06-10-2020, 01:09 PM | #46 | |
Sigil Developer
Posts: 7,647
Karma: 5433388
Join Date: Nov 2009
Device: many
|
Argh!
Will fix asap. Thanks ... Quote:
|
|
06-10-2020, 01:17 PM | #47 |
Sigil Developer
Posts: 7,647
Karma: 5433388
Join Date: Nov 2009
Device: many
|
Just pushed typo fix (impacts Qt 5.13.x and later). Sorry about that. We do not have a travis or appveyor ci build for that version of Qt (yet!).
|
Advert | |
|
06-10-2020, 02:00 PM | #48 |
Guru
Posts: 692
Karma: 2180740
Join Date: Jan 2017
Location: Poland
Device: Misc
|
Windows 10 1909 + Qt 5.12.7
* Works OK. Linux Arch + Qt 5.15.0 * No images in Preview * No stylesheets in Preview [errors in console: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME] * No dark theme on most interface. |
06-10-2020, 02:09 PM | #49 |
Sigil Developer
Posts: 7,647
Karma: 5433388
Join Date: Nov 2009
Device: many
|
Wow not good! For Linux can you run it with gdb and report the qDebug() output here.
Thanks, Kevin |
06-10-2020, 02:27 PM | #50 |
Sigil Developer
Posts: 7,647
Karma: 5433388
Join Date: Nov 2009
Device: many
|
We do not create any requests or schemes in the RequestInterceptor. We just block them.
Please verify that in your build, MainWindow.cpp has LocalFileCanAccessFileUrls set to true here: https://github.com/Sigil-Ebook/Sigil...ndow.cpp#L4292 Or perhaps try a clean checkout and build on Linux as new files were added so the CMakeLists.txt has changed. Last edited by KevinH; 06-10-2020 at 02:29 PM. |
Advert | |
|
06-10-2020, 02:30 PM | #51 | |
Grand Sorcerer
Posts: 27,552
Karma: 193191846
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
Quote:
I've got a fix for the hardcoded sigil dark theme. I'll push it after we get the functional problems fixed. In the meantime, Sigil will honor any desktop dark theme (qt5ct- or kvantum- enablex) if you unset FORCE_SIGIL_DARKMODE_PALETTE. Last edited by DiapDealer; 06-10-2020 at 02:45 PM. |
|
06-10-2020, 02:44 PM | #52 |
Grand Sorcerer
Posts: 27,552
Karma: 193191846
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
Everything seems to be working fine for me on Arch with Qt5.15.0 and Kevin's latest changes, at first glance. Images load (in both ImageTabs and Preview), css is applied, mathml javascript is injected/loaded. Tons of new debug output. The above mentioned dark them issue is still present, but that's expected for now. I'll fix that cosmetic issue later.
@KevinH do you have a way for me to test whether the interceptor is blocking stuff it should? Becky may not have built from the same source where she pulled the new commits to?? Not sure. Last edited by DiapDealer; 06-10-2020 at 02:47 PM. |
06-10-2020, 02:47 PM | #53 |
Guru
Posts: 692
Karma: 2180740
Join Date: Jan 2017
Location: Poland
Device: Misc
|
Totally clean fresh clone from github.
I will repeat the build in a moment. LocalFileCanAccessFileUrls is true |
06-10-2020, 02:51 PM | #54 | |
Sigil Developer
Posts: 7,647
Karma: 5433388
Join Date: Nov 2009
Device: many
|
Thanks, that is good to know.
The debug output includes the url that generated the request (party), the url requested (destination url), nav type or resource type info, method (GET or POST), etc. It should also correctly show the path (normally in tmp) to the current epub, the mathjax folder and the user css folder. We can use that to verify if the file: url is allowed or not. Did they debug output seem to be okay? Quote:
|
|
06-10-2020, 02:54 PM | #55 |
Sigil Developer
Posts: 7,647
Karma: 5433388
Join Date: Nov 2009
Device: many
|
I will try to create an epub with a src link to try to access a file (img) in my local directory and it should fail.
Perhaps I can try something in javascript as well. |
06-10-2020, 03:03 PM | #56 |
Sigil Developer
Posts: 7,647
Karma: 5433388
Join Date: Nov 2009
Device: many
|
Okay, here is one easy test...
1. Did a screen capture and renamed it to test.png and put it on my Desktop 2. Fired up Sigil and got the empty epub 3. added this line to the xhtml < img src="file:///Users/kbhend/Desktop/test.png" /> in the debug log, I can see the request to load it but it will not load. |
06-10-2020, 03:05 PM | #57 |
Grand Sorcerer
Posts: 27,552
Karma: 193191846
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
That's what I was wondering, too.
The debug output looks appropriate to me on Arch with 5.15.0 when loading fonts, images, css, mathjax, etc... No errors/warnings in the inspector console about unknown url schemes. |
06-10-2020, 03:08 PM | #58 |
Ex-Helpdesk Junkie
Posts: 19,422
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
FWIW my sigil-git development package is available on the Arch Linux AUR and trivializes the process of building sigil from the latest github code. I've even rebuilt it just now for the latest changes, and uploaded the results to https://wiki.archlinux.org/index.php...ries#eschwartz
Debug symbols are included if you install sigil-git-debug in addition to sigil-git. |
06-10-2020, 03:09 PM | #59 |
Sigil Developer
Posts: 7,647
Karma: 5433388
Join Date: Nov 2009
Device: many
|
Then I edited main.cpp to disable adding the URLInterceptor and tried the test case again. Without the interceptor, the Desktop test.png was successfully loaded.
So it does appear to provide some protection! |
06-10-2020, 03:13 PM | #60 |
Sigil Developer
Posts: 7,647
Karma: 5433388
Join Date: Nov 2009
Device: many
|
I think javascript has a hard time accessing local files without an api, but it could easily create a hidden tag with a src field pointed at something and take the data and upload it.
With this Interceptor in place, this should not happen as easily anymore. |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Kindle PW3 5.9.6.1 ssh broken pipe leaves broken ssh | xception | Kindle Developer's Corner | 8 | 01-27-2019 10:23 AM |
Broken PRS-505; any place to buy chrome bottom piece? Or anyone with broken 505? | erikk | Sony Reader | 1 | 12-09-2009 06:51 PM |
Broken Ipod works Fine! except that its broken | Andybaby | Lounge | 1 | 06-04-2009 02:03 AM |
Broken | jeffoest | Sony Reader | 57 | 12-11-2007 03:15 PM |
is it broken ? | markiehill | Sony Reader | 5 | 02-15-2007 08:53 AM |