|
Ever since we moved to QWebEngine, we have used settings to try to prevent bad epubs from doing bad things. This includes carefully unpacking zip archives that have been maliciously crafted. We allowed the user to disable book level javascript. We tried to prevent book level javascript from accessing remote resources, and file:/// level urls by disabling them in settings, etc.
So right now using Qt 5.12.x on Windows and macOS,we should be reasonably safe. But a recent change in Qt 5.15 will require us to re-enable javascript accessing file:/// urls. As Kovid, rightly pointed out, that is less safe than what we had before, and that we should do something about that.
The options appear to be limited.
1. We can change Sigil to create and internally use our own url scheme/protocol, as Calibre does. And in that way filter out any bad accesseses
2. Or we can create a QWebInterceptor class that would pretty much do the same thing but without requiring a new scheme and registering it.
But I had hoped for a simpler solution using acceptNavigationRequest but it is too limited to do what we need.
So yes, once javascript was allowed in epub3, and we had the tools to separate book javascript from Sigil javascript, we have tried to protect the user where we could.
This is just an unexpected Qt 5.15 change, that has made security harder not easier for our case.
No worries for current Sigil on Qt 5.12.x, just something we will have to fix for advanced Arch Linux users who have already moved to Qt 5.15.
|