Free temporary certificate in setcert

[surf.git] / surf.c

diff --git a/surf.c b/surf.c
index 93111d4..88dfd75 100644 (file)
--- a/surf.c
+++ b/surf.c
@@ -31,19 +31,21 @@
 
 #define LENGTH(x)               (sizeof(x) / sizeof(x[0]))
 #define CLEANMASK(mask)         (mask & (MODKEY|GDK_SHIFT_MASK))
+#define SETB(p, s)              [p] = { { .b = s }, }
+#define SETI(p, s)              [p] = { { .i = s }, }
+#define SETV(p, s)              [p] = { { .v = s }, }
+#define SETF(p, s)              [p] = { { .f = s }, }
+#define FSETB(p, s)             [p] = { { .b = s }, 1 }
+#define FSETI(p, s)             [p] = { { .i = s }, 1 }
+#define FSETV(p, s)             [p] = { { .v = s }, 1 }
+#define FSETF(p, s)             [p] = { { .f = s }, 1 }
+#define CSETB(p, s)             [p] = (Parameter){ { .b = s }, 1 }
+#define CSETI(p, s)             [p] = (Parameter){ { .i = s }, 1 }
+#define CSETV(p, s)             [p] = (Parameter){ { .v = s }, 1 }
+#define CSETF(p, s)             [p] = (Parameter){ { .f = s }, 1 }
 
 enum { AtomFind, AtomGo, AtomUri, AtomLast };
 
-enum {
-       CaretBrowsing,
-       FrameFlattening,
-       Geolocation,
-       JavaScript,
-       LoadImages,
-       Plugins,
-       ScrollBars,
-};
-
 enum {
        OnDoc   = WEBKIT_HIT_TEST_RESULT_CONTEXT_DOCUMENT,
        OnLink  = WEBKIT_HIT_TEST_RESULT_CONTEXT_LINK,
@@ -55,21 +57,57 @@ enum {
        OnAny   = OnDoc | OnLink | OnImg | OnMedia | OnEdit | OnBar | OnSel,
 };
 
+typedef enum {
+       AcceleratedCanvas,
+       CaretBrowsing,
+       Certificate,
+       CookiePolicies,
+       DiskCache,
+       DNSPrefetch,
+       FontSize,
+       FrameFlattening,
+       Geolocation,
+       HideBackground,
+       Inspector,
+       JavaScript,
+       KioskMode,
+       LoadImages,
+       MediaManualPlay,
+       Plugins,
+       PreferredLanguages,
+       RunInFullscreen,
+       ScrollBars,
+       ShowIndicators,
+       SiteQuirks,
+       SpellChecking,
+       SpellLanguages,
+       StrictTLS,
+       Style,
+       ZoomLevel,
+       ParameterLast,
+} ParamName;
+
 typedef union {
        int b;
        int i;
+       float f;
        const void *v;
 } Arg;
 
+typedef struct {
+       Arg val;
+       int force;
+} Parameter;
+
 typedef struct Client {
        GtkWidget *win;
        WebKitWebView *view;
        WebKitWebInspector *inspector;
        WebKitFindController *finder;
        WebKitHitTestResult *mousepos;
-       GTlsCertificateFlags tlsflags;
+       GTlsCertificateFlags tlserr;
        Window xid;
-       int progress, fullscreen;
+       int progress, fullscreen, https, insecure;
        const char *title, *overtitle, *targeturi;
        const char *needle;
        struct Client *next;
@@ -91,19 +129,28 @@ typedef struct {
        unsigned int stopevent;
 } Button;
 
+typedef struct {
+       const char *uri;
+       Parameter config[ParameterLast];
+       regex_t re;
+} UriParameters;
+
 typedef struct {
        char *regex;
-       char *style;
+       char *file;
        regex_t re;
-} SiteStyle;
+} SiteSpecific;
 
