Qt Forum

    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Unsolved

    Can I enable XSS?

    Qt WebKit
    2
    5
    4139
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zzhou last edited by

      I am experimenting with QWebView. One of the requirements I have is so it could send AJAX requests to other hosts. I.e. the page from my server may need to access web services from other domain. Is it possible?

      It looks like I need to work with "QWebSecurityOrigin":http://doc.qt.nokia.com/4.6/qwebsecurityorigin.html - but I don't really understand how to do that...

      1 Reply Last reply Reply Quote 0
      • Z
        zzhou last edited by

        Looks like this is not possible without recompiling Qt. Original setting is in WebCore::Settings::setWebSecurityEnabled(bool)

        I tried forward declaring it all the way but it doesn't seem that those symbols are available to linker.

        1 Reply Last reply Reply Quote 0
        • B
          benjamin.poulain last edited by

          Isn't it enough to disable the XSS auditor (QWebSettings::XSSAuditorEnabled)? Otherwise you are welcome to make a patch to expose a WebCore::settings via QWebSettings; you'll find how to contribute here: "http://trac.webkit.org/wiki/QtWebKit":http://trac.webkit.org/wiki/QtWebKit

          [edit: fixed link / $chetankjain]

          1 Reply Last reply Reply Quote 0
          • Z
            zzhou last edited by

            Finally I built Qt from Git. XSSAuditorEnabled is not a property I need - I tried it. This is a separate flag - see this "bugreport":https://bugs.webkit.org/show_bug.cgi?id=45436 I opened.

            1 Reply Last reply Reply Quote 0
            • B
              benjamin.poulain last edited by

              I commented on the bug report. That should not be a problem to have this in QtWebKit since you have a business case and a patch.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post