| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
The input event router does not like MayBegin.
Fixes: QTBUG-93082
Change-Id: I4ac9677d7f69da3d36fc33c17541026f011feb42
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit 588ea0d45f983f70e707a502cb4f3e429bbd3876)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit eafc7b60313d9827f976f1d4fbb5e7f5d54eea7b)
Reviewed-by: Tarja Sundqvist <tarja.sundqvist@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty dc35950b..eaffb82d:
> [Backport] Security bug 1201938
> [Backport] Security bug 1201340
> [Backport] Security bug 1195331
> [Backport] Security bug 1204071
> [Backport] CVE-2021-30518: Heap buffer overflow in Reader Mode
> [Backport] CVE-2021-30516: Heap buffer overflow in History.
> [Backport] CVE-2021-30515: Use after free in File API
> [Backport] CVE-2021-30513: Type Confusion in V8
> [Backport] CVE-2021-30512: Use after free in Notifications
> [Backport] CVE-2021-30510: Race in Aura
> [Backport] CVE-2021-30508: Heap buffer overflow in Media Feeds
> Workaround revoked certificate check on Linux
Fixes: QTBUG-92895
Change-Id: Ib83f18a256822a2a6feb5dcdd1df7e933a2dd271
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Speculative fix.
Add custom qtwebengine mojo_bindings as a dependency for compiling
chrome sources.
Change-Id: I930a8c94b8ffe02188659169fd9f27c99f42fb0b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From macOS 10.15 onwards there are new security requirements
for TLS server certificates:
https://support.apple.com/en-us/HT210176
Now all certificates without required fields are reported as
NET::ERR_CERT_INVALID and there is no way to 'bypass' this error.
Our test expects ERR_CERT_AUTHORITY_INVALID value,
for which browsers have an visual option to bypass.
'Fix' certificate by adding new required fields:
* Subject Alternative Name
* Extended Key Usage
Generate a new certificate chain with two certificates, where the
server certificate has the extension config file in the form of:
[SAN]
subjectAltName=DNS:webengine.qt.io
extendedKeyUsage=serverAuth
Use 2048 bit for private key, otherwise tests fail on ubuntu.
Task-number: QTBUG-91230
Change-Id: I81d878cf3cae3e9fcc51bfbf250fba9185ca4b01
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 035579f424e5b69cee212d23fda3467f5db8d19e)
|
| |
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 1d3b13e9..dc35950b:
> FIXUP: third_party perfetto: add missing include for clang, asan and no_pch
> Bump V8_PATCH_LEVEL
> Fix build with GCC 11
Fixes: QTBUG-93744
Change-Id: If79bfb844f03052eab4d11018f07357b383626a7
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
| |
Change-Id: I98fee3bf2665112a5a7ca4f7170cddeab74d3bc7
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
| |
Task-number: QTBUG-91232
Change-Id: I4de316a35b235566b56d5fc6520347b5be4a0b7f
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
| |
Fixes: QTBUG-93644
Change-Id: I3c5362eaf970146b5d3088bf41c4520794be6eb6
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
| |
Fixes: QTBUG-93304
Change-Id: If2f30aab1c6a6eb81cfbad51318ec31adf5e96b6
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
| |
Change-Id: If2445171232864cb4ac51888ccc93bc00cb099a2
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Pulls in the following changes:
Submodule src/3rdparty 6c7b4ffb..1d3b13e9
> 1d3b13e9634 Make clang to inline load/store atomic calls for YieldSortKey struct
> f6730fe81a0 Enable XkbKeyboardLayoutEngine::SetCurrentLayoutByName for Qt
Fixes: QTBUG-92971
Change-Id: I0c0cddfe4d3e25fd6d3f7e0764b302c300303172
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
There are no more sub frame resources under test url, so nothing to
check for firstPartyUrl and initiator.
Change-Id: I12ddf33ec2909d9a427a9819725d941960575612
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit a282c7a36f8707e0777df201855ef0a8a1980de1)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
| |
If they use NORMAL, then we should too.