 /* Surf */
 static void usage(void);
 static void die(const char *errstr, ...);
 static void setup(void);
 static void sigchld(int unused);
+static void sighup(int unused);
 static char *buildfile(const char *path);
 static char *buildpath(const char *path);
+static const char *getuserhomedir(const char *user);
+static const char *getcurrentuserhomedir(void);
 static Client *newclient(Client *c);
 static void loaduri(Client *c, const Arg *a);
 static const char *geturi(Client *c);
@@ -114,8 +161,12 @@ static void gettogglestats(Client *c);
 static void getpagestats(Client *c);
 static WebKitCookieAcceptPolicy cookiepolicy_get(void);
 static char cookiepolicy_set(const WebKitCookieAcceptPolicy p);
+static void seturiparameters(Client *c, const char *uri);
+static void setparameter(Client *c, int refresh, ParamName p, const Arg *a);
+static const char *getcert(const char *uri);
+static void setcert(Client *c, const char *file);
 static const char *getstyle(const char *uri);
-static void setstyle(Client *c, const char *stylefile);
+static void setstyle(Client *c, const char *file);
 static void runscript(Client *c);
 static void evalscript(Client *c, const char *jsstr, ...);
 static void updatewinid(Client *c);
@@ -127,6 +178,7 @@ static void cleanup(void);
 
 /* GTK/WebKit */
 static WebKitWebView *newview(Client *c, WebKitWebView *rv);
+static void initwebextensions(WebKitWebContext *wc, Client *c);
 static GtkWidget *createview(WebKitWebView *v, WebKitNavigationAction *a,
                              Client *c);
 static gboolean buttonreleased(GtkWidget *w, GdkEvent *e, Client *c);
@@ -147,6 +199,8 @@ static gboolean decidepolicy(WebKitWebView *v, WebKitPolicyDecision *d,
 static void decidenavigation(WebKitPolicyDecision *d, Client *c);
 static void decidenewwindow(WebKitPolicyDecision *d, Client *c);
 static void decideresource(WebKitPolicyDecision *d, Client *c);
+static void insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e,
+                            Client *c);
 static void downloadstarted(WebKitWebContext *wc, WebKitDownload *d,
                             Client *c);
 static void responsereceived(WebKitDownload *d, GParamSpec *ps, Client *c);
@@ -160,14 +214,12 @@ static void reload(Client *c, const Arg *a);
 static void print(Client *c, const Arg *a);
 static void clipboard(Client *c, const Arg *a);
 static void zoom(Client *c, const Arg *a);
-static void scroll_v(Client *c, const Arg *a);
-static void scroll_h(Client *c, const Arg *a);
+static void scroll(Client *c, const Arg *a);
 static void navigate(Client *c, const Arg *a);
 static void stop(Client *c, const Arg *a);
 static void toggle(Client *c, const Arg *a);
 static void togglefullscreen(Client *c, const Arg *a);
 static void togglecookiepolicy(Client *c, const Arg *a);
-static void togglestyle(Client *c, const Arg *a);
 static void toggleinspector(Client *c, const Arg *a);
 static void find(Client *c, const Arg *a);
 
@@ -177,7 +229,7 @@ static void clicknewwindow(Client *c, const Arg *a, WebKitHitTestResult *h);
 static void clickexternplayer(Client *c, const Arg *a, WebKitHitTestResult *h);
 
 static char winid[64];
-static char togglestats[10];
+static char togglestats[11];
 static char pagestats[2];
 static Atom atoms[AtomLast];
 static Window embed;
@@ -185,8 +237,10 @@ static int showxid;
 static int cookiepolicy;
 static Display *dpy;
 static Client *clients;
+static GdkDevice *gdkkb;
 static char *stylefile;
 static const char *useragent;
+static Parameter *curconfig;
 char *argv0;
 
