qutebrowser/qutebrowser

Added

• Support for the bundled sip module in PyQt 5.11 and other changes in
  Qt/PyQt 5.11.x.
• New --debug-flag log-requests to log requests to the debug log for
  debugging.
• New --first flag for :hint (bound to gi for inputs) which automatically
  selects the first hint.
• New input.escape_quits_reporter setting which can be used to avoid
  accidentally quitting the crash reporter when pressing escape.
• New qute-lastpass userscript which uses the LastPass CLI to fill passwords.
• The Makefile now installs a /usr/share/metainfo/qutebrowser.appdata.xml file.
• QtWebEngine: Support for printing from webpages via window.print.
• QtWebEngine: Support for muting tabs:
  • New {audio} field for window.title_format and tabs.title.format which
    displays [M]/[A] for muted/recently audible tabs.
  • New :tab-mute command (bound to <Alt-m>) to mute/unmute a tab.
• QtWebEngine: Support for content.cookies.accept with third-party cookies
  blocked by default (requires Qt 5.11).
• QtWebEngine: New settings:
  • Support for requesting persistent storage via
    navigator.webkitPersistentStorage.requestQuota with a new
    content.persistent_storage setting (requires Qt 5.11).
    This setting also supports URL patterns.
  • Support for registering custom protocol handlers via
    navigator.registerProtocolHandler with a new
    content.register_protocol_handler setting (requires Qt 5.11).
    This setting also supports URL patterns.
  • Support for WebRTC screen sharing with a new content.desktop_capture
    setting (requires Qt 5.10).
    This setting also supports URL patterns.
  • New content.autoplay setting to enable/disable automatic video playback
    (requires Qt 5.10).
  • New content.webrtc_public_interfaces_only setting to only expose public
    interfaces over WebRTC (requires Qt 5.9.2 or 5.11).
  • New content.canvas_reading setting to disable reading from canvas
    elements.

Changed

• The following settings now support URL patterns:
  • content.headers.do_not_track
  • content.headers.custom
  • content.headers.accept_language
  • content.headers.user_agent
  • content.ssl_strict
  • content.geolocation
  • content.notifications
  • content.media_capture
• The Windows/macOS releases now bundle Qt 5.11.1 which is based on
  Chromium 65.0.3325.151 with security fixes up to Chromium 67.0.3396.87.
• New short flags for commandline arguments: -B and -T for --basedir and
  --temp-basedir; -d and -D for --debug and --debug-flag.
• Deleting history items via :history-clear or :completion-item-del now
  also removes that URL from QtWebEngine's visited links.
• There's now completion for commands taking a variable count of arguments
  (like :config-cycle).
• QtWebEngine: On Qt 5.11.1, no reloads are needed anymore when switching
  between pages with changed settings (e.g. content.javascript.enabled).
• The qt.force_software_rendering setting changed from a boolean to taking
  different values (software-opengl, qt-quick and chromium) for different
  kinds of software rendering workarounds.
• On Qt 5.11, using wayland with QtWebEngine is now possible when using
  software rendering.
• GreaseMonkey scripts now get their own global scope (based on the page's
  one), which allows scripts like OneeChan to work.
• Rapid hinting is now supported with the yank and yank-primary targets,
  copying newline-separated links.
• QtWebEngine: On Qt 5.11, the developer tools (inspector) can now be used
  securely and without requiring the --enable-webengine-inspector option.
• The <Enter> key (:follow-selected) now follows the currently focused
  element if there's no selection.
• The --logfilter argument now can be prepended with an exclamation mark
  (e.g. --logfilter '!init,destroy') to invert the filter.
• :view-source now has a --pygments flag which uses the "old" way of
  rendering sources even with QtWebEngine.
• Improved error messages when a setting needs a newer Qt version.
• QtWebEngine: Various improvements to make the cursor more visible in caret
  browsing.
• When a prompt is opened in insert/passthrough mode, the mode is restored
  after closing the prompt.
• On Qt 5.10 or newer, dictionaries are now read from the qutebrowser data
  directory (e.g. ~/.local/share/qutebrowser) instead of /usr/share/qt.
  Existing dictionaries are copied over.
• If an error while parsing ~/.netrc occurs, the cause of the error is now
  logged.
• On Qt 5.9 or newer, certificate errors now show Chromium's detailed error
  page.
• Greasemonkey scripts now support a "@qute-js-world" tag to run them in a
  different JavaScript context.

