Qutebrowser

Added

- Initial support for Qt 5.14.
- New `content.site_specific_quirks` setting which enables workarounds for
websites with broken user agent parsing (enabled by default, see the "Fixed"
section for fixed websites).
- New `qt.force_platformtheme` setting to force Qt to use a given platform
theme.
- New `tabs.tooltips` setting which can be used to disable hover tooltips for
tabs.
- New settings to configure the appearance of context menus:
- `fonts.contextmenu`
- `colors.contextmenu.menu.bg`
- `colors.contextmenu.menu.fg`
- `colors.contextmenu.selected.bg`
- `colors.contextmenu.selected.fg`

Changed

- The macOS binaries now require macOS 10.13 High Sierra or newer. Support for
macOS 10.12 Sierra has been dropped.
- The `content.headers.user_agent` setting now is a format string with the
default value resembling the behavior of it being set to null before.
This slightly changes the sent user agent for QtWebKit: Instead of mentioning
qutebrowser and its version it now mentions the Qt version.
- The `qute-pass` userscript now has a new `--extra-url-suffixes` (`-s`)
argument which passes extra URL suffixes to the tldextract library.
- A stack is now used for `:tab-focus last` rather than just saving one tab.
Additionally, `:tab-focus` now understands `stack-prev` and `stack-next`
arguments to traverse that stack.
- `:hint` now has a new `right-click` target which allows right-clicking
elements via hints.
- The Terminus font has been removed from the default monospace fonts since it
caused trouble with HighDPI setups. To get it back, add either
`"xos4 Terminus"` or `Terminus` (depending on fontconfig version) to the
beginning of the `fonts.monospace` setting.
- As a workaround for a Qt bug causing a segfault, desktop sharing is now
automatically rejected on Qt versions before 5.13.2. Note that screen sharing
still won't work on Linux before Qt 5.14.
- Comment lines in quickmarks/bookmarks files are now ignored. However, note that
qutebrowser will overwrite those files if bookmark/quickmark commands are used.
- Reopening PDF.js pages from e.g. a session file will now re-download and
display those PDFs.
- Improved behavior when using `:open-download` in a sandboxed environment (KDE
Flatpak).
- qutebrowser now enables the new PyQt exit scheme, which should result in
things being cleaned up more properly (e.g. cookies being saved even without
a timeout) on PyQt 5.13.1 and newer.
- The `:spawn` command has a new `-m` / `--output-messages` argument which
shows qutebrowser messages based on a command's standard output/error.
- Improved insert mode detection for some CodeMirror usages (e.g. in
JupyterLab and Jupyter Notebook).
- If JavaScript is disabled globally, `file://*` now doesn't automatically have
it enabled anymore. Run `:set -u file://* content.javascript.enabled true` to
restore the previous behavior.
- Settings with URL patterns can now be used to affect the behavior of the
QtWebEngine inspector. Note that the underlying URL is `chrome-devtools://*`
from Qt 5.11 to Qt 5.13, but `devtools://*` with Qt 5.14.
- Improvements when `tabs.tabs_are_windows` is set:
* Using `:tab-take` and `:tab-give` now shows an error, as the effect of
doing so would be equal to `:tab-clone`.
* The `:buffer` completion doesn't show any window sections anymore, only a
flat list of tabs.
- Improved parsing in some corner cases for the `QtFont` type (used for
`fonts.tabs` and `fonts.debug_console`).
- Performance improvements for the following areas:
* Adding settings with URL patterns
* Matching of settings using URL patterns

