Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-50686

QWebSettings::LocalContentCanAccessRemoteUrls not working with audio tags

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 6.2.4, 6.3.0 Beta1, 6.4.0 FF
    • 5.10.0, 5.11, 6.2.0
    • WebEngine
    • None
    • Windows, Macintosh, and Linux
    • Linux/X11, macOS, Windows

    Description

      Security issue where QWebSettings::LocalContentCanAccessRemoteUrls when set to false is not stopping remote url access with audio tags. I have not trioed video tags but they may not work as well.

      See code to recreate in attachment:

      Attachments

        For Gerrit Dashboard: QTBUG-50686
        # Subject Branch Project Status CR V
        223496,3 For local origins CanDisplay should be treated as CanRequest 65-based qt/qtwebengine-chromium Status: MERGED +2 0
        375662,1 WIP: Try blocking local CORS from media elements 90-based qt/qtwebengine-chromium Status: ABANDONED 0 0
        392944,1 Try blocking local CORS from media elements 94-based qt/qtwebengine-chromium Status: ABANDONED 0 0
        392996,3 Add test for blocking of remote content dev qt/qtwebengine Status: MERGED +2 0
        395946,3 Add test for blocking of remote content 6.3 qt/qtwebengine Status: MERGED +2 0
        395947,3 Add test for blocking of remote content 6.2 qt/qtwebengine Status: MERGED +2 0

        Activity

          People

            qt_webengine_team Qt WebEngine Team
            kevinhendricks Kevin B. Hendricks
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes