE-2021-21213: Use after free in WebMIDI
> [Backport] CVE-2021-21207: Use after free in IndexedDB
> [Backport] CVE-2021-21221: Insufficient validation of untrusted input in Mojo
> [Backport] CVE-2021-21204: Use after free in Blink.
> [Backport] CVE-2021-21203: Use after free in Blink
> [Backport] CVE-2021-21202: Use after free in extensions.
> [Backport] CVE-2021-21201: Use after free in permissions
Task-number: QTBUG-92895
Change-Id: I7e6f3d443366bb291cab027510f76788c14fc023
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A server redirect might not have been reflected in the navigation type
at this point, so also check the is_redirect value.
Fixes: QTBUG-92819
Change-Id: I711ef041de69552bc3485c9cf3db68c9e6033d6a
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit b29b245fcb9db741d14180ea7e8dcb3ad2d4f49a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
| |
Stop using SiteForCookies::RepresentativeUrl() if it is used to provide
first party url because it returns a truncated URL and our API is expected
to return the full url of the first party.
Fixes: QTBUG-90231
Change-Id: I628f7f31bfbeaf3de976ae9af1a8fa6408b661c5
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
| |
Fixes: QTBUG-92376
Change-Id: I8b9e35a75a4edb7f3a0dd858987b0f14993df65d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty d13920f2..048f5e99:
> [Backport] CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64
> [Backport] CVE-2021-21206: Use after free in Blink
> Fix build with no extensions on mac
Task-number: QTBUG-92080
Change-Id: I0265d3992ac3ec7fe0f55405daf58d1fc2789b12
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
| |
Change-Id: Iafdfb3c740ce42119a9891729be1ea0c89249039
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
| |
This test is unused and incomplete.
Change-Id: I53a4a1238a61a6da3db584fc560b2d40eba3ec36
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When using QtWebView with WebEngine then it will hook the call to
QtWebEngine::initialize() to the start up of the application object which
means it will output the warning because it already exists. However
there is still time at this point to set what is needed because it is
still being initialized. So by checking if the application is running
(i.e. !startingUp()) then we can be safe in knowing that it is still
able to do the initialization.
Change-Id: I8c5d8808b4b09e1e7bbf4be52e5efc0786ce1472
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Delete loadProgress zero-check from the tests and clear the history
instead.
The zero-check was used to guarantee the empty history, but it will not
pass if multiple tests are performed.
Change-Id: I370a51b5631d8fab99209d6a81c8aedd12d5e4a4
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cover all cases from https://pdfobject.com/static
- Plugin placeholder is generally broken: displays garbage and crashes
on interaction. Fix it and show when PDFs are included by <embed>
or <object> tags.
- Do not start an automatical download when the disabled PDF plugin
was requested by an iframe. Show a clickable placeholder and let the
end-users start it manually.
- Remove unused class PluginPlaceholderQt
Task-number: QTBUG-76314
Change-Id: I01a0c93ab23f54e4272f5aeb30578de0dcf18932
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Since 42b5da qtbase supports an installation of 3rdpaty
in case of static builds. Depend on 'public' qtbase 3rdparty
installed libs. This fixes prl generation by not including
build paths.
Task-number: QTBUG-91385
Change-Id: Ib0609b2b92d6759aad639154617b45fc2fe96916
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Use correct qt zlib lib in case of windows.
Passing qtzlib is actually just done in shake of clarity
and proper dependency tracking since qtCore is most likely
always a dependency for any user app.
Fixes: QTBUG-91476
Change-Id: I20816ebf926472c642847e2611797a6decdeecee
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Fix duplicated symbols for category logging between
core and qml plugin.
Task-number: QTBUG-91476
Change-Id: I532ad35b8b0e8a0b93e51b9b7a7b3a4602fad9b3
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule update src/3rdparty 8d49f9a2..d13920f2:
> [Backport] Security bug 1185482
> [Backport] Security bug 1161847
> [Backport] Security bug 1161379
> [Backport] CVE-2021-21198: Out of bounds read in IPC
> [Backport] CVE-2021-21195: Use after free in V8
Task-number: QTBUG-92080
Change-Id: I638a0fa0285d46736cfbf5406874702bd3600580
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 6ec3297a..9d237e39:
> Fixup for: [Backport] Security bug 1062941
> [Backport] CVE-2021-21193: Use after free in Blink
> [Backport] CVE-2021-21191: Use after free in WebRTC
> [Backport] Security bug 1161048
> [Backport] Security bug 1155710
> [Backport] Security bug 1062941
> [Backport] Security bug 1142712 (2/2)
> [Backport] Security bug 1142712 (1/2)
> [Backport] Security bug 1146813 (2/2)
> [Backport] Security bug 1146813 (1/2)
> [Backport] CVE-2021-21166: Object lifecycle issue in audio
> [Backport] CVE-2021-21187: Insufficient data validation in URL formatting
> [Backport] CVE-2021-21183 and CVE-2021-21184: Inappropriate implementation in performance APIs
> [Backport] CVE-2020-27844: Heap buffer overflow in OpenJPEG
> Fix crashes when webrtc is not compiled in
Task-number: QTBUG-92080
Change-Id: Ifaac3e24a5f0cacb8ba783f453ae30c8ae5e9abf
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 302379ca..79f989b8:
> Build fix for "[Backport] CVE-2021-21160..." with gcc
> [Backport] CVE-2021-21160: Heap buffer overflow in WebAudio
> [Backport] CVE-2021-21173: Side-channel information leakage in Network Internals.
