Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package epiphany for openSUSE:Factory
checked in at 2021-12-21 22:05:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/epiphany (Old)
and /work/SRC/openSUSE:Factory/.epiphany.new.2520 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "epiphany"
Tue Dec 21 22:05:04 2021 rev:188 rq:941930 version:41.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/epiphany/epiphany.changes 2021-12-18
20:30:58.222266679 +0100
+++ /work/SRC/openSUSE:Factory/.epiphany.new.2520/epiphany.changes
2021-12-21 22:05:05.788394470 +0100
@@ -1,0 +2,7 @@
+Tue Dec 21 14:25:09 UTC 2021 - Bj??rn Lie <bjorn....@gmail.com>
+
+- Update to version 41.3:
+ + Fix Reload buttons on error pages.
+ + Fix delete button in about:applications.
+
+-------------------------------------------------------------------
Old:
----
epiphany-41.2.tar.xz
New:
----
epiphany-41.3.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ epiphany.spec ++++++
--- /var/tmp/diff_new_pack.gnwtet/_old 2021-12-21 22:05:06.444394796 +0100
+++ /var/tmp/diff_new_pack.gnwtet/_new 2021-12-21 22:05:06.448394798 +0100
@@ -17,7 +17,7 @@
Name: epiphany
-Version: 41.2
+Version: 41.3
Release: 0
Summary: GNOME Web Browser
License: GPL-3.0-or-later
++++++ epiphany-41.2.tar.xz -> epiphany-41.3.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/epiphany-41.2/NEWS new/epiphany-41.3/NEWS
--- old/epiphany-41.2/NEWS 2021-12-16 19:59:46.053856800 +0100
+++ new/epiphany-41.3/NEWS 2021-12-21 01:02:53.754972500 +0100
@@ -1,3 +1,9 @@
+41.3 - December 20, 2021
+========================
+
+ * Fix Reload buttons on error pages (!1050)
+ * Fix delete button in about:applications (!1050)
+
41.2 - December 16, 2021
========================
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/epiphany-41.2/data/org.gnome.Epiphany.appdata.xml.in.in
new/epiphany-41.3/data/org.gnome.Epiphany.appdata.xml.in.in
--- old/epiphany-41.2/data/org.gnome.Epiphany.appdata.xml.in.in 2021-12-16
19:59:46.054857000 +0100
+++ new/epiphany-41.3/data/org.gnome.Epiphany.appdata.xml.in.in 2021-12-21
01:02:53.755972600 +0100
@@ -48,6 +48,7 @@
<value key="Purism::form_factor">mobile</value>
</custom>
<releases>
+ <release date="2021-12-20" version="41.3"/>
<release date="2021-12-16" version="41.2"/>
<release date="2021-12-16" version="41.1"/>
<release date="2021-09-16" version="41.0"/>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/epiphany-41.2/embed/ephy-about-handler.c
new/epiphany-41.3/embed/ephy-about-handler.c
--- old/epiphany-41.2/embed/ephy-about-handler.c 2021-12-16
19:59:46.057857000 +0100
+++ new/epiphany-41.3/embed/ephy-about-handler.c 2021-12-21
01:02:53.757972700 +0100
@@ -264,37 +264,36 @@
for (p = applications; p; p = p->next) {
EphyWebApplication *app = (EphyWebApplication *)p->data;
- g_autofree char *html_encoded_id = NULL;
g_autofree char *encoded_icon_url = NULL;
g_autofree char *encoded_name = NULL;
g_autofree char *encoded_url = NULL;
g_autofree char *js_encoded_id = NULL;
- g_autofree char *encoded_install_date = NULL;
if (ephy_web_application_is_system (app))
continue;
- /* Most of these fields are untrusted. The web app suggests its own
title,
- * which gets used in the app ID and icon URL. The main URL could contain
- * anything. Install date is the only trusted field here in that it's
- * constructed by Epiphany, but it's a freeform string and we're encoding
- * everything else here anyway, so might as well encode this too.
