26.06.2019, 11:13, "Eike Ziller" <eike.zil...@qt.io>: > I agree with Thiago that this also requires WebKit to be updated with > security fixes. It will potentially show downloaded content from anywhere, > and it’s not nice if someone can offer a malicious qch, using known security > issues in WebKit. And with JavaScript etcetera the “attack area” is much > larger than actually necessary for browsing documentation.
Note that it's possible to disable JavaScript completely at run time, reducing attack surface. > We also either need to be able to register a scheme handler for qthelp, or > use a local server for the help. > Also, WebView can use the “platform” API, but on Linux there is none. So we > need an implementation on Linux based on one of the other options in any case. As well as implementation for Windows. -- Regards, Konstantin _______________________________________________ Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development
