| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Mostly compatible with other browsers/tools that follow the
Netscape/curl format.
Cookie jars are represented by prepending "jar@" to the host part, but
*only* if the target jar is different than the domain. Hopefully, other
software at least does not choke on this convention. (At least curl
seems to simply ignore the entries.)
Also, I've moved cookies.nim to config so that code for local files
parsed at startup remains in one place.
|
| |
|
|
|
| |
"No CGI dir configured" is no longer a common case, so it's OK to just
return "CGI file not found".
|
| |
|
|
|
|
|
|
|
| |
Looking at it closer, this never actually did what it advertised to do.
It only affected first-party cookies from subdomains, but that has been
fixed; third-party cookies were never supported in the first place.
(In fact, even first-party cookies are still skipped unless directly
received on navigation. This should probably be fixed.)
|
| |
|
|
|
|
|
| |
It isn't really limited to config. It just happens to be in
XDG_CONFIG_HOME because XDG basedirs suck.
(W3M_DIR works similarly.)
|
| |
|
|
|
| |
Licenses now ordered by "explicitly PD", "PD-equivalent" and
"not PD-equivalent".
|
| |
|
|
| |
Respects autofocus.
|
| |
|
|
|
|
|
|
|
|
| |
For APIs that cannot be implemented in a privacy-friendly manner.
As a start, I've added accurate screen size queries; getComputedStyle,
getBoundingClientRect, etc. should follow. (We have a harmless
getComputedStyle already, but it's broken.)
Probably, things like JS-based scroll belong in here too, but I'm not
sure yet. (Perhaps autofocus should be reused instead?)
|
| |
|
|
|
| |
It's still missing a "color visited links" feature, but it's better
than nothing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only for SVG in image tags for now. Plus it comes with NanoSVG's
limitations, i.e. no text. Still, better than nothing.
I've gone through open tickets and PRs at upstream to check for known
security issues. As a recurring theme I found that parseTransform
fails to check the result of parseTransformArgs, so I fixed and
refactored that part. (Probably not a security issue, but still UB.)
Also, I've added a fix for an OOB read in parseColorRGB.
Future directions:
* replace nanosvgrast with our own rasterizer in canvas (will have to be
extended somewhat...)
* add text rendering (with unifont, which canvas already includes)
|
| | |
|
| |
|
|
|
|
|
|
| |
* correct action on M-b
* add external.bookmark option
* move openFileExpand functionality into unquote
* add menu items
* update docs
|
| |
|
|
|
|
|
|
| |
Both are quite useful.
readFile and writeFile got a small makeover in error handling; in
particular, readFile now returns null instead of the empty string when
the file is missing and writeFile throws a TypeError on I/O errors.
|
| |
|
|
|
|
|
|
| |
Cookie jar separation is already enough to mitigate tracking issues
in this case. (Also, the fact that third-party-cookie controlled this
made things even more confusing.)
Also, add the previously missing host-only flag.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the past, Chawan would read global mailcap (/etc/mailcap, ...) too,
but every now and then that would run entries that I didn't even know
existed and definitely didn't intend to run. So I changed it to only
use ~/.mailcap, but this meant users now had to add mailcap entries for
every single mime type.
At some point I also changed application/octet-stream to always save to
disk, which is usually nice except when a text file is misrecognized as
binary. Often times I just want to decide myself what to do.
So now there are two layers. First, the global mailcap files (path as
per RFC) prompt before executing. Then there is ~/.chawan/auto.mailcap
(or ~/.config/chawan/auto.mailcap) which runs entries automatically.
If you press shift before selecting an option in the prompt, the
corresponding entry gets copied to auto.mailcap. It's also possible to
type a new entry on the fly. Overall I think it's quite convenient.
One unfortunate side effect is that existing users will have to migrate
their entries to auto.mailcap, or redefine external.auto-mailcap to e.g.
