diff --git a/qutebrowser/browser/webengine/webenginequtescheme.py b/qutebrowser/browser/webengine/webenginequtescheme.py
index 3eb7c7df1..3ddbf48f4 100644
--- a/qutebrowser/browser/webengine/webenginequtescheme.py
+++ b/qutebrowser/browser/webengine/webenginequtescheme.py
@@ -19,7 +19,7 @@
"""QtWebEngine specific qute://* handlers and glue code."""
-from PyQt5.QtCore import QBuffer, QIODevice
+from PyQt5.QtCore import QBuffer, QIODevice, QUrl
from PyQt5.QtWebEngineCore import (QWebEngineUrlSchemeHandler,
QWebEngineUrlRequestJob)
@@ -39,6 +39,37 @@ class QuteSchemeHandler(QWebEngineUrlSchemeHandler):
profile.installUrlSchemeHandler(b'chrome-error', self)
profile.installUrlSchemeHandler(b'chrome-extension', self)
+ def _check_initiator(self, job):
+ """Check whether the initiator of the job should be allowed.
+
+ Only the browser itself or qute:// pages should access any of those
+ URLs. The request interceptor further locks down qute://settings/set.
+
+ Args:
+ job: QWebEngineUrlRequestJob
+
+ Return:
+ True if the initiator is allowed, False if it was blocked.
+ """
+ try:
+ initiator = job.initiator()
+ except AttributeError:
+ # Added in Qt 5.11
+ return True
+
+ if initiator == QUrl('null') and not qtutils.version_check('5.12'):
+ # WORKAROUND for https://bugreports.qt.io/browse/QTBUG-70421
+ return True
+
+ if initiator.isValid() and initiator.scheme() != 'qute':
+ log.misc.warning("Blocking malicious request from {} to {}".format(
+ initiator.toDisplayString(),
+ job.requestUrl().toDisplayString()))
+ job.fail(QWebEngineUrlRequestJob.RequestDenied)
+ return False
+
+ return True
+
def requestStarted(self, job):
"""Handle a request for a qute: scheme.
@@ -55,21 +86,8 @@ class QuteSchemeHandler(QWebEngineUrlSchemeHandler):
job.fail(QWebEngineUrlRequestJob.UrlInvalid)
return
- # Only the browser itself or qute:// pages should access any of those
- # URLs.
- # The request interceptor further locks down qute://settings/set.
- try:
- initiator = job.initiator()
- except AttributeError:
- # Added in Qt 5.11
- pass
- else:
- if initiator.isValid() and initiator.scheme() != 'qute':
- log.misc.warning("Blocking malicious request from {} to {}"
- .format(initiator.toDisplayString(),
- url.toDisplayString()))
- job.fail(QWebEngineUrlRequestJob.RequestDenied)
- return
+ if not self._check_initiator(job):
+ return
if job.requestMethod() != b'GET':
job.fail(QWebEngineUrlRequestJob.RequestDenied)
{"text":"text","html5":"html","css":"css","javascript":"javascript","php":"php","python":"python","ruby":"ruby","lua":"lua","bash":"sh","erlang":"erlang","go":"golang","c":"c_cpp","cpp":"c_cpp","diff":"diff","latex":"latex","sql":"sql","xml":"xml","0":"text","abap":"abap","actionscript":"actionscript","actionscript3":"actionscript","ada":"ada","apache":"apache_conf","applescript":"applescript","asm":"assembly_x86","autohotkey":"autohotkey","closure":"closure","cobol":"cobol","coffeescript":"coffee","cpp-winapi":"c_cpp","c_loadrunner":"c_cpp","c_mac":"c_cpp","c_winapi":"c_cpp","csharp":"csharp","d":"d","dart":"dart","dot":"dot","eiffel":"eiffel","fortran":"fortran","groovy":"groovy","haskell":"haskell","haxe":"haxe","ini":"ini","io":"io","java":"java","java5":"java","make":"makefile","matlab":"matlab","mysql":"mysql","objc":"objectivec","ocaml":"ocaml","pascal":"pascal","perl":"perl","perl6":"perl","postgresql":"pgsql","powershell":"powershell","prolog":"prolog","properties":"properties","rails":"ruby","rust":"rust","scala":"scala","scheme":"scheme","smarty":"smarty","tcl":"tcl","vala":"vala","vb":"vbscript","verilog":"verilog","vhdl":"vhdl","yaml":"yaml"}