Fixed

- Downloads (e.g. via `:download`) now see the same user agent header as
webpages, which fixes cases where overly restrictive servers/WAFs closed the
connection before.
- `dictcli.py` now works correctly on Windows again.
- The logic for `:restart` has been revisited, which should fix issues with
relative basedirs.
- Remaining issues related to Python 3.8 are now fixed (mostly warnings,
especially on QtWebKit).
- Workaround for a Qt bug where a page never finishes loading with a
non-overridable TLS error (e.g. due to HSTS).
- The `qute://configdiff` page now doesn't show built-in settings (e.g.
javascript being enabled for `qute://` and `chrome://` pages) anymore.
- The `qute-lastpass` userscript now stops prompting for passwords when
cancelling the password input.
- The tab hover text now shows ampersands (&) correctly.
- With QtWebEngine and Qt >= 5.11, the inspector now shows its icons correctly
even if loading of images is disabled via the `content.images` setting.
- Entering a very long string (over 50k characters) in the completion used to
crash, now it shows an error message instead.
- Various improvements for URL/searchengine detection:
- Strings with a dot but with characters not allowed in a URL (e.g. an
underscore) are now not treated as URL anymore.
- Strings like "5/8" are now not treated as IP anymore.
- URLs with an explicit scheme and a space (%20) are correctly treated as
URLs.
- Mail addresses are now treated as search terms.
- With `url.open_base_url` set, searching for a search engine name now works.
- `url.open_base_url = True` together with `url.auto_search = 'never'` is now
handled correctly.
- Fixed crash when a search engine URL turns out to be invalid.
- New "site specific quirks", which work around some broken websites:
- WhatsApp Web
- Google Accounts
- Slack (with older QtWebEngine versions)
- Dell.com support pages (with Qt 5.7)
- Google Docs (fixes broken IME/compose key)

Fixed

- Segmentation fault introduced in v1.8.2 when a tab gets closed immediately
after it has finished loading (e.g. with certain login flows).

Changed

- Windows/macOS releases now ship with Qt 5.12.6. This includes security fixes
up to Chromium 77.0.3865.120 plus a security fix for CVE-2019-13720 from
Chromium 78.

Fixed

- Unbinding keys via `config.bind(key, None)` accidentally worked in
v1.7.0 but raises an exception in v1.8.0. It now works again, but is
deprecated and shows an error. Note that `:config-py-write` did write
such invalid lines before v1.8.0, so existing config files might need
adjustments.
- The `readability-js` userscript now handles encodings correctly (which it
didn't before for some websites).
- <Shift-Insert> can now be used to paste text starting with a hyphen.
- Following hints via the number keypad now works properly again.
- Errors while reading the state file are now displayed instead of causing a
crash.
- Crash when using `:debug-log-level` without a console attached.
- Downloads are now hidden properly when the browser is in fullscreen mode.
- Crash when setting `colors.webpage.bg` to an empty value with QtWebKit.
- Crash when the history database file is not a proper sqlite database.
- Workaround for missing/broken error pages on Debian.
- A deprecation warning (caused by pywin32) about the imp module on Windows is
now hidden.

- No code changes - this release only repackages the Windows/macOS
releases due to issues with the v1.8.0 release.
- Updated dependencies for Windows/macOS releases:
* macOS and Windows releases now ship with Qt/QtWebEngine 5.12.5. Those
are based on Chromium 69.0.3497.128 with security fixes up to Chromium
76.0.3809.87.
* Qt 5.13 couldn't be used yet due to various bugs in Qt 5.13.0 and .1.

**The Windows/macOS releases were pulled because of issues with the bundled Qt versions. Use the v1.8.1 release there instead.**

Added

- New userscripts:
* `readability-js` which uses Mozilla's node.js readability library.
* `qute-bitwarden` which integrates the Bitwarden CLI.

