SIGTRAP when clicking on sponsored Google search results with content blocking enabled

[lfos]

Version info: I am using the qutebrowser package on Arch Linux.

qutebrowser v3.1.0
Git commit: 
Backend: QtWebEngine 6.7, based on Chromium 118.0.5993.220 (from api)
Qt: 6.7.0

Does the bug happen if you start with --temp-basedir?: Yes.

Description: When clicking on a sponsored link in Google search results, qutebrowser crashes with SIGTRAP.

How to reproduce

1. Make sure that content.blocking.enabled is set to true. The issue cannot be reproduced if this setting is disabled.
2. Perform a search on google.com that yields a sponsored result.
3. Click on the sponsored search result and observe the crash.

Happy to try to enable debugging symbols and obtain a strack trace if needed.

[The-Compiler]

I cannot reproduce by doing:

qutebrowser --temp-basedir -s content.blocking.enabled true ':adblock-update' 'https://google.com/search?q=server+hosting'

and then clicking the first result leading to LeaseWeb. Can you?

If so, a stacktrace would be great indeed. If not, what's different?

[lfos]

I can reproduce the crash by running your command and clicking on the first sponsored link; it is, however, not a link leading to LeaseWeb, as my local search results differ.

Stack trace: https://gist.githubusercontent.com/lfos/1fc54348eb725e51fa74fc627f30863b/raw

Some debug symbols might be missing, please let me know if there's anything else that might be helpful to further debug.

[The-Compiler]

Relevant part:

#0  0x00007bc7be02f0b1 base::ImmediateCrash() (libQt6WebEngineCore.so.6 + 0x302f0b1)
#1  0x00007bc7be02f35b content::RenderFrameHostManager::GetSiteInstanceForNavigationRequest(content::NavigationRequest*, content::RenderFrameHostManager::IsSameSiteGetter&, content::BrowsingContextGroupSwap*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) (libQt6WebEngineCore.so.6 + 0x302f35b)
#2  0x00007bc7be0322b8 content::RenderFrameHostManager::GetFrameHostForNavigation(content::NavigationRequest*, content::BrowsingContextGroupSwap*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) (libQt6WebEngineCore.so.6 + 0x30322b8)
#3  0x00007bc7bdfa9d7b content::NavigationRequest::SelectFrameHostForOnRequestFailedInternal(bool, bool, absl::optional<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > const&) (libQt6WebEngineCore.so.6 + 0x2fa9d7b)
#4  0x00007bc7bdfacb59 content::NavigationRequest::OnRequestFailedInternal(network::URLLoaderCompletionStatus const&, bool, absl::optional<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > const&, bool) (libQt6WebEngineCore.so.6 + 0x2facb59)
#5  0x00007bc7bdfb3e02 non-virtual thunk to content::NavigationRequest::OnRequestFailed(network::URLLoaderCompletionStatus const&) (libQt6WebEngineCore.so.6 + 0x2fb3e02)
#6  0x00007bc7bf1b79a6 base::OnceCallback<void ()>::Run() && (libQt6WebEngineCore.so.6 + 0x41b79a6)
#7  0x00007bc7bf1d3cdb RunTask<base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*)::<lambda(perfetto::EventContext&)> > (libQt6WebEngineCore.so.6 + 0x41d3cdb)
#8  0x00007bc7bf1d46ee base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() (libQt6WebEngineCore.so.6 + 0x41d46ee)
#9  0x00007bc7bb0ef39d QtWebEngineCore::MessagePumpForUIQt::handleScheduledWork() (libQt6WebEngineCore.so.6 + 0xef39d)

Code is around here:

https://github.com/qt/qtwebengine-chromium/blob/b916ca00cc5222253ac5860c3e612ccf00d899c3/chromium/content/browser/renderer_host/render_frame_host_manager.cc#L4075-L4165

though I can't seem to find a call to `base::ImmediateCrash() in there.

I'm assuming there is no interesting information in the terminal from Chromium when this happens?