 /* configuration, allows nested code to access above variables */
@@ -195,8 +249,8 @@ char *argv0;
 void
 usage(void)
 {
-       die("usage: %s [-bBdDfFgGiIkKmMnNpPsSvx] [-a cookiepolicies ] "
-           "[-c cookiefile] [-e xid] [-r scriptfile] [-t stylefile] "
+       die("usage: %s [-bBdDfFgGiIkKmMnNpPsStTvx] [-a cookiepolicies ] "
+           "[-c cookiefile] [-C stylefile] [-e xid] [-r scriptfile] "
            "[-u useragent] [-z zoomlevel] [uri]\n", basename(argv0));
 }
 
@@ -214,41 +268,81 @@ die(const char *errstr, ...)
 void
 setup(void)
 {
-       int i;
+       GdkDisplay *gdpy;
+       int i, j;
 
        /* clean up any zombies immediately */
        sigchld(0);
-       gtk_init(NULL, NULL);
+       if (signal(SIGHUP, sighup) == SIG_ERR)
+               die("Can't install SIGHUP handler");
 
-       dpy = GDK_DISPLAY_XDISPLAY(gdk_display_get_default());
+       if (!(dpy = XOpenDisplay(NULL)))
+               die("Can't open default display");
 
        /* atoms */
        atoms[AtomFind] = XInternAtom(dpy, "_SURF_FIND", False);
        atoms[AtomGo] = XInternAtom(dpy, "_SURF_GO", False);
        atoms[AtomUri] = XInternAtom(dpy, "_SURF_URI", False);
 
+       gtk_init(NULL, NULL);
+
+       gdpy = gdk_display_get_default();
+
+       curconfig = defconfig;
+
        /* dirs and files */
        cookiefile = buildfile(cookiefile);
        scriptfile = buildfile(scriptfile);
        cachedir   = buildpath(cachedir);
+       certdir    = buildpath(certdir);
+
+       gdkkb = gdk_seat_get_keyboard(gdk_display_get_default_seat(gdpy));
+
+       for (i = 0; i < LENGTH(certs); ++i) {
+               if (!regcomp(&(certs[i].re), certs[i].regex, REG_EXTENDED)) {
+                       certs[i].file = g_strconcat(certdir, "/", certs[i].file,
+                                                   NULL);
+               } else {
+                       fprintf(stderr, "Could not compile regex: %s\n",
+                               certs[i].regex);
+                       certs[i].regex = NULL;
+               }
+       }
 
        if (!stylefile) {
                styledir = buildpath(styledir);
                for (i = 0; i < LENGTH(styles); ++i) {
-                       if (regcomp(&(styles[i].re), styles[i].regex,
+                       if (!regcomp(&(styles[i].re), styles[i].regex,
                            REG_EXTENDED)) {
-                               fprintf(stderr,
-                                       "Could not compile regex: %s\n",
+                               styles[i].file = g_strconcat(styledir, "/",
+                                                   styles[i].file, NULL);
+                       } else {
+                               fprintf(stderr, "Could not compile regex: %s\n",
                                        styles[i].regex);
                                styles[i].regex = NULL;
                        }
-                       styles[i].style = g_strconcat(styledir, "/",
-                                                     styles[i].style, NULL);
                }
                g_free(styledir);
        } else {
                stylefile = buildfile(stylefile);
        }
+
+       for (i = 0; i < LENGTH(uriparams); ++i) {
+               if (!regcomp(&(uriparams[i].re), uriparams[i].uri,
+                   REG_EXTENDED)) {
+                       /* copy default parameters if they are not already set
+                        * or if they are forced */
+                       for (j = 0; j < ParameterLast; ++j) {
+                               if (!uriparams[i].config[j].force ||
+                                   defconfig[j].force)
+                                       uriparams[i].config[j] = defconfig[j];
+                       }
+               } else {
+                       fprintf(stderr, "Could not compile regex: %s\n",
+                               uriparams[i].uri);
+                       uriparams[i].uri = NULL;
+               }
+       }
 }
 
 void
@@ -260,6 +354,16 @@ sigchld(int unused)
                ;
 }
 
+void
+sighup(int unused)
+{
+       Arg a = { .b = 0 };
+       Client *c;
+
+       for (c = clients; c; c = c->next)
+               reload(c, &a);
+}
+
 char *
 buildfile(const char *path)
 {
@@ -285,29 +389,59 @@ buildfile(const char *path)
        return fpath;
 }
 
