diff options
| author | Moss Heim <moss.heim@qt.io> | 2024-10-29 11:59:08 +0100 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2024-11-04 11:47:56 +0100 |
| commit | f9165faf225166acdc5316c76b427609190e6242 (patch) | |
| tree | 9f43fcca24e31e33fbaf1684f5af55cb28055dc2 /src/webenginequick/api/qquickwebenginesettings.cpp | |
| parent | 1d269dbc37357459decc617b09d8b5d3a651917c (diff) | |
Correct behavior of JavscriptCanAccessClipboard
Previously, sanitized clipboard writes were only enabled with
JavascriptCanPaste AND JavascriptCanAccessClipboard enabled. This broke
backward compatibility with code that expected it to only be enabled by
JavascriptCanAccessClipboard.
This compatibility is now restored. In the permission manager, all
writes and reads are still controlled by ClipboardReadWrite.
Pick-to: 6.8
Fixes: QTBUG-130599
Change-Id: I03dc2ea739782e475faacc0900804708c37763cc
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'src/webenginequick/api/qquickwebenginesettings.cpp')
| -rw-r--r-- | src/webenginequick/api/qquickwebenginesettings.cpp | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/webenginequick/api/qquickwebenginesettings.cpp b/src/webenginequick/api/qquickwebenginesettings.cpp index 0cdb86b2b..29bf0f93e 100644 --- a/src/webenginequick/api/qquickwebenginesettings.cpp +++ b/src/webenginequick/api/qquickwebenginesettings.cpp @@ -71,11 +71,14 @@ bool QQuickWebEngineSettings::javascriptCanOpenWindows() const /*! \qmlproperty bool WebEngineSettings::javascriptCanAccessClipboard - Allows JavaScript programs to read from or write to the clipboard. - Writing to the clipboard is always allowed if it is specifically requested by the user. + Allows JavaScript programs to write (copy) sanitized content to the clipboard. A + sanitized write is done with the \c{write} and \c{writeText} JavaScript Clipboard API + calls and must be accompanied by user action. - To enable also the pasting of clipboard content from JavaScript, - use javascriptCanPaste. + Unsanitized writes, and reading from the clipboard, are + enabled by \l{javascriptCanPaste}. + + Prior to Chromium version 81, this setting enabled all clipboard writes. Since unrestricted clipboard access is a potential security concern, it is recommended that applications leave this disabled and instead respond to @@ -382,8 +385,13 @@ bool QQuickWebEngineSettings::webRTCPublicInterfacesOnly() const \qmlproperty bool WebEngineSettings::javascriptCanPaste \since QtWebEngine 1.7 - Enables JavaScript \c{execCommand("paste")}. - This also requires enabling javascriptCanAccessClipboard. + Allows JavaScript programs to read (paste) from the clipboard and to write unsanitized + content. A sanitized write is done with the \c{write} and \c{writeText} JavaScript + Clipboard API calls and must be accompanied by user action; unsanitized writes are any + writes which do not meet these criteria. + + For this setting to have any effect, \l{javascriptCanAccessClipboard} must also be + enabled. Since unrestricted clipboard access is a potential security concern, it is recommended that applications leave this disabled and instead respond to |