From 38836de4e12349e1a507d7564b8222d55709f528 Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Fri, 27 Jul 2018 22:02:44 +0530
Subject: [PATCH] Make a webengine utils module

---
 src/calibre/gui2/tweak_book/preview.py | 26 +++-------------
 src/calibre/gui2/tweak_book/reports.py |  3 +-
 src/calibre/gui2/webengine.py          | 42 ++++++++++++++++++++++++++
 3 files changed, 48 insertions(+), 23 deletions(-)
 create mode 100644 src/calibre/gui2/webengine.py

diff --git a/src/calibre/gui2/tweak_book/preview.py b/src/calibre/gui2/tweak_book/preview.py
index c7a545e850..4aad61454d 100644
--- a/src/calibre/gui2/tweak_book/preview.py
+++ b/src/calibre/gui2/tweak_book/preview.py
@@ -17,8 +17,8 @@ from functools import partial
 from threading import Thread
 
 from PyQt5.Qt import (
-    QApplication, QBuffer, QByteArray, QFile, QIcon, QMenu, QSize, QTimer, QToolBar, QObject,
-    QUrl, QVBoxLayout, QWidget, pyqtSignal, pyqtSlot
+    QApplication, QBuffer, QByteArray, QFile, QIcon, QMenu, QObject, QSize, QTimer,
+    QToolBar, QUrl, QVBoxLayout, QWidget, pyqtSignal, pyqtSlot
 )
 from PyQt5.QtWebChannel import QWebChannel
 from PyQt5.QtWebEngineCore import QWebEngineUrlSchemeHandler
@@ -32,8 +32,9 @@ from calibre.constants import (
 )
 from calibre.ebooks.oeb.base import OEB_DOCS, XHTML_MIME, serialize
 from calibre.ebooks.oeb.polish.parsing import parse
-from calibre.gui2 import NO_URL_FORMATTING, error_dialog, open_url, secure_webengine
+from calibre.gui2 import NO_URL_FORMATTING, error_dialog, open_url
 from calibre.gui2.tweak_book import TOP, actions, current_container, editors, tprefs
+from calibre.gui2.webengine import create_script, insert_scripts, secure_webengine
 from calibre.gui2.widgets2 import HistoryLineEdit2
 from calibre.utils.ipc.simple_worker import offload_worker
 from polyglot.builtins import native_string_type, unicode_type
@@ -250,25 +251,6 @@ def uniq(vals):
     return tuple(x for x in vals if x not in seen and not seen_add(x))
 
 
-def insert_scripts(profile, *scripts):
-    sc = profile.scripts()
-    for script in scripts:
-        for existing in sc.findScripts(script.name()):
-            sc.remove(existing)
-    for script in scripts:
-        sc.insert(script)
-
-
-def create_script(name, src, world=QWebEngineScript.ApplicationWorld, injection_point=QWebEngineScript.DocumentReady, on_subframes=True):
-    script = QWebEngineScript()
-    script.setSourceCode(src)
-    script.setName(name)
-    script.setWorldId(world)
-    script.setInjectionPoint(injection_point)
-    script.setRunsOnSubFrames(on_subframes)
-    return script
-
-
 def create_profile():
     ans = getattr(create_profile, 'ans', None)
     if ans is None:
diff --git a/src/calibre/gui2/tweak_book/reports.py b/src/calibre/gui2/tweak_book/reports.py
index cbff594bb1..c1e921389f 100644
--- a/src/calibre/gui2/tweak_book/reports.py
+++ b/src/calibre/gui2/tweak_book/reports.py
@@ -28,7 +28,8 @@ from calibre.constants import DEBUG
 from calibre.ebooks.oeb.polish.report import (
     gather_data, CSSEntry, CSSFileMatch, MatchLocation, ClassEntry,
     ClassFileMatch, ClassElement, CSSRule, LinkLocation)
-from calibre.gui2 import error_dialog, question_dialog, choose_save_file, open_url, secure_webengine
+from calibre.gui2 import error_dialog, question_dialog, choose_save_file, open_url
+from calibre.gui2.webengine import secure_webengine
 from calibre.gui2.tweak_book import current_container, tprefs, dictionaries
 from calibre.gui2.tweak_book.widgets import Dialog
 from calibre.gui2.progress_indicator import ProgressIndicator
diff --git a/src/calibre/gui2/webengine.py b/src/calibre/gui2/webengine.py
new file mode 100644
index 0000000000..94dcb20158
--- /dev/null
+++ b/src/calibre/gui2/webengine.py
@@ -0,0 +1,42 @@
+#!/usr/bin/env python2
+# vim:fileencoding=utf-8
+# License: GPL v3 Copyright: 2018, Kovid Goyal <kovid at kovidgoyal.net>
+
+from __future__ import absolute_import, division, print_function, unicode_literals
+
+from PyQt5.QtWebEngineWidgets import QWebEngineScript
+
+
+def secure_webengine(view_or_page_or_settings, for_viewer=False):
+    s = view_or_page_or_settings.settings() if hasattr(
+        view_or_page_or_settings, 'settings') else view_or_page_or_settings
+    a = s.setAttribute
+    a(s.PluginsEnabled, False)
+    if not for_viewer:
+        a(s.JavascriptEnabled, False)
+        s.setUnknownUrlSchemePolicy(s.DisallowUnknownUrlSchemes)
+    a(s.JavascriptCanOpenWindows, False)
+    a(s.JavascriptCanAccessClipboard, False)
+    # ensure javascript cannot read from local files
+    a(s.LocalContentCanAccessFileUrls, False)
+    a(s.AllowWindowActivationFromJavaScript, False)
+    return s
+
+
+def insert_scripts(profile, *scripts):
+    sc = profile.scripts()
+    for script in scripts:
+        for existing in sc.findScripts(script.name()):
+            sc.remove(existing)
+    for script in scripts:
+        sc.insert(script)
+
+
+def create_script(name, src, world=QWebEngineScript.ApplicationWorld, injection_point=QWebEngineScript.DocumentReady, on_subframes=True):
+    script = QWebEngineScript()
+    script.setSourceCode(src)
+    script.setName(name)
+    script.setWorldId(world)
+    script.setInjectionPoint(injection_point)
+    script.setRunsOnSubFrames(on_subframes)
+    return script