+static const char*
+getuserhomedir(const char *user)
+{
+       struct passwd *pw = getpwnam(user);
+
+       if (!pw)
+               die("Can't get user %s login information.\n", user);
+
+       return pw->pw_dir;
+}
+
+static const char*
+getcurrentuserhomedir(void)
+{
+       const char *homedir;
+       const char *user;
+       struct passwd *pw;
+
+       homedir = getenv("HOME");
+       if (homedir)
+               return homedir;
+
+       user = getenv("USER");
+       if (user)
+               return getuserhomedir(user);
+
+       pw = getpwuid(getuid());
+       if (!pw)
+               die("Can't get current user home directory\n");
+
+       return pw->pw_dir;
+}
+
 char *
 buildpath(const char *path)
 {
-       struct passwd *pw;
        char *apath, *name, *p, *fpath;
+       const char *homedir;
 
        if (path[0] == '~') {
                if (path[1] == '/' || path[1] == '\0') {
                        p = (char *)&path[1];
-                       pw = getpwuid(getuid());
+                       homedir = getcurrentuserhomedir();
                } else {
                        if ((p = strchr(path, '/')))
                                name = g_strndup(&path[1], --p - path);
                        else
                                name = g_strdup(&path[1]);
 
-                       if (!(pw = getpwnam(name))) {
-                               die("Can't get user %s home directory: %s.\n",
-                                   name, path);
-                       }
+                       homedir = getuserhomedir(name);
                        g_free(name);
                }
-               apath = g_build_filename(pw->pw_dir, p, NULL);
+               apath = g_build_filename(homedir, p, NULL);
        } else {
                apath = g_strdup(path);
        }
@@ -334,7 +468,6 @@ newclient(Client *rc)
        clients = c;
 
        c->progress = 100;
-       c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1;
        c->view = newview(c, rc ? rc->view : NULL);
 
        return c;
@@ -350,7 +483,10 @@ loaduri(Client *c, const Arg *a)
        if (g_strcmp0(uri, "") == 0)
                return;
 
-       if (g_strrstr(uri, "://") || g_str_has_prefix(uri, "about:")) {
+       if (g_str_has_prefix(uri, "http://")  ||
+           g_str_has_prefix(uri, "https://") ||
+           g_str_has_prefix(uri, "file://")  ||
+           g_str_has_prefix(uri, "about:")) {
                url = g_strdup(uri);
        } else if (!stat(uri, &st) && (path = realpath(uri, NULL))) {
                url = g_strdup_printf("file://%s", path);
@@ -365,7 +501,6 @@ loaduri(Client *c, const Arg *a)
                reload(c, a);
        } else {
                webkit_web_view_load_uri(c->view, url);
-               c->title = geturi(c);
                updatetitle(c);
        }
 
@@ -418,7 +553,7 @@ updatetitle(Client *c)
        const char *name = c->overtitle ? c->overtitle :
                           c->title ? c->title : "";
 
-       if (showindicators) {
+       if (curconfig[ShowIndicators].val.b) {
                gettogglestats(c);
                getpagestats(c);
 