> [Backport] CVE-2021-21190: Uninitialized Use in PDFium
> [Backport] CVE-2021-21188: Use after free in Blink.
> [Backport] CVE-2021-21178: Inappropriate implementation in Compositing
> [Backport] CVE-2021-21175: Inappropriate implementation in Site isolation
> [Backport] CVE-2021-21174: Inappropriate implementation in Referrer.
> [Backport] CVE-2021-21172: Insufficient policy enforcement in File System API
> [Backport] CVE-2021-21171: Incorrect security UI in TabStrip and Navigation
> [Backport] CVE-2021-21169: Out of bounds memory access in V8 (2/2)
> [Backport] CVE-2021-21169: Out of bounds memory access in V8 (1/2)
> [Backport] CVE-2021-21168: Insufficient policy enforcement in appcache
> [Backport] CVE-2021-21165: Object lifecycle issue in audio
> [Backport] CVE-2021-21162: Use after free in WebRTC
> [Backport] CVE-2021-21179: Use after free in Network Internals
> [Backport] Security bug 1175975
> [Backport] Security bug 1167277
> [Backport] Security bug 1180871
> Fix WebRtcLoggingController for QtWebEngine
Task-number: QTBUG-92080
Change-Id: I8578ea4a3fe13b9e5a3e6ed01f8fe9d3053353fc
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Verify that view still gets notification about external page deletion
through basic QObject::destroyed
Task-number: QTBUG-90509
Change-Id: I5ae19f4184d6bbbfd94efe28a3f00fbb8f6d8a01
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current implementation cancels current findText only when new navigation
is accepted (since it may be rejected all together), so it's not guaranteed
that user code will not receive completion callback if it arrives after
explicit load/setContent/setHtml but before acceptNavigationRequest.
For explicit navigation it doesn't make sense to wait until it's
accepted, since it's only exposed there just for consistency, and an
expectation for findText is that it should be canceled on new navigation.
Fixes: QTBUG-61887
Change-Id: Ia2e19df3b5712e6b5426443d1bce6b205e186668
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before, QQuickWebEngineView's canGoBack/canGoForward change signals
are based on urlChanged. But the urlChanged signal may be emitted
slightly before the value of canGoBack/canGoForwad actually changes,
resulting in a missed change notification.
After, they get their own signals, which are forwarded from the
QQuickWebEngineAction::enabledChanged signal of the respective web
actions.
Fixes: QTBUG-91565
Change-Id: Id411eb146c776e2824fd2447660e8857974da32e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
| |
Fixes: QTBUG-91695
Change-Id: Ie00b9bb92b62b97c500d427defbf2a4632ddbeda
Reviewed-by: Florian Bruhin <qt-project.org@the-compiler.org>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
| |
This includes the screencast mode that now works.
Task-number: QTBUG-85171
Change-Id: I11f6fc11db8066a88880df3277e5613db65ae5a5
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 7c8217b3..302379ca:
> Fix multiple include dirs
> Revert "Use devtools app for Qt"
> Prepare net-internals for QtWebEngine usage
Task-number: QTBUG-91799
Change-Id: I527fd06a1f3f142cafb098d93ee3bfc0026984f9
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty d9d9e606..7c8217b3:
> [Backport] Remove mouse wheel handler DCHECK
> PDF viewer: Restore createBrowserApi() function
> [Backport] CVE-2021-21138: Use after free in DevTools
Change-Id: I1190e71d109c98285a57365f8ed1315b50895da1
Reviewed-by: Szabolcs David <davidsz@inf.u-szeged.hu>
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Use the internal Chromium routine to get the app locale Chromium
expects.
Fixes: QTBUG-91715
Change-Id: I5042eb066cb6879ad69628959912f2841867b4e8
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When the QWebEnginePage changed on a QWebEngineView, all signal connec-
tions between the view and the previous page were removed as well, even
those that the user connected themself.
To prevent unexpected behavior, only disconnect the signals that the
view connected to automatically and leave the rest of the connections
intact when the page on the view is changed.
Fixes: QTBUG-90509
Change-Id: Icac3e3be0b598dec8107e8fffdf7f25dd88a4b71
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
| |
We do build snapshot_aura.cc (Linux) and ui/snapshot_win.cc (Windows).
Change-Id: I8b0459a761b76a411371ea175103bd7e864d6417
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
| |
Fixes: QTBUG-53593
Change-Id: Ic330875c3ca3ebe460a166ac815dbf2e052143c2
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let Chromium know about the status of plugin availability from
WebEngineSettings. This way it can decide whether the response is
a download and it has more benefits:
- It doesn't have to start a new load request to download a PDF file,
it just treats the original response accordingly.