+ /* Most of these fields are at least semi-trusted. The web app suggests
+ * its own title, which gets used in the app ID and icon URL, but it
ought
+ * to be safe because we validate that it is a valid component of a
+ * GApplication ID, which should not permit anything nasty. The icon URL
+ * could be changed by the user to something else after web app creation,
+ * though, so better not fully trust it. Then the app name and the main
+ * URL could contain contain anything at all, so those need to be encoded
+ * for sure. Install date should be fine because it's constructed by
+ * Epiphany.
*/
- html_encoded_id = ephy_encode_for_html_attribute (app->id);
encoded_icon_url = ephy_encode_for_html_attribute (app->icon_url);
encoded_name = ephy_encode_for_html_entity (app->name);
encoded_url = ephy_encode_for_html_entity (app->url);
- js_encoded_id = ephy_encode_for_javascript (app->id);
- encoded_install_date = ephy_encode_for_html_entity (app->install_date);
g_string_append_printf (data_str,
"<tbody><tr id =\"%s\">"
"<td class=\"icon\"><img width=64 height=64
src=\"file://%s\"></img></td>"
"<td class=\"data\"><div
class=\"appname\">%s</div><div class=\"appurl\">%s</div></td>"
"<td class=\"input\"><input type=\"button\"
value=\"%s\" onclick=\"deleteWebApp('%s');\"></td>"
"<td class=\"date\">%s <br />
%s</td></tr></tbody>",
- html_encoded_id, encoded_icon_url, encoded_name,
encoded_url, _("Delete"), js_encoded_id,
+ app->id, encoded_icon_url, encoded_name,
encoded_url, _("Delete"), app->id,
/* Note for translators: this refers to the
installation date. */
- _("Installed on:"), encoded_install_date);
+ _("Installed on:"), app->install_date);
}
g_string_append (data_str, "</table></div></body></html>");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/epiphany-41.2/embed/ephy-embed-shell.c
new/epiphany-41.3/embed/ephy-embed-shell.c
--- old/epiphany-41.2/embed/ephy-embed-shell.c 2021-12-16 19:59:46.058857000
+0100
+++ new/epiphany-41.3/embed/ephy-embed-shell.c 2021-12-21 01:02:53.758972600
+0100
@@ -78,6 +78,7 @@
WEB_VIEW_CREATED,
ALLOW_TLS_CERTIFICATE,
ALLOW_UNSAFE_BROWSING,
+ RELOAD_PAGE,
PASSWORD_FORM_FOCUSED,
LAST_SIGNAL
@@ -309,6 +310,17 @@
}
static void
+web_process_extension_reload_page_message_received_cb
(WebKitUserContentManager *manager,
+ WebKitJavascriptResult
*message,
+ EphyEmbedShell
*shell)
+{
+ guint64 page_id;
+
+ page_id = jsc_value_to_double (webkit_javascript_result_get_js_value
(message));
+ g_signal_emit (shell, signals[RELOAD_PAGE], 0, page_id);
+}
+
+static void
web_process_extension_unsafe_browsing_error_page_message_received_cb
(WebKitUserContentManager *manager,
WebKitJavascriptResult *message,
EphyEmbedShell *shell)
@@ -1170,6 +1182,23 @@
G_TYPE_UINT64);
/**
+ * EphyEmbedShell::reload-page:
+ * @shell: the #EphyEmbedShell
+ * @page_id: the identifier of the web page
+ *
+ * Emitted when the web process extension requests a view be reloaded.
+ * This is needed when window.location.reload() doesn't work properly,
+ * specifically after loading alternate HTML.
