Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct
Can I enable XSS?
-
I am experimenting with QWebView. One of the requirements I have is so it could send AJAX requests to other hosts. I.e. the page from my server may need to access web services from other domain. Is it possible?
It looks like I need to work with "QWebSecurityOrigin":http://doc.qt.nokia.com/4.6/qwebsecurityorigin.html - but I don't really understand how to do that...
-
Looks like this is not possible without recompiling Qt. Original setting is in WebCore::Settings::setWebSecurityEnabled(bool)
I tried forward declaring it all the way but it doesn't seem that those symbols are available to linker.
-
Isn't it enough to disable the XSS auditor (QWebSettings::XSSAuditorEnabled)? Otherwise you are welcome to make a patch to expose a WebCore::settings via QWebSettings; you'll find how to contribute here: "http://trac.webkit.org/wiki/QtWebKit":http://trac.webkit.org/wiki/QtWebKit
[edit: fixed link / $chetankjain]
-
Finally I built Qt from Git. XSSAuditorEnabled is not a property I need - I tried it. This is a separate flag - see this "bugreport":https://bugs.webkit.org/show_bug.cgi?id=45436 I opened.
-
I commented on the bug report. That should not be a problem to have this in QtWebKit since you have a business case and a patch.