- Fixes websites which are protected from cross-domain requests (e.g. by
checking the Referer header) and/or redirecting requests for PDFs.
Calling DownloadManager "manually" and not passing the original request
headers did not work when the server relied on them.
Task-number: QTBUG-78114
Change-Id: I8cfa90c211418001c60c4b2f0f8818ee453101fc
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the basic support of guest views, implemented based
on Chrome.
- Embed PDF as a child frame instead of navigating to its
extension WebUI. Keep the original URL (pointing to the file) to
extend functionality of PDF viewer with URL parameters.
- Make RenderWidgetHostInputEventRouter to work and modify most of
the event forwarding logic to use that. This way WebEngine supports
pages with multiple RenderWidgetHost and guest views can be
interactive with user input.
[ChangeLog] PDF files are opened as embedded objects, WebEngine
will not navigate the content away from the requested file to
present it. PDF viewer can accept URL parameters (e.g. to control
zooming or fitting to view). Also, PDF viewer is interactive
when displayed in a subframe.
Task-number: QTBUG-80463
Task-number: QTBUG-86152
Task-number: QTBUG-90712
Change-Id: Ib1591fbd9a594891cdeace8e9dae0d3cc21a9f8e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
| |
Fixes: QTBUG-91257
Change-Id: Ic303278e2b8871e6bcb3f4f5c5810c8f43371bb8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
| |
Change-Id: I3fc5bcd40a0b4b7dba88659a9171e93bb3c82f3a
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
| |
Task-number: QTBUG-76006
Change-Id: If2b39b3dc66e250f6a4b333e4d82d0d43f8dedd8
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
| |
We do not support it.
Fixes: QTBUG-91490
Change-Id: I972e1d5cd8507571c4c2305e2f38c4345f69538e
Reviewed-by: Florian Bruhin <qt-project.org@the-compiler.org>
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
| |
Seems to be failing regularly now.
Change-Id: I1bbeb2f5cb2b04608c7c75317f68bb4e75a59eb3
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |\ |
|
| | |\
| | |
| | |
| | | |
Change-Id: I5f8aa9bb11f7035aca70d6ae3c883f9616af4235
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Submodule src/3rdparty 4cb55651..d77379c5:
> [Backport] CVE-2021-21153: Stack overflow in GPU Process
> [Backport] CVE-2021-21152: Heap buffer overflow in Media
> [Backport] CVE-2021-21157: Use after free in Web Sockets
> [Backport] CVE-2021-21156: Heap buffer overflow in V8
> [Backport] Security bug 1171954
> [Backport] CVE-2021-21149: Stack overflow in Data Transfer
> [Backport] Dependency for CVE-2021-21150: Use after free in Downloads [1/1]
> [Backport] CVE-2021-21150: Use after free in Downloads
> FIXUP: [Backport] CVE-2021-21149: Stack overflow in Data Transfer
> FIXUP: [Backport] CVE-2021-21149: Stack overflow in Data Transfer
Task-number: QTBUG-90575
Pick-to: 5.15
Change-Id: I37640b05028616fae93e1bb301d92968ef24b0b1
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: Iad9a3fa1df35e7c1dfeee12398d053488803f450
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Flush ui messages in profile adapter instead, otherwise
we will refer to already destroyed adapter
(which we track by qpointer), if some ui messages are
being processed. Note profile adapter owns profile so
it should be fine to notify about coming browser
context destruction.
Pick-to: 5.15
Change-Id: Idaa29a459c984ca73d1f5f9ca61b96c9b4017259
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Task-number: QTBUG-91187
Change-Id: Icaef781025791a94c0e5dd85039c33b8ae45de99
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 0b5f110234256eabaa264189d9117069f2a2d144)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It is now in a separate file, and will silently fail by just breaking
the overlay highlights.
Fixes: QTBUG-91178
Change-Id: If1787671962bd8ee50fae6c60f7c46692ab51c02
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit 50524f176b6ecd812f413f85703c7f410c7e71a3)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Was not using anything Chrome specific, and could be directly reused
by us.
Task-number: QTBUG-85171
Change-Id: Ib739cead6d721785de5843d0c971f77b77f20359
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |/ /
| |
| |
| |
| | |
Change-Id: I438cbbfe52617ac0fff3a954ea35a9b48fd14625
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |
| |
| |
| |
| |
| |
| | |
Pick-to: 5.15.3
Task-number: QTBUG-91187
Change-Id: Icaef781025791a94c0e5dd85039c33b8ae45de99
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |/
|
|
|
|
|
|
|
| |
It is now in a separate file, and will silently fail by just breaking
the overlay highlights.
Fixes: QTBUG-91178
Change-Id: If1787671962bd8ee50fae6c60f7c46692ab51c02
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
| |
Change-Id: I653dee03adcad422d1210fda48bdd5b701382b00
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
| |
This patch fixes popup position when popup have parent
window. Make simple offset calculation and add rotated
pupups support in another patch.
Change-Id: Id53524375eeecbc316dc6f6bef7f32669a72beb3
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