Change-Id: I252b4606c692ba483434c126fcda3a7484f399e2
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |
|
|
|
|
|
|
|
| |
It was caused by a nested unnamed TestCase, instead rely on the
parent testCase being id'ed as testCase.
Task-number: QTBUG-74447
Change-Id: I086155e230d0e71ce224a8aa4c669636fe0e0acd
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
| |
It has failed before but wasn't run by the CI.
Task-number: QTBUG-91230
Change-Id: I1f22ddad3bb563cc5c1a02b5bf537dc048954ff2
Reviewed-by: Heikki Halmet <heikki.halmet@qt.io>
|
| |
|
|
|
|
|
| |
Change-Id: Ieae71f6b1bad3fd4c4aeeec84112e7528e1af5de
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit f5e1fce9998a3eb1790ddb7c1440b47ab508fdfb)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was added to suppress progress notification for error page load
after failure, but since error page load is reported as a new navigation
(which clears list of tracked frames), it was actually doing the
opposite thing. The only situation where it suppresses progress is when
navigation was not finished (due to invalid domain or network error),
but in this case it was real progress change for whole load which should
propagate further.
Change-Id: Ifd1d681fb5c6495fb3afdc4247364afb4472c959
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change tries to match how chromium treats one single load. Before
the pair of loadStarted/loadFinished methods for api classes was called
on delegate's DidStartNavigation/DidFinishNavigation, which might be many
within one single logical load. This is true for multiple usecases (like
multiple redirects on load, immediate form submit on DOM load, page's
subresource load, or just an error page load on failure). Tracking these
methods and deciding when to emit signals based on states are error-prone
and complicates logic for no benefits. Also it somewhat lies about when
real load is done, which is only started and finished on outer methods
DidStartLoading/DidStopLoading, which are conveniently called only once
for all mentioned usecases. So, this change uses these methods to issue
signals for load start/finish, and only makes exception for error page,
which is needed for quick's private test support.
Fixes: QTBUG-65223
Fixes: QTBUG-76802
Fixes: QTBUG-87089
Fixes: QTBUG-90342
Fixes: QTBUG-91773
Fixes: QTBUG-92063
Change-Id: I9cc99b639030fedd8cf6a9dc04d0869d6be6357d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
| |
Task-number: QTBUG-76802
Change-Id: I38cd148706c0479ffbad1e0d2877adc1cad9038d
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since it's a expected and valid behavior, and it's how chromium sees it.
First, after link click, load to different document is started, then
navigation is initiated, and only later it's resolved to download and
aborted (hence load result is false) with page's state staying the same.
Fixes: QTBUG-75185
Change-Id: I8b81ba00609649d9d0318f085ff1749a02a6e3cf
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new cases for non-same-page navigations, for navigations triggered
from the DOMContentLoaded event handler, for navigations triggered
by user action (clicks), and for navigation rejected by the
acceptNavigationRequest API.
Drop the 'no more signals' waiting time from 10 to 1 seconds.
Task-number: QTBUG-65223
Change-Id: Ic074eaf5aa58f779e31927296ae84d9e4faeaaae
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
| |
Was added as is in 89bc70bf13, and was already blacklisted. Mostly
duplicates logic of 'loadFinishedAfterNotFoundError' (which was added
much earlier in aa8b11d3a5), but with a different expectations for the
number of signals emitted. And that was never realized.
Change-Id: I97bb539b936361089733dc6f26985c09c7bbc3d1
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
| |
This form of OCSP is not good, so try to at least allow it to be
disabled, until we remove it.
Fixes: QTBUG-91467
Change-Id: Ied9e8c4960e6ea1503dea39ebbced2ad1af08d5d
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
| |
Until we have time to investigate why it fails now.
