From e4176be03c6e34c3079f1caddcb57df849d301ee Mon Sep 17 00:00:00 2001 From: Josh Rickmar Date: Mon, 2 Jul 2012 14:59:50 -0400 Subject: Add two new settings, allow_insecure_content and allow_insecure_scripts, which, if WebKitWebSettings has the enable-display-of-insecure-content and/or enable-running-of-insecure-content properties, sets those to enable or disable viewing or running of insecure content from secure websites. Make these default to 0 in whitelist mode, and 1 otherwise. * * * Document in manpage. --- settings.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ xombrero.1 | 13 +++++++++++- xombrero.c | 10 ++++++++++ xombrero.conf | 4 ++++ xombrero.h | 5 +++++ 5 files changed, 95 insertions(+), 1 deletion(-) diff --git a/settings.c b/settings.c index cac7485..2537908 100644 --- a/settings.c +++ b/settings.c @@ -109,6 +109,8 @@ int referer_mode = XT_DS_REFERER_MODE; char *referer_custom = NULL; int download_notifications = XT_DS_DOWNLOAD_NOTIFICATIONS; int warn_cert_changes = 0; +int allow_insecure_content = XT_DS_ALLOW_INSECURE_CONTENT; +int allow_insecure_scripts = XT_DS_ALLOW_INSECURE_SCRIPTS; char *cmd_font_name = NULL; /* these are all set at startup */ char *oops_font_name = NULL; @@ -199,6 +201,8 @@ int set_userstyle_global(char *); int set_external_editor(char *); int set_xterm_workaround(char *); int set_warn_cert_changes(char *); +int set_allow_insecure_content(char *); +int set_allow_insecure_scripts(char *); void walk_mime_type(struct settings *, void (*)(struct settings *, char *, void *), void *); @@ -456,6 +460,8 @@ struct settings rs[] = { { "download_notifications", XT_S_INT, 0, &download_notifications, NULL, NULL, NULL, set_download_notifications }, { "include_config", XT_S_STR, 0, NULL, &include_config, NULL, NULL, NULL }, { "warn_cert_changes", XT_S_INT, 0, &warn_cert_changes, NULL, NULL, NULL, set_warn_cert_changes }, + { "allow_insecure_content", XT_S_INT, 0, &allow_insecure_content, NULL, NULL, NULL, set_allow_insecure_content }, + { "allow_insecure_scripts", XT_S_INT, 0, &allow_insecure_scripts, NULL, NULL, NULL, set_allow_insecure_scripts }, /* font settings */ { "cmd_font", XT_S_STR, 0, NULL, &cmd_font_name, NULL, NULL, set_cmd_font }, @@ -734,6 +740,8 @@ set_browser_mode(struct settings *s, char *val) enable_js_whitelist = 1; enable_localstorage = 0; referer_mode = XT_REFERER_SAME_DOMAIN; + allow_insecure_content = 0; + allow_insecure_scripts = 0; } else if (!strcmp(val, "normal")) { browser_mode = XT_BM_NORMAL; allow_volatile_cookies = 0; @@ -749,6 +757,8 @@ set_browser_mode(struct settings *s, char *val) enable_js_whitelist = 0; enable_localstorage = 1; referer_mode = XT_REFERER_ALWAYS; + allow_insecure_content = 1; + allow_insecure_scripts = 1; } else if (!strcmp(val, "kiosk")) { browser_mode = XT_BM_KIOSK; allow_volatile_cookies = 0; @@ -764,6 +774,8 @@ set_browser_mode(struct settings *s, char *val) enable_js_whitelist = 0; enable_localstorage = 1; referer_mode = XT_REFERER_ALWAYS; + allow_insecure_content = 1; + allow_insecure_scripts = 1; show_tabs = 0; tabless = 1; } else @@ -1499,6 +1511,58 @@ walk_cmd_alias(struct settings *s, } } +int +set_allow_insecure_content(char *value) +{ + struct tab *t; + int tmp; + const char *errstr; + + if (value == NULL || strlen(value) == 0) + allow_insecure_content = XT_DS_ALLOW_INSECURE_CONTENT; + else { + tmp = strtonum(value, 0, 1, &errstr); + if (errstr) + return (-1); + allow_insecure_content = tmp; + } + TAILQ_FOREACH(t, &tabs, entry) + if (is_g_object_setting(G_OBJECT(t->settings), + "enable-display-of-insecure-content")) { + g_object_set(G_OBJECT(t->settings), + "enable-display-of-insecure-content", + allow_insecure_content, (char *)NULL); + webkit_web_view_set_settings(t->wv, t->settings); + } + return (0); +} + +int +set_allow_insecure_scripts(char *value) +{ + struct tab *t; + int tmp; + const char *errstr; + + if (value == NULL || strlen(value) == 0) + allow_insecure_scripts = XT_DS_ALLOW_INSECURE_SCRIPTS; + else { + tmp = strtonum(value, 0, 1, &errstr); + if (errstr) + return (-1); + allow_insecure_scripts = tmp; + } + TAILQ_FOREACH(t, &tabs, entry) + if (is_g_object_setting(G_OBJECT(t->settings), + "enable-running-of-insecure-content")) { + g_object_set(G_OBJECT(t->settings), + "enable-running-of-insecure-content", + allow_insecure_scripts, (char *)NULL); + webkit_web_view_set_settings(t->wv, t->settings); + } + return (0); +} + int set_auto_load_images(char *value) { diff --git a/xombrero.1 b/xombrero.1 index 3c0e735..d5dbd0e 100644 --- a/xombrero.1 +++ b/xombrero.1 @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 28 2012 $ +.Dd $Mdocdate: July 02 2012 $ .Dt XOMBRERO 1 .Os .Sh NAME @@ -979,6 +979,15 @@ the alias on the address bar is substituted. For example, if g,http://www.google.com/search?q=%s is defined as an alias, then the URL http://www.google.com/search?q=foo is loaded when navigating to "g foo". +.It Cm allow_insecure_content +If set, all content referenced by a page will be loaded. +If unset, encrypted pages will refuse to load content that is linked +from an insecure location. +.It Cm allow_insecure_scripts +If set, all scripts referenced by a page will be loaded and run using +the current javascript policy. +If unset, encrypted pages will refuse to run scripts that are linked +from an insecure location. .It Cm allow_volatile_cookies If set cookies are stored in the session cache but will be discarded once .Nm @@ -1021,6 +1030,8 @@ items. If a domain does not appear in the whitelists .Nm disallows cookies, Java Script and plugin execution. +If insecure web content or scripts are referenced by a secure website, +they will be blocked from loading or running. .Pp In .Pa kiosk diff --git a/xombrero.c b/xombrero.c index 98c1b23..ab03aef 100644 --- a/xombrero.c +++ b/xombrero.c @@ -6664,6 +6664,16 @@ setup_webkit(struct tab *t) "full-content-zoom", TRUE, (char *)NULL); g_object_set(G_OBJECT(t->settings), "auto-load-images", auto_load_images, (char *)NULL); + if (is_g_object_setting(G_OBJECT(t->settings), + "enable-display-of-insecure-content")) + g_object_set(G_OBJECT(t->settings), + "enable-display-of-insecure-content", + allow_insecure_content, (char *)NULL); + if (is_g_object_setting(G_OBJECT(t->settings), + "enable-running-of-insecure-content")) + g_object_set(G_OBJECT(t->settings), + "enable-running-of-insecure-content", + allow_insecure_scripts, (char *)NULL); webkit_web_view_set_settings(t->wv, t->settings); } diff --git a/xombrero.conf b/xombrero.conf index c9b81a4..859e146 100644 --- a/xombrero.conf +++ b/xombrero.conf @@ -243,6 +243,8 @@ # enable_localstorage = 1 # enable_plugins = 1 # enable_plugin_whitelist = 0 +# allow_insecure_content = 1 +# allow_insecure_scripts = 1 # The settings for "browser_mode = whitelist" are as follows: @@ -258,6 +260,8 @@ # enable_localstorage = 0 # enable_plugins = 0 # enable_plugin_whitelist = 1 +# allow_insecure_content = 0 +# allow_insecure_scripts = 0 ## diff --git a/xombrero.h b/xombrero.h index a1511e9..31b01bc 100644 --- a/xombrero.h +++ b/xombrero.h @@ -639,6 +639,8 @@ int command_mode(struct tab *, struct karg *); #define XT_DS_OOPS_FONT_NAME ("monospace normal 9") #define XT_DS_STATUSBAR_FONT_NAME ("monospace normal 9") #define XT_DS_TABBAR_FONT_NAME ("monospace normal 9") +#define XT_DS_ALLOW_INSECURE_CONTENT (TRUE) +#define XT_DS_ALLOW_INSECURE_SCRIPTS (TRUE) /* actions */ @@ -728,6 +730,7 @@ struct tab *get_current_tab(void); int resizetab(struct tab *, struct karg *); int cert_cmd(struct tab *, struct karg *); void focus_webview(struct tab *); +int is_g_object_setting(GObject *, char *); #define XT_DL_START (0) #define XT_DL_RESTART (1) @@ -814,6 +817,8 @@ extern char *referer_custom; extern int download_notifications; extern int warn_cert_changes; extern regex_t url_re; +extern int allow_insecure_content; +extern int allow_insecure_scripts; /* globals */ extern void (*os_init)(void); -- cgit 1.4.1-2-gfad0