[qutebrowser] Accidentally enabled javascript for all URLs
Javier Ayres
javierayres at gmail.com
Wed Feb 26 14:47:23 CET 2020
(Sorry, I'm repeating my reply because I forgot to include the list.)
It's possible that the pattern I saw was '*://*./*' instead of
'*://*/*', which I now tested and also works for enabling javascript
for all sites.
2020-02-24 4:51 GMT-03:00, Florian Bruhin <me at the-compiler.org>:
> Hey Javier,
>
> On Sun, Feb 23, 2020 at 05:53:19PM -0300, Javier Ayres wrote:
>> Hi everybody.
>>
>> I use qutebrowser with javascript disabled and I enable it on a per
>> domain basis with "tSH". Lately I was noticing that some banners were
>> appearing on my local newspaper's website, which I have never allowed
>> to run javascript, and decided to check my autoconfig.yml to discover
>> this line under content.javascript.enabled: '*://*/*': true.
>>
>> Is it possible that hitting "tSH" at the wrong time can add this
>> allow-everything line to content.javascript.enabled?
>
> That's weird. tSH is bound to a config-cycle with *://*.{url:host}/* as
> pattern, so I don't think this is possible.
>
> Similarly, tSh is using a *://{url:host}/* pattern - so for that to happen,
> {url:host} would need to be *, which can't happen (qutebrowser would
> complain
> that the current URL is invalid).
>
> I also can't think of any other way (other than a literal
> ":set -u *://*/* content.javascript.enabled true") how this could have
> happened. With a :set without -u, it would land under "global:", not such a
> URL
> pattern.
>
> tl;dr: No idea either, sorry!
>
> Florian
>
> --
> me at the-compiler.org (Mail/XMPP) | https://www.qutebrowser.org
> https://bruhin.software/ | https://github.com/sponsors/The-Compiler/
> GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc
> I love long mails! | https://email.is-not-s.ms/
>
More information about the qutebrowser
mailing list