Help/QtWebEngine: Prevent remote content

Showing remote content adds security implications Change-Id: I0b5672d9c814b55aca05ea8a28da4f5e0e9f42fd Reviewed-by: hjk <hjk@qt.io>
2019-09-13 15:18:02 +02:00
parent 6b31f9cf23
commit 8d3e4c03f0
3 changed files with 67 additions and 3 deletions
--- a/src/plugins/help/webenginehelpviewer.h
+++ b/src/plugins/help/webenginehelpviewer.h
@@ -27,6 +27,7 @@

 #include "helpviewer.h"

+#include <QWebEngineUrlRequestInterceptor>
 #include <QWebEngineUrlSchemeHandler>
 #include <QWebEngineView>

@@ -42,10 +43,22 @@ public:
    void requestStarted(QWebEngineUrlRequestJob *job) override;
 };

+class HelpUrlRequestInterceptor : public QWebEngineUrlRequestInterceptor
+{
+public:
+    explicit HelpUrlRequestInterceptor(QObject *parent = nullptr);
+    void interceptRequest(QWebEngineUrlRequestInfo &info) override;
+};
+
 class WebEngineHelpPage : public QWebEnginePage
 {
 public:
    explicit WebEngineHelpPage(QObject *parent = nullptr);
+
+protected:
+    bool acceptNavigationRequest(const QUrl &url,
+                                 QWebEnginePage::NavigationType type,
+                                 bool isMainFrame) override;
 };

 class WebView : public QWebEngineView