@@ -440,29 +575,32 @@ void
 gettogglestats(Client *c)
 {
        togglestats[0] = cookiepolicy_set(cookiepolicy_get());
-       togglestats[1] = enablecaretbrowsing ?   'C' : 'c';
-       togglestats[2] = allowgeolocation ?      'G' : 'g';
-       togglestats[3] = enablecache ?           'D' : 'd';
-       togglestats[4] = loadimages ?            'I' : 'i';
-       togglestats[5] = enablescripts ?         'S' : 's';
-       togglestats[6] = enableplugins ?         'V' : 'v';
-       togglestats[7] = enablestyle ?           'M' : 'm';
-       togglestats[8] = enableframeflattening ? 'F' : 'f';
-       togglestats[9] = '\0';
+       togglestats[1] = curconfig[CaretBrowsing].val.b ?   'C' : 'c';
+       togglestats[2] = curconfig[Geolocation].val.b ?     'G' : 'g';
+       togglestats[3] = curconfig[DiskCache].val.b ?       'D' : 'd';
+       togglestats[4] = curconfig[LoadImages].val.b ?      'I' : 'i';
+       togglestats[5] = curconfig[JavaScript].val.b ?      'S' : 's';
+       togglestats[6] = curconfig[Plugins].val.b ?         'V' : 'v';
+       togglestats[7] = curconfig[Style].val.b ?           'M' : 'm';
+       togglestats[8] = curconfig[FrameFlattening].val.b ? 'F' : 'f';
+       togglestats[9] = curconfig[StrictTLS].val.b ?       'T' : 't';
+       togglestats[10] = '\0';
 }
 
 void
 getpagestats(Client *c)
 {
-       pagestats[0] = c->tlsflags > G_TLS_CERTIFICATE_VALIDATE_ALL ? '-' :
-                      c->tlsflags > 0 ? 'U' : 'T';
+       if (c->https)
+               pagestats[0] = (c->tlserr || c->insecure) ?  'U' : 'T';
+       else
+               pagestats[0] = '-';
        pagestats[1] = '\0';
 }
 
 WebKitCookieAcceptPolicy
 cookiepolicy_get(void)
 {
-       switch (cookiepolicies[cookiepolicy]) {
+       switch (((char *)curconfig[CookiePolicies].val.v)[cookiepolicy]) {
        case 'a':
                return WEBKIT_COOKIE_POLICY_ACCEPT_NEVER;
        case '@':
@@ -471,7 +609,6 @@ cookiepolicy_get(void)
        case 'A':
                return WEBKIT_COOKIE_POLICY_ACCEPT_ALWAYS;
        }
-
 }
 
 char
@@ -486,7 +623,175 @@ cookiepolicy_set(const WebKitCookieAcceptPolicy p)
        case WEBKIT_COOKIE_POLICY_ACCEPT_ALWAYS:
                return 'A';
        }
+}
+
+void
+seturiparameters(Client *c, const char *uri)
+{
+       int i;
+
+       for (i = 0; i < LENGTH(uriparams); ++i) {
+               if (uriparams[i].uri &&
+                   !regexec(&(uriparams[i].re), uri, 0, NULL, 0)) {
+                       curconfig = uriparams[i].config;
+                       break;
+               }
+       }
 
