On 7/20/22 10:29, Kevin Kofler via devel wrote: > Demi Marie Obenour wrote: >> I can’t help with maintenance, but I honestly wonder if some of >> these programs could be modified to shell out to a browser subprocess. > > That is not a reasonable solution. Those applications need embedded HTML in > the UI, not a separate browser window. And it does not help at all if the > browser that is shelled out to itself uses QtWebEngine. Indeed so :(. I really wish Chromium supported embedding natively. >> Even if Fedora shipped QtWebEngine releases the day they were tagged >> in git, this would still not be enough for security. Not when upstream >> itself is lagging so badly. > > But it would be better than now where we are sitting on dozens of security > fixes, some of them critical, for 3+ MONTHS! Yes, it would be. >> I also wonder if some features of QtWebEngine, such as the V8 JIT >> compiler or even scripting as a whole, ought to be proactively >> disabled. > > -1 to that from me as the maintainer of Falkon. It would completely break > Falkon. Hardly any website these days works without JavaScript > (unfortunately). What advantage does Falkon have over upstream Chromium? Serious question. >> There is absolutely no reason for KMail to be running untrusted scripts, >> and disabling them mitigates many if not most vulnerabilities. > > KMail can (and, I believe, already does) disable JavaScript in its HTML > views. I feel like QtWebEngine should only be used when the scripts being run are trusted. -- Sincerely, Demi Marie Obenour (she/her/hers) _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
