| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
This fixes the behavior of the whitelist code so that whitelist
toggling toggles the FQDN (not the domain and all subdomains), unless
domain is explicitly used. This was the intended behavior but the old
code would automatically assume all subdomains anyways. This also
makes the new force_https stuff work correctly with FQDNs (no
subdomains) for the preloaded HSTS list.
|
| |
|
|
|
|
| |
parameters to the g_strdup_printf() call. This makes the tooltips
appear correctly on about:runtime when compiled with gcc (clang never
exposed this issue).
|
| |
|
|
|
|
| |
change runtime settings. Settings that have been modified show in a
highlighted color in the table. Tooltips describe the setting's
function, as well as the default values.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
whitelist settings) to make all requests to that domain use the HTTPS
scheme, similar to HSTS.
Install a new file, hsts-preload, into the resource dir. This is a
regular config file with a bunch of force_https = ... lines, which is
used to implement a preloaded HSTS list. Right now all the domains in
this file, except for conformal.com and cyphertite.com, are taken
directly from chromium's preloaded HSTS list (and should be synced
with this file every so often). Also implement a new setting,
preload_strict_transport (enabled by default), to enable or disable
the loading of this preloaded HSTS list. Document force_https and
preload_strict_transport in the manpage.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
widgets (with the exception of the uri, we need this for the
progressbar). Because labels only take up as much room as they need,
the statusbar elements now dynamically fit together in a GtkBox
instead of giving GtkEntry a fixed size. Because the background color
of labels can not be colored directly, place a GtkEventBox underneath
the packing GtkBox (which is also transparent) and color that when
changing the colors for HTTPS sites.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
be immediatelly shown due to fancy_bar = 0 or an empty search_string.
We need these to be created in case they are shown again by changing
these gui settings at runtime later. This also prevents a lot of
Gtk-CRITICAL warnings due to trying to set various widgets active or
inactive based on the current page status (for example, stop and the
js toggle button).
While here, kill some useless boxes around both the uri and search
entries in the toolbar.
|
| |
|
|
| |
warning to about:startpage. While in here, clean up some #ifdefs.
|
| |
|
|
|
| |
(keep current behavior) for gui_mode = normal, and disable for
gui_mode = minimal. Requires GTK3.
|
| |
|
|
|
|
| |
and p work with CLIPBOARD in addition to PRIMARY. Yanking copies to
both, and pasting tries PRIMARY first, and if empty, reads from
CLIPBOARD. This should make y/p/P work on windows.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
allow_insecure_scripts, which, if WebKitWebSettings has the
enable-display-of-insecure-content and/or
enable-running-of-insecure-content properties, sets those to enable or
disable viewing or running of insecure content from secure websites.
Make these default to 0 in whitelist mode, and 1 otherwise.
* * *
Document in manpage.
|
| | |
|
| |
|
|
|
|
| |
g_filename_to_uri() and g_filename_from_uri() functions. These
functions automatically encode/decode the urls or paths, which wasn't
being done before.
|
| |
|
|
|
| |
globally for all connections), and implement http_accept which acts
the same way but sets the HTTP Accept header.
|
| | |
|
| |
|
|
| |
currently enabled or disabled in the statusbar.
|
| |
|
|
| |
buttons and search entry box
|
| |
|
|
|
|
|
| |
instead of the low-contrast one. Allow the userstyle and
usersyle_global commands to take an optional argument to use a
user-specified stylesheet instead of the default. Document in the
manpage.
|
| |
|
|
|
|
|
| |
ssl certificate is different from a previously cached certificate to
help prevent against MITM attacks. Prompt the user with an action to
take (show remote cert, allow for that session, or cache the new
remote cert).
|
| |
|
|
|
|
|
|
|
|
|
| |
* Display a message when toggling proxy.
* Add a 'http_proxy_disabled' config option allowing a proxy to be disabled at
xombrero start.
* Add a note in the manual that polipo works with xombrero aswell as tsocks.
* In the config file, provide examples for polipo and tsocks running on
localhost with default ports.
OK marco
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
values from static memory, as they will be g_free()'d later if changed
at runtime or from parsing the config. "Special" settings (struct
special) do not need this as they use their own set functions.
This also fixes a bad bug where default_script pointed to "" somewhere
in static memory instead of an array of PATH_MAX size. This fixes a
crash when compiled with clang where changing this setting would try
to write a string possibly as large as PATH_MAX and overwrite other
static data.
Finally, make ssl_ca_file static to match all the other strings that
represent files or directories. Make it a special setting so static
memory is never freed. As an added bonus, ssl_ca_file is now tilde
expanded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
push.
Make the set_ssl_ca_file pointer logic not suck.
'M' isn't a valid key modifier, use 'M1' in the manpage.
Add a function to escape an html string and use this for displaying
settings. Now things like <file> and <uri> are not interpreted as
html tags.
Kill a system() when running a custom uri script. Tildes are now also
expanded instead of being interpreted by the no-longer-being-called
system shell.
Plug a leak
Replace the system() call for external_editor with an execvp and while
here, kill a dangerous sprintf.
Remove an unused variable
|
| | |
|
| |
|
|
| |
command. This will reset the value to its default.
|
| |
|
|
| |
it in the manpage.
|
| |
|
|
|
| |
external script rather then through xombrero. This makes it possible
to use scripts to support things such as mailto URIs. Fixes FS#253
|
| |
|
|
| |
it for all the times we need to expand a tilde in a file path.
|
| |
|
|
|
|
| |
the manpage says they do. Setting show_url = 1 and fancy_bar = 0 will
now only display the url bar on the toolbar and not draw the buttons
and search box.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
don't try to execute them, but instead open a prompt with that current
command. Can be used to create custom prompts, and should fix FS#233.
This change also adds the ability to replace strings in keybound
prompts. So far the only string replacement is <uri> which is
replaced by the current tab's uri. This also kills the old prompt*
commands as they only existed so they could be bound to a key.
However with the addition of the <uri> substitution, these are no
longer necessary. Document these changes in the manpage.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
file and document it. This fixes FS#238.
|
| |
|
|
| |
and document it in the manpage.
|
| | |
|
| |
|
|
| |
it wasn't mentioned in the manpage.
|
| |
|
|
| |
manpage
|
| | |
|
| | |
|
| |
|
|
| |
strtonum() when called on user input.
|
| |
|
|
|
|
|
|
| |
This reverts commit 8cf3ed194beb51595cc575c2fd7f8067d35c5dc7.
Conflicts:
settings.c
|
| |
|
|
| |
correct.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
iterating over each tab and running the autoscroll js. Dynamically
Setting it to 0 doesn't work here because the js is still running.
Need to find some way to kill it.
|
| |
|
|
| |
so as to leave no doubt that values are being uninitialized.
|