Can I enable XSS?
-
wrote on 14 Aug 2010, 05:31 last edited by
I am experimenting with QWebView. One of the requirements I have is so it could send AJAX requests to other hosts. I.e. the page from my server may need to access web services from other domain. Is it possible?
It looks like I need to work with "QWebSecurityOrigin":http://doc.qt.nokia.com/4.6/qwebsecurityorigin.html - but I don't really understand how to do that...
-
wrote on 17 Aug 2010, 17:45 last edited by
Looks like this is not possible without recompiling Qt. Original setting is in WebCore::Settings::setWebSecurityEnabled(bool)
I tried forward declaring it all the way but it doesn't seem that those symbols are available to linker.
-
wrote on 27 Aug 2010, 13:02 last edited by
Isn't it enough to disable the XSS auditor (QWebSettings::XSSAuditorEnabled)? Otherwise you are welcome to make a patch to expose a WebCore::settings via QWebSettings; you'll find how to contribute here: "http://trac.webkit.org/wiki/QtWebKit":http://trac.webkit.org/wiki/QtWebKit
[edit: fixed link / $chetankjain]
-
wrote on 9 Sept 2010, 16:23 last edited by
Finally I built Qt from Git. XSSAuditorEnabled is not a property I need - I tried it. This is a separate flag - see this "bugreport":https://bugs.webkit.org/show_bug.cgi?id=45436 I opened.
-
wrote on 9 Sept 2010, 20:03 last edited by
I commented on the bug report. That should not be a problem to have this in QtWebKit since you have a business case and a patch.