Change-Id: I3da35bc622e0691b4d1a1b5138c091ba490292c7
Reviewed-by: Heikki Halmet <heikki.halmet@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 3f594ea1..6c7b4ffb:
> FIXUP: Avoid crashing on new window in cross-origin isolated content
> [Backport] Security bug 1198309
> [Backport] CVE-2021-21231: Insufficient data validation in V8
> [Backport] CVE-2021-21230: Type Confusion in V8
> [Backport] CVE-2021-21233: Heap buffer overflow in ANGLE
> [Backport] CVE-2021-21227: Insufficient data validation in V8
> Avoid crashing on new window in cross-origin isolated content
> Fix build with system ICU 69
Change-Id: Iab339abb1a34ce93e03f64608c6b5c5719f36fce
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |\
| |
| |
| | |
Change-Id: I659eb87245dfd59f014a7ca152c9f261ad400238
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Submodule src/3rdparty dd45b1a1..3f594ea1:
> [Backport] Security bug 1155297 (3/3)
> [Backport] Security bug 1155297 (2/3)
> [Backport] Security bug 1155297 (1/3)
> [Backport] Security bug 1192552
> [Backport] CVE-2021-21225: Out of bounds memory access in V8 (2/2)
> [Backport] CVE-2021-21225: Out of bounds memory access in V8 (1/2)
> [Backport] CVE-2021-21224: Type Confusion in V8
> [Backport] CVE-2021-21223: Integer overflow in Mojo
> [Backport] CVE-2021-21222: Heap buffer overflow in V8
Task-number: QTBUG-92895
Change-Id: I9c5c3aa451d8a4cab018e23a6407fd0e1f7a58de
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Submodule src/3rdparty c38ae3ec..dd45b1a1:
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (5/5)
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (4/5)
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (3/5)
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (2/5)
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (1/5)
> [Backport] Security bug 1184441
> [Backport] Security bug 1162424
Task-number: QTBUG-92895
Change-Id: I04217fe2026d0087e4b7bd9bc6d5e8fcb5e25ebd
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Submodule src/3rdparty 6764c29f..c38ae3ec:
> [Backport] Security bug 1190525
> [Backport] Security bug 1161759
> [Backport] Security bug 1175503
> [Backport] Security bugs 1175522 and 1181276
> [Backport] CVE-2021-21219: Uninitialized Use in PDFium
> [Backport] CVE-2021-21217 and CVE-2021-21218: Uninitialized Use in PDFium
> [Backport] CVE-2021-21214: Use after free in Network API
> [Backport] CVE-2021-21213: Use after free in WebMIDI
> [Backport] CVE-2021-21207: Use after free in IndexedDB
> [Backport] CVE-2021-21221: Insufficient validation of untrusted input in Mojo
> [Backport] CVE-2021-21204: Use after free in Blink.
> [Backport] CVE-2021-21203: Use after free in Blink
> [Backport] CVE-2021-21202: Use after free in extensions.
> [Backport] CVE-2021-21201: Use after free in permissions
Task-number: QTBUG-92895
Change-Id: I7e6f3d443366bb291cab027510f76788c14fc023
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A server redirect might not have been reflected in the navigation type
at this point, so also check the is_redirect value.
Fixes: QTBUG-92819
Change-Id: I711ef041de69552bc3485c9cf3db68c9e6033d6a
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit b29b245fcb9db741d14180ea7e8dcb3ad2d4f49a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When printing with the default resolution of QPrinter, rasterized images
of pages are just too small to produce sharp result. Documentation of
QPrinter also mentions that the default ScreenResolution should
only be used for drafts.
Change-Id: I5fe93f7985d16b1126cf2bbcb9b4a4ddbdfd21f2
Task-number: QTBUG-92185
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Different countries (with the same language) can have different number
formatting and navigator.language should report not only the language,
but also the country. Locale normalization often falls back by cutting
the country off, because we have common .pak files for countries with
the same language.
This patch:
- Uses the locale resolvation only for concatenating .pak file paths
and reports the full locale everywhere else.