[The-Compiler]

Possibly related in some way: [QTBUG-108273] Failing CHECK in render_frame_host_manager.cc when reloading Instagram - Qt Bug Tracker

Could you make sure $DEBUGINFOD_URLS is set correctly and then run:

gdb -ex r --args python3 -m qutebrowser --temp-basedir -s content.blocking.enabled true ':adblock-update' 'https://google.com/search?q=server+hosting'

and (with debuginfod enabled in there if asked) see if you can get a better stacktrace that way?

[lfos]

Could you make sure $DEBUGINFOD_URLS is set correctly and then run:

gdb -ex r --args python3 -m qutebrowser --temp-basedir -s content.blocking.enabled true ':adblock-update' 'https://google.com/search?q=server+hosting'

and (with debuginfod enabled in there if asked) see if you can get a better stacktrace that way?

Sure: https://gist.githubusercontent.com/lfos/348b9a81c12a6faeb2a49fb160331492/raw

[The-Compiler]

Relevant part:

#0  0x00007fffe8e2f0b1 in base::ImmediateCrash () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/base/immediate_crash.h:146
#1  logging::CheckFailure () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/base/check.h:193
#2  content::RenderFrameHostManager::GetSiteInstanceForNavigation () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_manager.cc:2611
#3  0x00007fffe8e2f35b in content::RenderFrameHostManager::GetSiteInstanceForNavigationRequest () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_manager.cc:4154
#4  0x00007fffe8e322b8 in content::RenderFrameHostManager::GetFrameHostForNavigation () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_manager.cc:1542
#5  0x00007fffe8da9d7b in content::NavigationRequest::SelectFrameHostForOnRequestFailedInternal () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/navigation_request.cc:4680
#6  0x00007fffe8dacb59 in content::NavigationRequest::OnRequestFailedInternal () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/navigation_request.cc:4637
#7  0x00007fffe8db3e02 in non-virtual thunk to content::NavigationRequest::OnRequestFailed(network::URLLoaderCompletionStatus const&) () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/navigation_request.h:1393
#8  0x00007fffe9fb79a6 in base::OnceCallback<void ()>::Run() && () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/base/functional/callback.h:152

which boils it down to this CHECK failing:

https://github.com/qt/qtwebengine-chromium/blob/b916ca00cc5222253ac5860c3e612ccf00d899c3/chromium/content/browser/renderer_host/render_frame_host_manager.cc#L2611

No clue why, but doesn't look like anything qutebrowser can fix. I'll see if I can cook up a more minimal example to report this to Qt.

[lfos]

Thanks for the analysis! Do you have an idea how this could be related to content blocking? As I mentioned in my original bug report, the crashes only occur if content.blocking.enabled is set to true .

[The-Compiler]

The stacktrace points to OnRequestFailedInternal - so my best bet would be that it only triggers when a request is blocked. Perhaps some intermediary ad-service that is used in the links you see is blocked, but whatever I see is not.

Actually, could you copy the link (via right click -> copy link) and see if it also happens if you paste it here and click on it e.g. in the comment preview? If so, if you post the link, I might be able to reproduce with that.

[lfos]

Actually, could you copy the link (via right click -> copy link) and see if it also happens if you paste it here and click on it e.g. in the comment preview? If so, if you post the link, I might be able to reproduce with that.

Interesting question. Copying and inserting link doesn't result in a crash. Following that, I tested opening in a new tab and in a new window; neither of those seem to result in a crash either. The bug seems to only occur when I click the link to open it in the same tab.

[lfos]

Another observation: Even copying the exact www.googleadservices.com link from Google's sponsored search results to another website and opening in the same tab from there, I cannot reproduce the crash (and the destination is instead properly blocked), so the issue seems to be fairly specific to how clicks on Google ads are handled.