Changed

- Updated dependencies for Windows/macOS releases:
* macOS releases now ship with Qt 5.13.0 and QtWebEngine 5.13.1. Those are
based on Chromium 73.0.3683.105 with security fixes up to Chromium 76.0.3809.87.
* Windows releases now ship with Qt/QtWebEngine 5.12.5. Those are based on
Chromium 69.0.3497.128 with security fixes up to Chromium 76.0.3809.87.
* Those specific combinations were chosen due to various issues with newer Qt
releases. Hopefully, those will be unified again with Qt 5.13.2.
- The statusbar text for passthrough mode now shows all configured bindings to
leave the mode, not only one.
- When `:config-source` is used with a relative filename, the file is now
searched in the config directory instead of the current working directory.
- HTML5 inputs with date/time types now enter insert mode when selected.
- `dictcli.py` now shows where dictionaries are installed to and complains when
running it as root if doing so would result in a wrong installation path.
- The Makefile now can also run `setup.py build` when invoked without a target.
- Changes to userscripts:
* qute-pass: Don't run `pass` if only a username is requested.
* qute-pass: Support private domains like `myrouter.local`.
* readability: Improved CSS styling.
- Performance improvements in various areas:
* Loading config files
* Typing without any completion matches
* General keyboard handling
* Scrolling
- `:version` now shows details about the loaded autoconfig.yml/config.py.
- Hosts are now additionally looked up including their ports in netrc files.
- With Qt 5.10 or newer, qutebrowser now doesn't force software rendering with
Nouveau drivers anymore. However, QtWebEngine/Chromium still do so.
- The XSS Auditor is now disabled by default (`content.xss_auditing` =
`false`). This reflects a similar change in Chromium, see
their [XSS Auditor Design Document](https://www.chromium.org/developers/design-documents/xss-auditor) for details.

Fixed

- `:config-write-py` now correctly writes `config.unbind(...)` lines (instead
of `config.bind(..., None)`) when unbinding a default keybinding.
- Prevent repeat keyup events for JavaScript when a key is held down.
- The Makefile now rebuilds the manpage correctly.
- `~/.config/qutebrowser/blocked-hosts` can now also contain /etc/hosts-like
lines, not just simple hostnames.
- Restored compatibility with Jinja2 2.8 (e.g. used on Debian Stretch or Ubuntu
16.04 LTS).
- Fixed implicit type conversion warning with Python 3.8.
- The desktop file now sets `StartupWMClass` correctly, so the qutebrowser icon
is no longer shown twice in the Gnome dock when pinned.
- Bindings involving keys which need the AltGr key now work properly.
- Fixed crash (caused by a Qt bug) when typing characters above the Unicode BMP
(such as certain emoji or CJK characters).
- `dictcli.py` now works properly again.
- Shift can now be used while typing hint keystrings, which e.g. allows typing
number hints on French keyboards.
- With rapid hinting in number mode, backspace now edits the filter text after
following a hint.
- A certain type of error ("locking protocol") while initializing sqlite now
isn't handled as crash anymore.
- Crash when showing a permission request in certain scenarios.

Removed

- At least Python 3.5.2 is now required to run qutebrowser, support for 3.5.0
and 3.5.1 was dropped.

Added

- New settings:
* `colors.tabs.pinned.*` to control colors of pinned tabs.
* `hints.leave_on_load` which allows disabling leaving of hint mode when a
new page is loaded.
* `colors.completion.item.selected.match.fg` which allows configuring the
text color for the matching text in the currently selected completion item.
* `tabs.undo_stack_size` to limit how many undo entries are kept for closed tabs.
- New commands:
* `:reverse-selection` (`o` in caret mode) to swap the stationary/moving ends
of a selection.
- New commandline replacements:
* `{url:domain}`, `{url:auth}`, `{url:scheme}`, `{url:username}`,
`{url:password}`, `{url:host}`, `{url:port}`, `{url:path}`, `{url:query}`
for the respective parts of the current URL.
* `{title}` for the current page title.
- The `{title}` field in `tabs.title.format`, `tabs.title.format_pinned` and
`window.title_format` got renamed to `{current_title}` (mirroring
`{current_url}`) in order to not conflict with the new `{title}` commandline
replacement.
- New `delete` target for `:hint` which removes the hinted element from
the DOM.
- New `--config-py` commandline argument to use a custom `config.py` file.
- Qt 5.13: Support for notifications (shown via system tray).