+       for (i = 0; i < ParameterLast; ++i)
+               setparameter(c, 0, i, &curconfig[i].val);
+}
+
+void
+setparameter(Client *c, int refresh, ParamName p, const Arg *a)
+{
+       GdkRGBA bgcolor = { 0 };
+       WebKitSettings *s = webkit_web_view_get_settings(c->view);
+
+       switch (p) {
+       case AcceleratedCanvas:
+               webkit_settings_set_enable_accelerated_2d_canvas(s, a->b);
+               break;
+       case CaretBrowsing:
+               webkit_settings_set_enable_caret_browsing(s, a->b);
+               refresh = 0;
+               break;
+       case Certificate:
+               if (a->b)
+                       setcert(c, geturi(c));
+               return; /* do not update */
+       case CookiePolicies:
+               webkit_cookie_manager_set_accept_policy(
+                   webkit_web_context_get_cookie_manager(
+                   webkit_web_view_get_context(c->view)),
+                   cookiepolicy_get());
+               refresh = 0;
+               break;
+       case DiskCache:
+               webkit_web_context_set_cache_model(
+                   webkit_web_view_get_context(c->view), a->b ?
+                   WEBKIT_CACHE_MODEL_WEB_BROWSER :
+                   WEBKIT_CACHE_MODEL_DOCUMENT_VIEWER);
+               return; /* do not update */
+       case DNSPrefetch:
+               webkit_settings_set_enable_dns_prefetching(s, a->b);
+               return; /* do not update */
+       case FontSize:
+               webkit_settings_set_default_font_size(s, a->i);
+               return; /* do not update */
+       case FrameFlattening:
+               webkit_settings_set_enable_frame_flattening(s, a->b);
+               break;
+       case Geolocation:
+               refresh = 0;
+               break;
+       case HideBackground:
+               if (a->b)
+                       webkit_web_view_set_background_color(c->view, &bgcolor);
+               return; /* do not update */
+       case Inspector:
+               webkit_settings_set_enable_developer_extras(s, a->b);
+               return; /* do not update */
+       case JavaScript:
+               webkit_settings_set_enable_javascript(s, a->b);
+               break;
+       case KioskMode:
+               return; /* do nothing */
+       case LoadImages:
+               webkit_settings_set_auto_load_images(s, a->b);
+               break;
+       case MediaManualPlay:
+               webkit_settings_set_media_playback_requires_user_gesture(s, a->b);
+               break;
+       case Plugins:
+               webkit_settings_set_enable_plugins(s, a->b);
+               break;
+       case PreferredLanguages:
+               return; /* do nothing */
+       case RunInFullscreen:
+               return; /* do nothing */
+       case ScrollBars:
+               /* Disabled until we write some WebKitWebExtension for
+                * manipulating the DOM directly.
+               enablescrollbars = !enablescrollbars;
+               evalscript(c, "document.documentElement.style.overflow = '%s'",
+                   enablescrollbars ? "auto" : "hidden");
+               */
+               return; /* do not update */
+       case ShowIndicators:
+               break;
+       case SiteQuirks:
+               webkit_settings_set_enable_site_specific_quirks(s, a->b);
+               break;
+       case SpellChecking:
+               webkit_web_context_set_spell_checking_enabled(
+                   webkit_web_view_get_context(c->view), a->b);
+               return; /* do not update */
+       case SpellLanguages:
+               return; /* do nothing */
+       case StrictTLS:
+               webkit_web_context_set_tls_errors_policy(
+                   webkit_web_view_get_context(c->view), a->b ?
+                   WEBKIT_TLS_ERRORS_POLICY_FAIL :
+                   WEBKIT_TLS_ERRORS_POLICY_IGNORE);
+               break;
+       case Style:
+               if (a->b)
+                       setstyle(c, getstyle(geturi(c)));
+               else
+                       webkit_user_content_manager_remove_all_style_sheets(
+                           webkit_web_view_get_user_content_manager(c->view));
+               refresh = 0;
+               break;
+       case ZoomLevel:
+               webkit_web_view_set_zoom_level(c->view, a->f);
+               return; /* do not update */
+       default:
+               return; /* do nothing */
+       }
+
+       updatetitle(c);
+       if (refresh)
+               reload(c, a);
+}
+
+const char *
+getcert(const char *uri)
+{
+       int i;
+
+       for (i = 0; i < LENGTH(certs); ++i) {
+               if (certs[i].regex &&
+                   !regexec(&(certs[i].re), uri, 0, NULL, 0))
+                       return certs[i].file;
+       }
+
+       return NULL;
+}
+
+void
+setcert(Client *c, const char *uri)
+{
+       const char *file = getcert(uri);
+       char *host;
+       GTlsCertificate *cert;
+
+       if (!file)
+               return;
+
+       if (!(cert = g_tls_certificate_new_from_file(file, NULL))) {
+               fprintf(stderr, "Could not read certificate file: %s\n", file);
+               return;
+       }
+
+       uri = strstr(uri, "://") + sizeof("://") - 1;
+       host = strndup(uri, strstr(uri, "/") - uri);
+
+       webkit_web_context_allow_tls_certificate_for_host(
+           webkit_web_view_get_context(c->view), cert, host);
+       g_object_unref(cert);
+
+       free(host);
 }
 
 const char *
@@ -500,19 +805,19 @@ getstyle(const char *uri)
        for (i = 0; i < LENGTH(styles); ++i) {
                if (styles[i].regex &&
                    !regexec(&(styles[i].re), uri, 0, NULL, 0))
-                       return styles[i].style;
+                       return styles[i].file;
        }
 
        return "";
 }
 
 void
-setstyle(Client *c, const char *stylefile)
+setstyle(Client *c, const char *file)
 {
        gchar *style;
 
