-
Currently all script message handlers are global, always connected, and managed by EphyEmbedShell. But this is only suitable for about half of them. It's OK to do this for message handlers that use Epiphany's private script world, because they are not accessible to web content and therefore it is harmless to leave them registered always. But Epiphany registers three other message handlers that *are* always accessible to web content. One reloads the current page, one reloads the page bypassing TLS errors, and one deletes web apps. Arbitrary websites should not be able to access these, but we cannot use a private script world because the message handlers need to be accessible to Epiphany's error pages and about:applications page. Fix this by registering these message handlers only immediately before displaying an error page or about:applications. The message handler will then be unregistered before the next page load, so it's no longer available to websites. Note in the case of EphyAboutHandler, the load has already started, so we unregister the handler for the very next load. For the other two cases, the load will start imminently, so we should not unregister the handler until the load after that. Finally, note that message handlers only get unregistered when a future load does not itself require message handlers. That should be fine for any reasonably foreseeable future, but it would break if we ever intentionally wanted to make a message handler available to all websites, so leave a warning about this. Fixes #1664 Part-of: <GNOME/epiphany!1409>