[bodograumann]

I have the same issue with an unsubscribe url that is routed through awstrack.me and urldefense.com. Opening the awstrack.me url directly does not cause the crash. So it might be related to the 302 response.

https://urldefense.com/v3/__https://s0l3x4tx.r.us-west-2.awstrack.me/L0/https:*2F*2Fcommunity.miro.com*2Funsubscribe*2FemailCampaigns/1/020100002s6mrgku-7qoobk07-rk60-vvqc-e2o3-8npvvit2tv80-000000/fpeMpQN6YztDpiJaOrhIk15Ma5c=374__;JSUlJQ!!Iy-eiNsJYb8-!TkYfIhrMLwDN8yLaV3I1Gq9cDqI40wHfJLaMZ9ZnTCHUDdo0XQXHy-x-Bs3DNXboM8I1ocBAZ2mH6BLTPqNbT-g$

[The-Compiler]

I'm afraid I still can't reproduce. I'm trying:

qutebrowser --temp-basedir  :adblock-update ':cmd-later 5s open https://urldefense.com/v3/__https://s0l3x4tx.r.us-west-2.awstrack.me/L0/https:*2F*2Fcommunity.miro.com*2Funsubscribe*2FemailCampaigns/1/020100002s6mrgku-7qoobk07-rk60-vvqc-e2o3-8npvvit2tv80-000000/fpeMpQN6YztDpiJaOrhIk15Ma5c=374__;JSUlJQ!!Iy-eiNsJYb8-!TkYfIhrMLwDN8yLaV3I1Gq9cDqI40wHfJLaMZ9ZnTCHUDdo0XQXHy-x-Bs3DNXboM8I1ocBAZ2mH6BLTPqNbT-g$'

which just takes me to a ERR_BLOCKED_BY_CLIENT Chromium error page, with QtWebEngine 6.7.0 on Archlinux.

[bodograumann]

Yeah sorry, I can't find a way to reproduce it right now either.
When I click the link in my e-mail in outlook 365, qutebrowser crashes reliably, but when I open the link through any other means, I get the "blocked" page 🤔

[The-Compiler]

Ah, that tidbit helped! Thanks to the university I teach at, I happen to have Outlook Web up and running - and indeed, pasting the link in there, doing a random change (to make sure to trigger whatever Microsoft does to mangle things even further), and then clicking it reproduces the issue...