- Properly sets default ICU locale for JS number formats and prevents
l10n_util::GetApplicationLocale() to set it sneakily to some resolved
one.
- Fixes the crashing --lang command line argument and always prefers
its value over QLocale.
Task-number: QTBUG-91225
Change-Id: I1c09798abdb523b80f0b7a3d69fa8d7a08c7c09a
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |/
|
|
|
|
|
|
|
|
|
| |
A server redirect might not have been reflected in the navigation type
at this point, so also check the is_redirect value.
Pick-to: 5.15.4
Fixes: QTBUG-92819
Change-Id: I711ef041de69552bc3485c9cf3db68c9e6033d6a
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Stop using SiteForCookies::RepresentativeUrl() if it is used to provide
first party url because it returns a truncated URL and our API is expected
to return the full url of the first party.
Fixes: QTBUG-90231
Change-Id: I628f7f31bfbeaf3de976ae9af1a8fa6408b661c5
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
| |
Fixes: QTBUG-92376
Change-Id: I8b9e35a75a4edb7f3a0dd858987b0f14993df65d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty d13920f2..048f5e99:
> [Backport] CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64
> [Backport] CVE-2021-21206: Use after free in Blink
> Fix build with no extensions on mac
Task-number: QTBUG-92080
Change-Id: I0265d3992ac3ec7fe0f55405daf58d1fc2789b12
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
| |
Change-Id: Iafdfb3c740ce42119a9891729be1ea0c89249039
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
| |
This test is unused and incomplete.
Change-Id: I53a4a1238a61a6da3db584fc560b2d40eba3ec36
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When using QtWebView with WebEngine then it will hook the call to
QtWebEngine::initialize() to the start up of the application object which
means it will output the warning because it already exists. However
there is still time at this point to set what is needed because it is
still being initialized. So by checking if the application is running
(i.e. !startingUp()) then we can be safe in knowing that it is still
able to do the initialization.
Change-Id: I8c5d8808b4b09e1e7bbf4be52e5efc0786ce1472
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Delete loadProgress zero-check from the tests and clear the history
instead.
The zero-check was used to guarantee the empty history, but it will not
pass if multiple tests are performed.
Change-Id: I370a51b5631d8fab99209d6a81c8aedd12d5e4a4
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cover all cases from https://pdfobject.com/static
- Plugin placeholder is generally broken: displays garbage and crashes
on interaction. Fix it and show when PDFs are included by <embed>
or <object> tags.
- Do not start an automatical download when the disabled PDF plugin
was requested by an iframe. Show a clickable placeholder and let the
end-users start it manually.
- Remove unused class PluginPlaceholderQt
Task-number: QTBUG-76314
Change-Id: I01a0c93ab23f54e4272f5aeb30578de0dcf18932
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Since 42b5da qtbase supports an installation of 3rdpaty
in case of static builds. Depend on 'public' qtbase 3rdparty
installed libs. This fixes prl generation by not including
build paths.
Task-number: QTBUG-91385
Change-Id: Ib0609b2b92d6759aad639154617b45fc2fe96916
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Use correct qt zlib lib in case of windows.
Passing qtzlib is actually just done in shake of clarity
and proper dependency tracking since qtCore is most likely
always a dependency for any user app.
Fixes: QTBUG-91476
Change-Id: I20816ebf926472c642847e2611797a6decdeecee
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Fix duplicated symbols for category logging between
core and qml plugin.