Fixed

• Various subtle keyboard focus issues.
• The security fix in v1.3.3 caused URLs with ampersands
  (www.example.com?one=1&two=2) to send the wrong arguments when clicked on
  the qute://history page.
• Crash when opening a PDF page with PDF.js enabled (on QtWebKit), but no
  PDF.js installed.
• Crash when closing a tab shortly after opening it.

Removed

• No prebuilt binaries for 32-bit Windows are supplied anymore. This is due to
  Qt removing QtWebEngine support for those upstream. It might be possible to
  distribute 32-bit binaries again with Qt 5.12 in December, but that will only
  happen if it turns out enough people actually need 32-bit support.
• :tab-detach which has been deprecated in v1.1.0 has been removed.
• The content.developer_extras setting got removed. On QtWebKit, developer
  extras are now automatically enabled when opening the inspector.

Security

• An XSS vulnerability on the qute://history page allowed websites to inject
  HTML into the page via a crafted title tag. This could allow them to steal
  your browsing history. If you're currently unable to upgrade, avoid using
  :history. A CVE request for this issue is pending, see #4011 for updates.

Fixed

• Crash in a workaround for a Qt 5.11 bug in rare circumstances.
• Workaround for a Qt bug which preserves searches between page loads.
• In v1.3.2 a dependency on the PyQt5.QtQuickWidgets module was accidentally
  introduced. Since that module isn't packaged everywhere, it's been removed
  again.

Fixed

• QtWebEngine: Improved workaround for a bug in Qt 5.11 where only the
  top/bottom half of the window is used.
• QtWebEngine: Work around a bug in Qt 5.11 where an endless loading-loop is
  triggered when clicking a link with an unknown scheme.
• QtWebEngine: When switching between pages with changed settings, less
  unnecessary reloads are done now.
• QtWebEngine: It's now possible to open external links such as magnet:// or
  mailto: via hints.

Fixed

• Work around a bug in Qt 5.11 where only the top/bottom half of the window is used.
  This workaround is incomplete, but fixes the majority of the cases where this happens.
• Work around keyboard focus issues with Qt 5.11.
• Work around an issue in Qt 5.11 where e.g. activating JavaScript per-domain
  needed a manual reload in some cases.
• Don't crash when a ² key is pressed (e.g. on AZERTY keyboards).
• Don't crash when a tab is opened and quickly closed again.

Added

• New :scroll-to-anchor command to scroll to an anchor in the document.
• New url.open_base_url option to open the base URL of a searchengine when no
  search term is given.
• New tabs.min_width setting to configure the minimal width for tabs.
• New userscripts:
  • getbib to download bibtex information for DOIs on a page.
  • qute-keepass to get passwords from KeePassX.

Changed

• QtWebEngine: Support for JavaScript Shared Web Workers have been disabled on
  Qt versions older than 5.11 because of security issues in in Chromium.
  You can get the same effect in earlier versions via
  :set qt.args ['disable-shared-workers']. An equivalent workaround is also
  contained in Qt 5.9.5 and 5.10.1.
• The file dialog for downloads now has basic tab completion based on the
  entered text.
• :version now shows OS information for POSIX OS other than Linux/macOS.
• When there's an error inserting the text from an external editor, a backup
  file is now saved.
• The window.hide_wayland_decoration setting got renamed to
  window.hide_decoration and now also works outside of wayland.
• The tabs.favicons.show setting now can take three values: 'always' (was
  True), 'never' (was False) and 'pinned' (to only show favicons for
  pinned tabs).
• Hover tooltips on tabs now always show the webpage's title.
• The default value for content.host_blocking.lists was changed to only
  include https://github.com/StevenBlack/hosts[Steven Black's hosts-list] which
  combines various sources.
• Error messages when trying to wrap when tabs.wrap is False are now logged
  to debug instead of messages.