+ */
+ signals[RELOAD_PAGE] =
+ g_signal_new ("reload-page",
+ EPHY_TYPE_EMBED_SHELL,
+ G_SIGNAL_RUN_FIRST,
+ 0, NULL, NULL, NULL,
+ G_TYPE_NONE, 1,
+ G_TYPE_UINT64);
+
+ /**
* EphyEmbedShell::password-form-focused
* @shell: the #EphyEmbedShell
* @page_id: the identifier of the web page
@@ -1407,6 +1436,7 @@
EphyEmbedShellPrivate *priv = ephy_embed_shell_get_instance_private (shell);
/* User content manager */
+ /* FIXME: See https://gitlab.gnome.org/GNOME/epiphany/-/issues/1664 */
webkit_user_content_manager_register_script_message_handler_in_world (ucm,
"overview",
priv->guid);
@@ -1421,6 +1451,12 @@
shell, 0);
webkit_user_content_manager_register_script_message_handler (ucm,
+ "reloadPage");
+ g_signal_connect_object (ucm, "script-message-received::reloadPage",
+ G_CALLBACK
(web_process_extension_reload_page_message_received_cb),
+ shell, 0);
+
+ webkit_user_content_manager_register_script_message_handler (ucm,
"unsafeBrowsingErrorPage");
g_signal_connect_object (ucm,
"script-message-received::unsafeBrowsingErrorPage",
G_CALLBACK
(web_process_extension_unsafe_browsing_error_page_message_received_cb),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/epiphany-41.2/embed/ephy-web-view.c
new/epiphany-41.3/embed/ephy-web-view.c
--- old/epiphany-41.2/embed/ephy-web-view.c 2021-12-16 19:59:46.061857000
+0100
+++ new/epiphany-41.3/embed/ephy-web-view.c 2021-12-21 01:02:53.761972700
+0100
@@ -670,6 +670,17 @@
}
static void
+reload_page_cb (EphyEmbedShell *shell,
+ guint64 page_id,
+ EphyWebView *view)
+{
+ if (webkit_web_view_get_page_id (WEBKIT_WEB_VIEW (view)) != page_id)
+ return;
+
+ webkit_web_view_reload (WEBKIT_WEB_VIEW (view));
+}
+
+static void
_ephy_web_view_set_is_blank (EphyWebView *view,
gboolean is_blank)
{
@@ -1845,20 +1856,20 @@
* strings. Everywhere, but also here on the error pages in particular. */
static void
-format_network_error_page (const char *uri,
- const char *origin,
- const char *reason,
- char **page_title,
- char **message_title,
- char **message_body,
- char **message_details,
- char **button_label,
- char **button_action,
- const char **button_accesskey,
- const char **icon_name,
- const char **style)
+format_network_error_page (EphyWebView *view,
+ const char *uri,
+ const char *origin,
+ const char *reason,
+ char **page_title,
+ char **message_title,
+ char **message_body,
+ char **message_details,
+ char **button_label,
+ char **button_action,
+ const char **button_accesskey,
+ const char **icon_name,
+ const char **style)
{
- g_autofree char *encoded_uri = NULL;
g_autofree char *encoded_origin = NULL;
g_autofree char *formatted_origin = NULL;
g_autofree char *formatted_reason = NULL;
@@ -1894,8 +1905,8 @@
/* The button on the network error page. DO NOT ADD MNEMONICS HERE. */
*button_label = g_strdup (_("Reload"));
- encoded_uri = ephy_encode_for_javascript (uri);
- *button_action = g_strdup_printf ("window.location = '%s';", encoded_uri);
+ *button_action = g_strdup_printf
("window.webkit.messageHandlers.reloadPage.postMessage(%" G_GUINT64_FORMAT ");",
+ webkit_web_view_get_page_id
(WEBKIT_WEB_VIEW (view)));
/* Mnemonic for the Reload button on browser error pages. */
*button_accesskey = C_("reload-access-key", "R");
@@ -1904,18 +1915,18 @@
}
static void
-format_crash_error_page (const char *uri,
- char **page_title,
- char **message_title,
- char **message_body,
- char **button_label,
- char **button_action,
- const char **button_accesskey,
- const char **icon_name,
- const char **style)
+format_crash_error_page (EphyWebView *view,
+ const char *uri,
+ char **page_title,
+ char **message_title,
+ char **message_body,
+ char **button_label,