13:52:26 DEBUG    sql        sql:run:361 REPLACE INTO CompletionHistory (url, title, last_atime) values(:url, :title, :last_atime)
13:52:26 DEBUG    sql        sql:run:365     {':url': 'https://outlook.office.com/mail/safelink.html?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fs0l3x4tx.r.us-west-2.awstrack.me%2FL0%2Fhttps%3A*2F*2Fcommunity.miro.com*2Funsubscribe*2FemailCampaigns%2F1%2F020100002s6mrgku-7qoobk07-rk60-vvqc-e2o3-8npvvit2tv80-000000%2FfpeMpQN6YztDpiJaOrhIk15Ma5c%3D374__%3BJSUlJQ%21%21Iy-eiNsJYb8-%21TkYfIhrMLwDN8yLaV3I1Gq9cDqI40wHfJLaMZ9ZnTCHUDdo0XQXHy-x-Bs3DNXboM8I1ocBAZ2mH6BLTPqNbT-g%24&locale=de-CH&wau=https%3A%2F%2FCHE01.safelinks.protection.outlook.com%2FGetUrlReputation&wid=00730A1A-3310-48BA-AB07-9EC288151649&corid=cd45c8aa-e4d2-d9cc-d275-b7a5b4832442&srcid=&appname=Microsoft+Outlook+Web+App&appver=20240503010.43&os=Linux+undefined&scdt=&pc=K1ayNq%252fIaqr3HJP6JHAzv9z0sCMOdOpG4FuD37nF5wQkYKbAeRiWEDTXMJUTneOhiyUs6Sn%252bNhepAX8PQl%252fmfHFur06s%252fJZ8%252fetZMnvsgTbtOdVoJUrClvcjIZ1uJxzoZERiCkpGI3e8xgyGq89qr%252bHsTuBMSdlLv2xpUvt2H4QkiNpysVM%252bsbhiNHAiaoXO0AczqAa6bYlKCybaAZyk6CTESPuqYGgLjrSyCDLqFeCK0eweHwOnRHEZOXaOzqq%252b0QkNhu5XEyRO7r5Sq2H7fmIvhqvsU6H%252bX4r7Hfx1%252fn%252bNUnkVhwKeInDcoZ47QPvsepiDz1h9st0A12gBe%252fBrMiiItrWZrsYnX%252bTWdQk%252fNGU%252fZXVt%252f4XZ3YMPMaghY8N3P9LXssnhnH9Nk%252bqmDcZo91WNepPqU9VMy2OXASZNoMJg2vjArKNzJ6cLevmx3GRf8a0i0IbuW1CFzHIqxT0rlIXMkUp2%252fApoCZCuZSydfIuSovXqXJHqgSGC2kDASwgNuYD%252bzd8yipC4ks7c14GiLoZArPm8ofquuoICmzv9IsUVVKoigGkcP2LtgzZSmBz9PigU4pYRaBqPr5hVhvSJgzdbF0K51MMAHrgmfCUtzPaqux%252bgDULHbwhd2hCrNHBtEofIPvYb0Hmf8efTjbJg8cCyMFwUpNXPjPTWexv44KUBrICxkoJ5iL8NuAz3ibAzUmpSLwlAkNfqwyNe3I3US3bM5asHYA5Ub7a6LJ%252fTDwfSYLUBgIF5K4hg9qDm00bgdvF9EM45ioFD21dy6ynNp%252bVOzKSgm56UeER%252blSU2slkp0veUE42NBkFn9UrtnJYmU%252fK8M8ewpqaUnQAg9HwXwh%252biBGu80QYcbNTuM80mFoWUAkTMbKaUKEsCYifELaaMLuZs0ofYmmYB3wooPe%252bsjza1yOGayDWF0xW8xKeV6l4SBZX%252b4Daf1Cr9NxoH%252bBavzCYL0UrrUvSazTgGGy3uSW7o2Dt4ZvechadHptUKkYp9KRpmVXIDbAtndWO%252bzPJFhyepwqwDtabiYCP8HUQY14EwM54p7l%252fagIZQr2k4Ja7Xqza%252bpiyKp%252bB2V6%252bKU8Qjsa61BvLwF6FMnF6d43YJjFEMSwPEYsAUe3AT8Q0RawW2ssTwHIZ2yz3rVl5cdaVkupRJM4JmGP1SEAUjUxKaSMxl4LKbR45PVvcKkU5LkJulnzeC7IGx1QntwdubyWFYKeoz0i9STnulRstP9rl%252fH1m0n0CeFGWPZkQKDLQZ%252fMfNK6sm0J1PZnln1t5kuzxjXQlnDwPRdvqhMLa%252fn6SmDFCC5YpSBfCXU748Ng3kgVIZHXRN2tQtxpDxRsG2sVOJrTrMZLDwsXEL%252ffZFjkqiJw%253d%253d%3B+expires%3DWed%2C+15+May+2024+11%3A51%3A46+GMT%3B+path%3D%2F%3B+SameSite%3DNone%3B+secure%3B+httponly&urlsrc=Body&msgdata=', ':title': '', ':last_atime': 1715601146}
13:52:26 DEBUG    signals    signalfilter:_filter_signals:72 emitting: cur_load_finished(True) (tab 2)
13:52:26 DEBUG    webview    browsertab:_set_load_status:1100 load status for <qutebrowser.browser.webengine.webenginetab.WebEngineTab tab_id=2 url='https://outlook.office.com/mail/safelink.html?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F…'>: LoadStatus.success_https
13:52:26 DEBUG    signals    signalfilter:_filter_signals:72 emitting: cur_load_status_changed(<LoadStatus.success_https: 3>) (tab 2)
13:52:26 DEBUG    signals    signalfilter:_filter_signals:72 emitting: cur_url_changed(PyQt6.QtCore.QUrl('https://outlook.office.com/mail/safelink.html?url=https://urldefense.com/v3/__https://s0l3x4tx.r.us-west-2.awstrack.me/L0/https:*2F*2Fcommunity.miro.com*2Funsubscribe*2FemailCampai…) (tab 2)
13:52:26 DEBUG    webview    tabbedbrowser:_on_title_changed:795 Changing title for idx 2 to 'Link wird überprüft'