Task-number: QTBUG-91476
Change-Id: I532ad35b8b0e8a0b93e51b9b7a7b3a4602fad9b3
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule update src/3rdparty 8d49f9a2..d13920f2:
> [Backport] Security bug 1185482
> [Backport] Security bug 1161847
> [Backport] Security bug 1161379
> [Backport] CVE-2021-21198: Out of bounds read in IPC
> [Backport] CVE-2021-21195: Use after free in V8
Task-number: QTBUG-92080
Change-Id: I638a0fa0285d46736cfbf5406874702bd3600580
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 6ec3297a..9d237e39:
> Fixup for: [Backport] Security bug 1062941
> [Backport] CVE-2021-21193: Use after free in Blink
> [Backport] CVE-2021-21191: Use after free in WebRTC
> [Backport] Security bug 1161048
> [Backport] Security bug 1155710
> [Backport] Security bug 1062941
> [Backport] Security bug 1142712 (2/2)
> [Backport] Security bug 1142712 (1/2)
> [Backport] Security bug 1146813 (2/2)
> [Backport] Security bug 1146813 (1/2)
> [Backport] CVE-2021-21166: Object lifecycle issue in audio
> [Backport] CVE-2021-21187: Insufficient data validation in URL formatting
> [Backport] CVE-2021-21183 and CVE-2021-21184: Inappropriate implementation in performance APIs
> [Backport] CVE-2020-27844: Heap buffer overflow in OpenJPEG
> Fix crashes when webrtc is not compiled in
Task-number: QTBUG-92080
Change-Id: Ifaac3e24a5f0cacb8ba783f453ae30c8ae5e9abf
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 302379ca..79f989b8:
> Build fix for "[Backport] CVE-2021-21160..." with gcc
> [Backport] CVE-2021-21160: Heap buffer overflow in WebAudio
> [Backport] CVE-2021-21173: Side-channel information leakage in Network Internals.
> [Backport] CVE-2021-21190: Uninitialized Use in PDFium
> [Backport] CVE-2021-21188: Use after free in Blink.
> [Backport] CVE-2021-21178: Inappropriate implementation in Compositing
> [Backport] CVE-2021-21175: Inappropriate implementation in Site isolation
> [Backport] CVE-2021-21174: Inappropriate implementation in Referrer.
> [Backport] CVE-2021-21172: Insufficient policy enforcement in File System API
> [Backport] CVE-2021-21171: Incorrect security UI in TabStrip and Navigation
> [Backport] CVE-2021-21169: Out of bounds memory access in V8 (2/2)
> [Backport] CVE-2021-21169: Out of bounds memory access in V8 (1/2)
> [Backport] CVE-2021-21168: Insufficient policy enforcement in appcache
> [Backport] CVE-2021-21165: Object lifecycle issue in audio
> [Backport] CVE-2021-21162: Use after free in WebRTC
> [Backport] CVE-2021-21179: Use after free in Network Internals
> [Backport] Security bug 1175975
> [Backport] Security bug 1167277
> [Backport] Security bug 1180871
> Fix WebRtcLoggingController for QtWebEngine
Task-number: QTBUG-92080
Change-Id: I8578ea4a3fe13b9e5a3e6ed01f8fe9d3053353fc
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Verify that view still gets notification about external page deletion
through basic QObject::destroyed
Task-number: QTBUG-90509
Change-Id: I5ae19f4184d6bbbfd94efe28a3f00fbb8f6d8a01
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current implementation cancels current findText only when new navigation
is accepted (since it may be rejected all together), so it's not guaranteed
that user code will not receive completion callback if it arrives after
explicit load/setContent/setHtml but before acceptNavigationRequest.
For explicit navigation it doesn't make sense to wait until it's
accepted, since it's only exposed there just for consistency, and an
expectation for findText is that it should be canceled on new navigation.
Fixes: QTBUG-61887
Change-Id: Ia2e19df3b5712e6b5426443d1bce6b205e186668
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before, QQuickWebEngineView's canGoBack/canGoForward change signals
are based on urlChanged. But the urlChanged signal may be emitted
slightly before the value of canGoBack/canGoForwad actually changes,
resulting in a missed change notification.
After, they get their own signals, which are forwarded from the
QQuickWebEngineAction::enabledChanged signal of the respective web
actions.
Fixes: QTBUG-91565
Change-Id: Id411eb146c776e2824fd2447660e8857974da32e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
