[Webkit-unassigned] [Bug 113663] Missing APIs in webkit2gtk (compared to webkit1)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 22 18:22:17 PDT 2013


https://bugs.webkit.org/show_bug.cgi?id=113663





--- Comment #10 from Ben Boeckel <mathstuf at gmail.com>  2013-08-22 18:21:44 PST ---
>   - unsetting security policies for schemes (though an API like WebKit1 with enum flags rather than an array of functions would be better anyways);

Looking at WebCore itself, there isn't an API to do this[1]. I've filed Bug #120190 for this.

I do see, however, some missing security policies from the GTK bindings. Are there specific reasons each shouldn't be allowed?

  - setDomainRelaxationForbiddenForURLScheme (no docs; not sure exactly what it does)
  - canDisplayOnlyIfCanRequest (seems useful as another adblock mechanism?)
  - registerURLSchemeAsNotAllowingJavascriptURLs (block JS for non-secure schemes?)
  - registerURLSchemeAsAllowingLocalStorageAccessInPrivateBrowsing (nice for things like uzbl: protocol?)
  - registerURLSchemeAsAllowingDatabaseAccessInPrivateBrowsing (same as ...LocalStorage... (WebKit symbols sure are wordy...))
  - registerURLSchemeAsBypassingContentSecurityPolicy (I wonder if uzbl could inject its JS under the uzbl-internal: protocol and then set this to get access to the page without reciprocal action)
  - shouldCacheResponsesFromURLSchemeIndefinitely (might be useful for bandwidth-constrained systems?)

[1]The WebKit1 bindings in webkit_set_security_policy_for_uri_scheme() are also faked and don't unset anything, only set them :/ .

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list