13:52:26 DEBUG    webview    browsertab:_on_navigation_request:1158 navigation request: url https://che01.safelinks.protection.outlook.com/GetUrlReputation (current https://outlook.office.com/mail/safelink.html?url=https://urldefense.com/v3/__https://s0l3x4tx.r.us-west-2.awstrack.me/L0/https:*2F*2Fcommunity.miro.com*2Funsubscribe*2FemailCampaigns/1/020100002s6mrgku-7qoobk07-rk60-vvqc-e2o3-8npvvit2tv80-000000/fpeMpQN6YztDpiJaOrhIk15Ma5c=374__;JSUlJQ!!Iy-eiNsJYb8-!TkYfIhrMLwDN8yLaV3I1Gq9cDqI40wHfJLaMZ9ZnTCHUDdo0XQXHy-x-Bs3DNXboM8I1ocBAZ2mH6BLTPqNbT-g$&corid=cd45c8aa-e4d2-d9cc-d275-b7a5b4832442), type form_submitted, is_main_frame True
13:52:26 DEBUG    webview    webenginetab:_on_find_finished:212 Active search match: 0/0
13:52:26 DEBUG    signals    signalfilter:_filter_signals:72 emitting: cur_search_match_changed(SearchMatch(current=0, total=0)) (tab 2)
13:52:26 DEBUG    statusbar  searchmatch:set_match:30 Clearing search match text.
13:52:26 DEBUG    webview    browsertab:_set_load_status:1100 load status for <qutebrowser.browser.webengine.webenginetab.WebEngineTab tab_id=2 url='https://outlook.office.com/mail/safelink.html?url=https://urldefense.com/v3/__https://s0l3x4tx.r.us…'>: LoadStatus.loading
13:52:26 DEBUG    signals    signalfilter:_filter_signals:72 emitting: cur_load_status_changed(<LoadStatus.loading: 6>) (tab 2)
13:52:26 DEBUG    signals    signalfilter:_filter_signals:72 emitting: cur_load_started() (tab 2)
13:52:26 DEBUG    modes      modeman:leave:421 Ignoring leave request for KeyMode.insert (reason load started) as we're in mode KeyMode.normal
13:52:26 DEBUG    modes      tabbedbrowser:_leave_modes_on_load:775 Ignoring leave_on_load request due to setting.
13:52:27 DEBUG    webview    browsertab:_on_navigation_request:1158 navigation request: url https://urldefense.com/v3/__https://s0l3x4tx.r.us-west-2.awstrack.me/L0/https:*2F*2Fcommunity.miro.… (current https://outlook.office.com/mail/safelink.html?url=https://urldefense.com/v3/__https://s0l3x4tx.r.us-west-2.awstrack.me/L0/https:*2F*2Fcommunity.miro.com*2Funsubscribe*2FemailCampaigns/1/020100002s6mrgku-7qoobk07-rk60-vvqc-e2o3-8npvvit2tv80-000000/fpeMpQN6YztDpiJaOrhIk15Ma5c=374__;JSUlJQ!!Iy-eiNsJYb8-!TkYfIhrMLwDN8yLaV3I1Gq9cDqI40wHfJLaMZ9ZnTCHUDdo0XQXHy-x-Bs3DNXboM8I1ocBAZ2mH6BLTPqNbT-g$&corid=cd45c8aa-e4d2-d9cc-d275-b7a5b4832442), type redirect, is_main_frame True
13:52:27 DEBUG    webview    browsertab:_on_navigation_request:1158 navigation request: url https://s0l3x4tx.r.us-west-2.awstrack.me/L0/https:%2F%2Fcommunity.miro.com%2Funsubscribe%2FemailCam… (current https://outlook.office.com/mail/safelink.html?url=https://urldefense.com/v3/__https://s0l3x4tx.r.us-west-2.awstrack.me/L0/https:*2F*2Fcommunity.miro.com*2Funsubscribe*2FemailCampaigns/1/020100002s6mrgku-7qoobk07-rk60-vvqc-e2o3-8npvvit2tv80-000000/fpeMpQN6YztDpiJaOrhIk15Ma5c=374__;JSUlJQ!!Iy-eiNsJYb8-!TkYfIhrMLwDN8yLaV3I1Gq9cDqI40wHfJLaMZ9ZnTCHUDdo0XQXHy-x-Bs3DNXboM8I1ocBAZ2mH6BLTPqNbT-g$&corid=cd45c8aa-e4d2-d9cc-d275-b7a5b4832442), type redirect, is_main_frame True
13:52:27 DEBUG    network    braveadblock:filter_request:234 Request to https://s0l3x4tx.r.us-west-2.awstrack.me/L0/https:%2F%2Fcommunity.miro.com%2Funsubscribe%2FemailCampaigns/1/020100002s6mrgku-7qoobk07-rk60-vvqc-e2o3-8npvvit2tv80-000000/fpeMpQN6YztDpiJaOrhIk15Ma5c=374 blocked by ad blocker.
[1]    726230 trace trap (core dumped)  python -m qutebrowser --basedir /tmp/outlooktest --debug :adblock-update