Fixed

• Using hints before a page is fully loaded is now possible again.
• Selecting hints with the number keypad now works again.
• Tab titles for tabs loaded from sessions should now really be correct instead
  of showing the URL.
• Loading URLs with customized settings from a session now avoids an additional
  reload.
• The window icon and title now get set correctly again.
• The tabs.switching_delay setting now has a correct maximum value limit set.
• The taskadd script now works properly when there's multi-line output.
• QtWebEngine: Worked around issues with GreaseMonkey/stylesheets not being
  loaded correctly in some situations.
• The statusbar now more closely reflects the caret mode state.
• The icon on Windows should now be displayed in a higher resolution.
• The QtWebEngine development tools (inspector) now also work when JavaScript is
  disabled globally.
• Building .exe files now works when upx is installed on the system.
• The keyhint widget now shows the correct text for chained modifiers.
• Loading GreaseMonkey scripts now also works with Jinja2 2.8 (e.g. on Debian
  Stable).
• Adding styles with GreaseMonkey on fast sites now works properly.
• Window ID 0 is now excluded properly from :tab-take completion.
• A rare crash when cancelling a download has been fixed.
• The Makefile (intended for packagers) now supports PREFIX properly.
• The workaround for a black window with Nvidia graphics is now enabled on
  non-Linux systems (like FreeBSD) as well.
• Initial support for Qt 5.11.
• Checking for a new version after sending a crash report now works properly
  again.
• @match in Greasemonkey scripts now more closely matches the proper pattern
  syntax.
• Searching via / or ? now doesn't handle any characters in a special way.
• Fixed crash when trying to retry some failed downloads on QtWebEngine.
• An invalid spellcheck dictionary filename now doesn't crash anymore.
• When no spellcheck dictionaries are configured, it's now disabled internally.
  This works around an issue with entering special characters on Facebook
  messenger.
• The macOS release now should work again on macOS 10.11 and newer.

Fixed

• qutebrowser now starts properly when the PyQt5 QOpenGLFunctions package wasn't
  found.
• The keybinding cheatsheet on the quickstart page is now loaded from a local
  qute:// URL again.
• With "tox -e mkvenv-pypi", PyQt 5.10.0 is used again instead of Qt 5.10.1,
  because of an issue with Qt 5.10.1 which causes qutebrowser to fail to start
  ("Could not find QtWebEngineProcess").
• Unbinding keys which were bound in older qutebrowser versions now doesn't
  crash anymore.
• Fixed a crash when reloading a page which wasn't fully loaded with v1.2.0
• Keys on the numeric keypad now fall back to the same bindings without Num+
  if no Num+ binding was found.
• Fixed hinting on some pages with Qt < 5.10.
• Titles are now displayed correctly again for tabs which are cloned or loaded
  from sessions.
• Shortcuts now correctly use Ctrl instead of Command on macOS again.

Added

• Initial implementation of per-domain settings:
  • :set and :config-cycle now have a -u/--pattern argument taking a
    URL match pattern
    for supported settings.
  • config.set in config.py now takes a third argument which is the pattern.
  • New with config.pattern('...') as p: context manager for config.py to
    use the shorthand syntax with a pattern.
  • New tsh keybinding to toggle scripts for the current host. With a capital
    S, the toggle is saved. With a capital H, subdomains are included. With
    u instead of h, the exact current URL is used.
  • New tph keybinding to toggle plugins, with the same additional binding
    described above.
• New QtWebEngine features:
  • Caret/visual mode
  • Authentication via ~/.netrc
  • Retrying downloads with Qt 5.10 or newer
  • Hinting and other features inside same-origin frames
• New flags for existing commands:
  • :session-load has a new --delete flag which deletes the
    session after loading it.
  • New --no-last flag for :tab-focus to not focus the last tab when focusing
    the currently focused one.
  • New --edit flag for :view-source to open the source in an external editor.
  • New --select flag for :follow-hint which acts like the given string was entered but doesn't necessary follow the hint.
• New special pages:
  • qute://bindings (opened via :bind) which shows all keybindings.
  • qute://tabs (opened via :buffer) which lists all tabs.
• New settings:
  • statusbar.widgets to configure which widgets should be shown in which
    order in the statusbar.
  • tabs.mode_on_change which replaces tabs.persist_mode_on_change. It can
    now be set to restore which remembers input modes (input/passthrough)
    per tab.
  • input.insert_mode.auto_enter which makes it possible to disable entering
    insert mode automatically when an editable element was clicked. Together
    with input.forward_unbound_keys, this should allow for emacs-like
    "modeless" keybindings.
• New :prompt-yank command (bound to Alt-y by default) to yank URLs
  referenced in prompts.
• The hostblock_blame script which was removed in v1.0 was updated for the new
  config and re-added.
• New cycle-inputs.js script in scripts/ which can be used with :jseval -f
  to cycle through inputs.