+ char **button_action,
+ const char **button_accesskey,
+ const char **icon_name,
+ const char **style)
{
- g_autofree char *html_encoded_uri = NULL;
- g_autofree char *js_encoded_uri = NULL;
+ g_autofree char *encoded_uri = NULL;
g_autofree char *formatted_uri = NULL;
g_autofree char *formatted_distributor = NULL;
g_autofree char *first_paragraph = NULL;
@@ -1927,8 +1938,8 @@
/* Message title when a site cannot be loaded due to a page crash error. */
*message_title = g_strdup (_("Oops! There may be a problem"));
- html_encoded_uri = ephy_encode_for_html_entity (uri);
- formatted_uri = g_strdup_printf ("<strong>%s</strong>", html_encoded_uri);
+ encoded_uri = ephy_encode_for_html_entity (uri);
+ formatted_uri = g_strdup_printf ("<strong>%s</strong>", encoded_uri);
/* Error details when a site cannot be loaded due to a page crash error. */
first_paragraph = g_strdup_printf (_("The page %s may have caused Web to "
"close unexpectedly."),
@@ -1947,8 +1958,8 @@
/* The button on the page crash error page. DO NOT ADD MNEMONICS HERE. */
*button_label = g_strdup (_("Reload"));
- js_encoded_uri = ephy_encode_for_javascript (uri);
- *button_action = g_strdup_printf ("window.location = '%s';", js_encoded_uri);
+ *button_action = g_strdup_printf
("window.webkit.messageHandlers.reloadPage.postMessage(%" G_GUINT64_FORMAT ");",
+ webkit_web_view_get_page_id
(WEBKIT_WEB_VIEW (view)));
/* Mnemonic for the Reload button on browser error pages. */
*button_accesskey = C_("reload-access-key", "R");
@@ -1957,17 +1968,17 @@
}
static void
-format_process_crash_error_page (const char *uri,
- char **page_title,
- char **message_title,
- char **message_body,
- char **button_label,
- char **button_action,
- const char **button_accesskey,
- const char **icon_name,
- const char **style)
+format_process_crash_error_page (EphyWebView *view,
+ const char *uri,
+ char **page_title,
+ char **message_title,
+ char **message_body,
+ char **button_label,
+ char **button_action,
+ const char **button_accesskey,
+ const char **icon_name,
+ const char **style)
{
- g_autofree char *encoded_uri = NULL;
const char *first_paragraph;
/* Page title when a site cannot be loaded due to a process crash error. */
@@ -1983,8 +1994,8 @@
/* The button on the process crash error page. DO NOT ADD MNEMONICS HERE. */
*button_label = g_strdup (_("Reload"));
- encoded_uri = ephy_encode_for_javascript (uri);
- *button_action = g_strdup_printf ("window.location = '%s';", encoded_uri);
+ *button_action = g_strdup_printf
("window.webkit.messageHandlers.reloadPage.postMessage(%" G_GUINT64_FORMAT ");",
+ webkit_web_view_get_page_id
(WEBKIT_WEB_VIEW (view)));
/* Mnemonic for the Reload button on browser error pages. */
*button_accesskey = C_("reload-access-key", "R");
@@ -1993,17 +2004,17 @@
}
static void
-format_unresponsive_process_error_page (const char *uri,
- char **page_title,
- char **message_title,
- char **message_body,
- char **button_label,
- char **button_action,
- const char **button_accesskey,
- const char **icon_name,
- const char **style)
+format_unresponsive_process_error_page (EphyWebView *view,
+ const char *uri,
+ char **page_title,
+ char **message_title,
+ char **message_body,
+ char **button_label,
+ char **button_action,
+ const char **button_accesskey,
+ const char **icon_name,
+ const char **style)
{
- g_autofree char *encoded_uri = NULL;
const char *first_paragraph;
/* Page title when web content has become unresponsive. */
@@ -2019,8 +2030,8 @@
/* The button on the unresponsive process error page. DO NOT ADD MNEMONICS
HERE. */
*button_label = g_strdup (_("Reload"));
- encoded_uri = ephy_encode_for_javascript (uri);