And opening the giant Outlook safelinks URL also reproduces the issue directly. Though I have no idea how long it will stay valid. It has a fun URL-encoded base64-encoded cookie in there, but let's hope those aren't my Outlook access credentials or something.

So at this point, we have:

• Outlook safe mail stuff, redirects to
• urldefense.com stuff, whatever that is, redirects to
• awstrack.me, gets blocked
• (would redirect again to the actual page)

Maybe it only triggers if there is a (cross-origin) redirect to a (cross-origin) redirect to the actual page which is blocked?!

[The-Compiler]

I can't seem to make it crash outside of the Outlook safelinks thing, but no double redirect is necessary. Just blocking example.org, pasting https://example.org into a mail draft and ctrl-clicking it is enough.

C++ reproducer:

#include <QApplication>
#include <QtWebEngineWidgets>
#include <QtWebEngineCore>
#include <QUrl>

class Interceptor : public QWebEngineUrlRequestInterceptor {
public:
    void interceptRequest(QWebEngineUrlRequestInfo &info) override {
        if (info.requestUrl().host() == "example.org") {
            info.block(true);
        }
    }
};

int main(int argc, char *argv[]) {
    QApplication app(argc, argv);

    Interceptor interceptor;
    QWebEngineProfile::defaultProfile()->setUrlRequestInterceptor(&interceptor);

    QWebEngineView view;
    QObject::connect(view.page(), &QWebEnginePage::newWindowRequested, [&view](QWebEngineNewWindowRequest &request){ request.openIn(view.page()); });
    view.load(QUrl("https://outlook.office.com"));
    view.show();

    return app.exec();
}

QT += core webenginewidgets widgets
SOURCES += main.cpp

In a train right now so I don't have debugging symbols available, but will report this upstream as soon as I'm back to a stable connection.

[The-Compiler]

Upstream report: [QTBUG-125284] [REG 6.6 -> 6.7] Failing CHECK in content::RenderFrameHostManager::GetSiteInstanceForNavigation when blocking request and redirects - Qt Bug Tracker

And a Python reproducer:

import sys

from PyQt6.QtWebEngineWidgets import QWebEngineView
from PyQt6.QtWebEngineCore import QWebEngineProfile, QWebEngineUrlRequestInterceptor
from PyQt6.QtWidgets import QApplication
from PyQt6.QtCore import QUrl


class Interceptor(QWebEngineUrlRequestInterceptor):

    def interceptRequest(self, info):
        if info.requestUrl().host() == "example.org":
            info.block(True)


app = QApplication(sys.argv)

interceptor = Interceptor()
QWebEngineProfile.defaultProfile().setUrlRequestInterceptor(interceptor)
view = QWebEngineView()
view.page().newWindowRequested.connect(lambda request: request.openIn(view.page()))
view.load(QUrl("https://outlook.office.com"))
view.show()

app.exec()

Will need to think about whether a workaround with acceptNavigationRequest would be possible. I can think of something, but it might be quite hacky... Other than that, probably not much we could do about it.