Changed

• Complete refactoring of key input handling, with various effects:
  • emacs-like keychains such as <Ctrl-X><Ctrl-C> can now be bound.
  • Key chains can now be bound in any mode (this allows binding unused keys in
    hint mode).
  • Yes/no prompts don't use keybindings from the prompt section anymore, they
    have their own yesno section instead.
  • Trying to bind invalid keys now shows an error.
  • The bindings.default setting can now only be set in a config.py, and
    existing values in autoconfig.yml are ignored.
• Improvements for GreaseMonkey support:
  • @include and @exclude now support regex matches. With QtWebEngine and Qt
    5.8 and newer, Qt handles the matching, but similar functionality will be
    added in Qt 5.11.
  • Support for @requires
  • Support for the GreaseMonkey 4.0 API
• The sqlite history now uses write-ahead logging which should be
  a performance and stability improvement.
• When an editor is spawned with :open-editor and :config-edit, the changes
  are now applied as soon as the file is saved in the editor.
• The hist_importer.py script now only imports URL schemes qutebrowser can
  handle.
• Deleting a prefix (:, / or ?) via backspace now leaves command mode.
• Angular 1 elements and <summary>/<details> now get hints assigned.
• :tab-only with pinned tabs now still closes unpinned tabs.
• The url.incdec_segments option now also can take port as possible segment.
• QtWebEngine: :view-source now uses Chromium's view-source: scheme.
• Tabs now show their full title as tooltip.
• When there are multiple unknown keys in a autoconfig.yml, they now all get
  reported in one error.
• More performance improvements when opening/closing many tabs.
• The :version page now has a button to pastebin the information.
• Replacements like {url} can now be escaped as {{url}}.

Fixed

• QtWebEngine bugfixes:
  • Improved fullscreen handling with Qt 5.10.
  • Hinting and scrolling now works properly on special view-source: pages.
  • Scroll positions are now restored correctly from sessions.
  • :follow-selected should now work in more cases with Qt > 5.10.
  • Incremental search now flickers less and doesn't move to the second result
    when pressing Enter.
  • Keys like Ctrl-V or Shift-Insert are now correctly handled/filtered with
    Qt 5.10.
  • Fixed hangs/segfaults on exit with Qt 5.10.1.
  • Fixed favicons sometimes getting cleared with Qt 5.10.
  • Qt download objects are now cleaned up properly when a download is removed.
  • JavaScript messages are now not double-HTML escaped anymore on Qt < 5.11
• QtWebKit bugfixes:
  • Fixed GreaseMonkey-related crashes.
  • :view-source now displays a valid URL.
• URLs containing ampersands and other special chars are now shown correctly
  when filtering them in the completion.
• :bookmark-add "" foo can now be used to save the current URL with a custom
  title.
• :spawn -o now waits until the process has finished before trying to show the
  output. Previously, it incorrectly showed the previous output immediately.
• Suspended pages now should always load the correct page when being un-suspended.
• Exception types are now shown properly with :config-source and :config-edit.
• When using :bookmark-add --toggle, bookmarks are now saved properly.
• Crash when opening an invalid URL from an application on macOS.
• Crash with an empty completion.timestamp_format.
• Crash when completion.min_chars is set in some cases.
• HTML/JS resource files are now read into RAM on start to avoid crashes when
  changing qutebrowser versions while it's open.
• Setting bindings.key_mappings to an empty value is now allowed.
• Bindings to an empty commands are now ignored rather than crashing.

Removed

• QUTE_SELECTED_HTML is now not set for userscripts anymore except when called
  via hints.
• The qutebrowser_viewsource userscript has been removed as
  :view-source --edit can now be used.
• The tabs.persist_mode_on_change setting has been removed and replaced by
  tabs.mode_on_change.

Changed

• Windows/macOS releases now bundle Qt 5.10.1 which includes security fixes from
  Chromium up to version 64.0.3282.140.

Fixed

• QtWebEngine: Crash with Qt 5.10.1 when using :undo on some tabs.
• Compatibility with Python 3.7

Fixed

• The Makefile now actually works.
• Fixed crashes with Qt 5.10 when closing a tab before it finished loading.