~/.mailcap, but this seems acceptable.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ref. https://todo.sr.ht/~bptato/chawan/29
|
| | |
|
| |
|
|
|
|
|
| |
with buffer.images enabled, we already cache them, so we can skip the
additional request
also, add saveImage, bound to sI
|
| | |
|
| |
|
|
|
| |
This couldn't get into system.nim for technical reasons, but it's still
pretty useful when iterating over non-mutable openArrays.
|
| |
|
|
|
|
|
| |
Useful when an x-htmloutput handler needs styling for the HTML output to
be formatted correctly (as a sort of pseudo-ua style sheet).
ref. https://todo.sr.ht/~bptato/chawan/28
|
| | |
|
| |
|
|
|
|
| |
eh
probably have to move the event loop to pager...
|
| |
|
|
| |
one less mystery
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
most of it has already been moved to monoucha, and the rest fits better
in other directories.
also, move urimethodmap to config
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* fix incorrect :- behavior
* merge non-standard '${%VARIABLE}' syntax with regular syntax; now all
internal variables are exported to the environment, so the behavior
should be equivalent.
* handle terminal symbol appropriately in all states
* deny numeric curly substitutions
|
| |
|
|
|
|
|
| |
Turns out it's more useful to have env vars in the variable than to
allow incomplete path names.
Also, fix the disappearing backslash issue in docs.
|
| |
|
|
|
| |
also, fix a bug in the chapath parser so that param expansion actually
works
|
| |
|
|
|
|
|
| |
* add some more env vars to makefile
* remove fpermissive from GCC builds
* update Monoucha
* fix borked seccomp filter length safety check (ugh)
|
| |
|
|
| |
+ clean up a bit
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fix matching on unstripped whitespace: caught after upgrading to
upstream dash & chaseccomp wouldn't compile
* add defines to ensure that we computed the filter length correctly
* inline cut_label
* EPERM on sigaction, sigprocmask, gettid, and kill on tgkill (so a
crash doesn't trigger sandbox violations)
* move SIGSYS handler to C and add one for the network
The last change removes the stack trace from SIGSYS, but gives us the
syscall number which is probably more useful. (Indeed, we don't even
have a stack trace in release builds.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'm starting to favor dotfiles over XDG basedirs, but there's no reason
why we couldn't have both. So now the search path is:
0. if config was set through -C, use that
1. $CHA_CONFIG_DIR is set -> $CHA_CONFIG_DIR/config.toml
2. $XDG_CONFIG_HOME is set -> $XDG_CONFIG_HOME/chawan/config.toml
3. ~/.config/chawan/config.toml exists -> use that
4. ~/.chawan/config.toml exists -> use that
Notably, this makes it so the default directory is ~/.chawan *if* you
don't have an existing config.toml file. So in that case known_hosts
will be placed in ~/.chawan/known_hosts. However, configurations with a
config in ~/.config/chawan/config.toml continue to work as expected, as
for those the known_hosts file remains inside ~/.config/chawan/.
Finally, I've added a default user CGI directory to reduce friction in
setting CGI up. (Like known_hosts, it's also relative to whatever config
dir you have.)
|
| |
|
|
|
| |
* fix externFilterSource ignoring content types other than html
* refactor runProcess to use a custom fork/exec instead of system(3)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This drops libseccomp as a dependency.
Also, move the capsicum/pledge definitions from bindings to sandbox.nim
because they are only used there.
Interestingly, after integrating chaseccomp I found that the
stbi process would mysteriously crash by a getrandom(2) syscall.
Closer investigation revealed it is only called on the initialization
of glibc's malloc; presumably it had never surfaced before because
libseccomp would always allocate before entering the sandbox.
So I've added getrandom to our filter as well.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Simple netcat clone, useful for portable scripts. Especially because
some netcats will close the connection as soon as I close stdin... this
one only quits when either stdout or the socket refuses new data.
Also, it uses our standard TCP connection routine, meaning it respects
ALL_PROXY. (i.e. now spartan works with socks5 too)
|
| |
|
|
|
|
|
|
|
|
| |
This finally makes it possible to use socks5 for Gemini.
Also slightly refactored the config, to make it easier to pass on the
config dir.
By the way, the known_hosts file is now stored in the config dir too.
The adapter will try to move it to there from the old location.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This splits out sftp into a separate binary that *does* depend on
libcurl. However, ftp now uses the same socket code as gopher.
ftps is dropped, because I've never even tested it. Maybe I'll add
it back when we have working OpenSSL bindings.
This is still "doing the easy part first", now I have no clue how to
handle sftp because my initial plan ("just use the sftp binary") doesn't
work - sftp batch mode doesn't accept passwords. libssh2 remains the
sole candidate, but that's what libcurl wraps anyway.
|