-
Currently all script message handlers are global, always connected, and managed by EphyEmbedShell. But this is only suitable for about half of them. It's OK to do this for message handlers that use Epiphany's private script world, because they are not accessible to web content and therefore it is harmless to leave them registered always. But Epiphany registers three other message handlers that *are* always accessible to web content. One reloads the current page, one reloads the page bypassing TLS errors, and one deletes web apps. Arbitrary websites should not be able to access these, but we cannot use a private script world because the message handlers need to be accessible to Epiphany's error pages and about:applications page. Fix this by registering these message handlers only immediately before displaying an error page or about:applications. The message handler will then be unregistered before the next page load, so it's no longer available ...