Changed

- Updated dependencies for Windows/macOS releases:
- PyQt5 5.12.3 / PyQtWebEngine 5.12.1
- Qt 5.12.4, which includes security fixes up to Chromium 74.0.3729.157
- Python 3.7.4
- OpenSSL 1.1.1
- Note: This release includes Qt 5.12.4 instead of Qt 5.13.0 due to
[QTBUG-76913](https://bugreports.qt.io/browse/QTBUG-76913) causing frequent
segfaults with Qt 5.13. After Qt 5.13.1 is released, qutebrowser v1.8.0
will be released with an updated Qt.
- Completely revamped Windows installer which allows installing without admin
permissions and allows setting qutebrowser as default browser.
- The desktop file `qutebrowser.desktop` is now renamed to
`org.qutebrowser.qutebrowser.desktop`.
- Pinned tabs now always show a favicon (even if the site doesn't provide one)
when shrinking.
- Setting `downloads.location.directory` now changes the directory displayed in
the download prompt even if `downloads.location.remember` is set.
- The `yank` command gained a new `inline` argument, which allows to e.g. use
`:yank inline [{title}]({url})`.
- Duplicate consecutive history entries with the same URL are now ignored.
- More detailed error messages when spawning a process failed.
- The `content.pdfjs` setting now supports domain patterns.
- Improved process status output with `:spawn -o`.
- The `colors.tabs.bar.bg` setting is now of type `QssColor` and thus supports
gradients.
- The `:fullscreen` command now understands a new `--enter` flag which
causes it to always enter fullscreen instead of toggling the current
state.
- `--debug-flag stack` is now needed to show stack traces on renderer process
crashes.
- `--debug-flag chromium` can be used to easily turn on verbose Chromium logging.
- For runtime data (such as the IPC socket), a proper runtime path is now used
on BSD; only macOS/Windows continue to use the temporary directory.
- PDF.js is now also searched in `/app/share/pdf.js/` (for Flatpak)
- Permission prompts can now be answered with `Y` (`:prompt-accept --save yes`)
and `N` (`:prompt-accept --save no`) to save the answer as a per-domain
setting.
- `content.dns_prefetch` is now turned off by default, as it causes crashes
inside QtWebEngine.
- The (still unofficial) interceptor plugin API now contains `resource_type`
for a request and allows redirecting requests.
- `:bookmark-remove` now shows a message for consistency with `:bookmark-add`.
- Very early segfaults are now also caught by the crash handler.
- The appdata XML now contains proper release information and an (empty) OARS
content rating.
- Improved Linux distribution detection.
- Qt 5.13: Request filtering now happens in the UI rather than IO thread.
- Qt 5.13: Support for PDFium (Chromium's PDF viewer) is disabled for now so
that PDFs can still be downloaded (or shown with PDF.js) properly.
- Various performance improvements (e.g. for showing hints or the :open
completion).

Deprecated

- `:yank markdown` got deprecated, as `:yank inline [{title}]({url})` can now
be used instead.

Fixed

- Various QtWebEngine load signals are now handled differently, which should
fix issues with insert mode being left while typing on sites like Google
Translate.
- Race condition causing a colored statusbar in normal mode when
entering/exiting caret mode quickly.
- Using `100%` for a hue in a `hsv(...)` config value now corresponds to 359
(rather than 255), matching the fixed behavior in Qt 5.13.
- Chaining commands with `;;` used to abort with some failing commands. It now
runs the second command no matter whether the first one succeeded or not.
- Handling of profiles and private windows (and resulting crashes with Qt
5.12.2).
- Fixes for corner-cases when using `:navigate increment/decrement`.
- The type for the `colors.hints.match.fg` setting was changed to `QtColor`.
Gradients were never supported for this setting, and with this change, values
like `rgb(0, 0, 0)` now work as well.
- Permission prompts now show a properly normalized URL with QtWebKit.
- Crash on start when PyQt was built without SSL support with Qt >= 5.12.
- Minor memory leaks.