- *button_action = g_strdup_printf ("window.location = '%s';", encoded_uri);
+ *button_action = g_strdup_printf
("window.webkit.messageHandlers.reloadPage.postMessage(%" G_GUINT64_FORMAT ");",
+ webkit_web_view_get_page_id
(WEBKIT_WEB_VIEW (view)));
/* Mnemonic for the Reload button on browser error pages. */
*button_accesskey = C_("reload-access-key", "R");
@@ -2274,7 +2285,8 @@
switch (page) {
case EPHY_WEB_VIEW_ERROR_PAGE_NETWORK_ERROR:
- format_network_error_page (uri,
+ format_network_error_page (view,
+ uri,
origin,
reason,
&page_title,
@@ -2288,7 +2300,8 @@
&style);
break;
case EPHY_WEB_VIEW_ERROR_PAGE_CRASH:
- format_crash_error_page (uri,
+ format_crash_error_page (view,
+ uri,
&page_title,
&msg_title,
&msg_body,
@@ -2299,7 +2312,8 @@
&style);
break;
case EPHY_WEB_VIEW_ERROR_PROCESS_CRASH:
- format_process_crash_error_page (uri,
+ format_process_crash_error_page (view,
+ uri,
&page_title,
&msg_title,
&msg_body,
@@ -2310,7 +2324,8 @@
&style);
break;
case EPHY_WEB_VIEW_ERROR_UNRESPONSIVE_PROCESS:
- format_unresponsive_process_error_page (uri,
+ format_unresponsive_process_error_page (view,
+ uri,
&page_title,
&msg_title,
&msg_body,
@@ -4053,6 +4068,10 @@
g_signal_connect_object (shell, "allow-unsafe-browsing",
G_CALLBACK (allow_unsafe_browsing_cb),
web_view, 0);
+
+ g_signal_connect_object (shell, "reload-page",
+ G_CALLBACK (reload_page_cb),
+ web_view, 0);
}
static void
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/epiphany-41.2/lib/ephy-output-encoding.c
new/epiphany-41.3/lib/ephy-output-encoding.c
--- old/epiphany-41.2/lib/ephy-output-encoding.c 2021-12-16
19:59:46.081857400 +0100
+++ new/epiphany-41.3/lib/ephy-output-encoding.c 2021-12-21
01:02:53.780973200 +0100
@@ -38,9 +38,8 @@
return g_string_free (str, FALSE);
}
-static char *
-encode_all_except_alnum (const char *input,
- const char *format)
+char *
+ephy_encode_for_html_attribute (const char *input)
{
GString *str;
const char *c = input;
@@ -54,21 +53,9 @@
if (g_unichar_isalnum (u))
g_string_append_unichar (str, u);
else
- g_string_append_printf (str, format, u);
+ g_string_append_printf (str, "&#x%02x;", u);
c = g_utf8_next_char (c);
} while (*c);
return g_string_free (str, FALSE);
}
-
-char *
-ephy_encode_for_html_attribute (const char *input)
-{
- return encode_all_except_alnum (input, "&#x%02x;");
-}
-
-char *
-ephy_encode_for_javascript (const char *input)
-{
- return encode_all_except_alnum (input, "\\u%04u;");
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/epiphany-41.2/lib/ephy-output-encoding.h
new/epiphany-41.3/lib/ephy-output-encoding.h
--- old/epiphany-41.2/lib/ephy-output-encoding.h 2021-12-16
19:59:46.081857400 +0100
+++ new/epiphany-41.3/lib/ephy-output-encoding.h 2021-12-21
01:02:53.780973200 +0100
@@ -29,10 +29,13 @@
*
* You must *carefully* read that document to safely inject untrusted data into
* web content. Here be dragons.
+ *
+ * If tempted to inject untrusted content into JavaScript, then also review:
+ *
https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html
+ * and consider not doing that.
*/
char *ephy_encode_for_html_entity (const char *input);
char *ephy_encode_for_html_attribute (const char *input);
-char *ephy_encode_for_javascript (const char *input);
G_END_DECLS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/epiphany-41.2/meson.build
new/epiphany-41.3/meson.build
--- old/epiphany-41.2/meson.build 2021-12-16 19:59:46.089857800 +0100
+++ new/epiphany-41.3/meson.build 2021-12-21 01:02:53.791973400 +0100
@@ -1,6 +1,6 @@
project('epiphany', 'c',
license: 'GPL3+',
- version: '41.2',
+ version: '41.3',
meson_version: '>= 0.51.0',
default_options: ['c_std=gnu11',
'warning_level=2']