-       if (!g_file_get_contents(stylefile, &style, NULL, NULL)) {
-               fprintf(stderr, "Could not read style file: %s\n", stylefile);
+       if (!g_file_get_contents(file, &style, NULL, NULL)) {
+               fprintf(stderr, "Could not read style file: %s\n", file);
                return;
        }
 
@@ -569,39 +874,40 @@ newwindow(Client *c, const Arg *a, int noembed)
 {
        int i = 0;
        char tmp[64];
-       const char *cmd[26], *uri;
+       const char *cmd[28], *uri;
        const Arg arg = { .v = cmd };
 
        cmd[i++] = argv0;
        cmd[i++] = "-a";
-       cmd[i++] = cookiepolicies;
-       cmd[i++] = enablescrollbars ? "-B" : "-b";
+       cmd[i++] = curconfig[CookiePolicies].val.v;
+       cmd[i++] = curconfig[ScrollBars].val.b ? "-B" : "-b";
        if (cookiefile && g_strcmp0(cookiefile, "")) {
                cmd[i++] = "-c";
                cmd[i++] = cookiefile;
        }
-       cmd[i++] = enablecache ? "-D" : "-d";
+       if (stylefile && g_strcmp0(stylefile, "")) {
+               cmd[i++] = "-C";
+               cmd[i++] = stylefile;
+       }
+       cmd[i++] = curconfig[DiskCache].val.b ? "-D" : "-d";
        if (embed && !noembed) {
                cmd[i++] = "-e";
                snprintf(tmp, LENGTH(tmp), "%lu", embed);
                cmd[i++] = tmp;
        }
-       cmd[i++] = runinfullscreen ? "-F" : "-f";
-       cmd[i++] = allowgeolocation ? "-G" : "-g";
-       cmd[i++] = loadimages ? "-I" : "-i";
-       cmd[i++] = kioskmode ? "-K" : "-k";
-       cmd[i++] = enablestyle ? "-M" : "-m";
-       cmd[i++] = enableinspector ? "-N" : "-n";
-       cmd[i++] = enableplugins ? "-P" : "-p";
+       cmd[i++] = curconfig[RunInFullscreen].val.b ? "-F" : "-f" ;
+       cmd[i++] = curconfig[Geolocation].val.b ?     "-G" : "-g" ;
+       cmd[i++] = curconfig[LoadImages].val.b ?      "-I" : "-i" ;
+       cmd[i++] = curconfig[KioskMode].val.b ?       "-K" : "-k" ;
+       cmd[i++] = curconfig[Style].val.b ?           "-M" : "-m" ;
+       cmd[i++] = curconfig[Inspector].val.b ?       "-N" : "-n" ;
+       cmd[i++] = curconfig[Plugins].val.b ?         "-P" : "-p" ;
        if (scriptfile && g_strcmp0(scriptfile, "")) {
                cmd[i++] = "-r";
                cmd[i++] = scriptfile;
        }
-       cmd[i++] = enablescripts ? "-S" : "-s";
-       if (stylefile && g_strcmp0(stylefile, "")) {
-               cmd[i++] = "-t";
-               cmd[i++] = stylefile;
-       }
+       cmd[i++] = curconfig[JavaScript].val.b ? "-S" : "-s";
+       cmd[i++] = curconfig[StrictTLS].val.b ? "-T" : "-t";
        if (fulluseragent && g_strcmp0(fulluseragent, "")) {
                cmd[i++] = "-u";
                cmd[i++] = fulluseragent;
@@ -659,6 +965,7 @@ cleanup(void)
        g_free(scriptfile);
        g_free(stylefile);
        g_free(cachedir);
+       XCloseDisplay(dpy);
 }
 
 WebKitWebView *
@@ -675,17 +982,20 @@ newview(Client *c, WebKitWebView *rv)
                    webkit_web_view_new_with_related_view(rv));
        } else {
                settings = webkit_settings_new_with_settings(
-                          "auto-load-images", loadimages,
-                          "default-font-size", defaultfontsize,
-                          "enable-caret-browsing", enablecaretbrowsing,
-                          "enable-developer-extras", enableinspector,
-                          "enable-dns-prefetching", enablednsprefetching,
-                          "enable-frame-flattening", enableframeflattening,
-                          "enable-html5-database", enablecache,
-                          "enable-html5-local-storage", enablecache,
-                          "enable-javascript", enablescripts,
-                          "enable-plugins", enableplugins,
-                          NULL);
+                  "auto-load-images", curconfig[LoadImages].val.b,
+                  "default-font-size", curconfig[FontSize].val.i,
+                  "enable-caret-browsing", curconfig[CaretBrowsing].val.b,
+                  "enable-developer-extras", curconfig[Inspector].val.b,
+                  "enable-dns-prefetching", curconfig[DNSPrefetch].val.b,
+                  "enable-frame-flattening", curconfig[FrameFlattening].val.b,
+                  "enable-html5-database", curconfig[DiskCache].val.b,
+                  "enable-html5-local-storage", curconfig[DiskCache].val.b,
+                  "enable-javascript", curconfig[JavaScript].val.b,
+                  "enable-plugins", curconfig[Plugins].val.b,
+                  "enable-accelerated-2d-canvas", curconfig[AcceleratedCanvas].val.b,
+                  "enable-site-specific-quirks", curconfig[SiteQuirks].val.b,
+                  "media-playback-requires-user-gesture", curconfig[MediaManualPlay].val.b,
+                  NULL);
 /* For mor interesting settings, have a look at
  * http://webkitgtk.org/reference/webkit2gtk/stable/WebKitSettings.html */
 
@@ -709,13 +1019,13 @@ newview(Client *c, WebKitWebView *rv)
                 * or one for each view */
                webkit_web_context_set_process_model(context,
                    WEBKIT_PROCESS_MODEL_MULTIPLE_SECONDARY_PROCESSES);
-               /* ssl */
-               webkit_web_context_set_tls_errors_policy(context, strictssl ?
-                   WEBKIT_TLS_ERRORS_POLICY_FAIL :
+               /* TLS */
+               webkit_web_context_set_tls_errors_policy(context,
+                   curconfig[StrictTLS].val.b ? WEBKIT_TLS_ERRORS_POLICY_FAIL :
                    WEBKIT_TLS_ERRORS_POLICY_IGNORE);
                /* disk cache */
-               webkit_web_context_set_cache_model(context, enablecache ?
-                   WEBKIT_CACHE_MODEL_WEB_BROWSER :
+               webkit_web_context_set_cache_model(context,
+                   curconfig[DiskCache].val.b ? WEBKIT_CACHE_MODEL_WEB_BROWSER :
                    WEBKIT_CACHE_MODEL_DOCUMENT_VIEWER);
 
                /* Currently only works with text file to be compatible with curl */
@@ -726,9 +1036,18 @@ newview(Client *c, WebKitWebView *rv)
                webkit_cookie_manager_set_accept_policy(
                    webkit_web_context_get_cookie_manager(context),
                    cookiepolicy_get());
+               /* languages */
+               webkit_web_context_set_preferred_languages(context,
+                   curconfig[PreferredLanguages].val.v);
+               webkit_web_context_set_spell_checking_languages(context,
+                   curconfig[SpellLanguages].val.v);
+               webkit_web_context_set_spell_checking_enabled(context,
+                   curconfig[SpellChecking].val.b);
 
                g_signal_connect(G_OBJECT(context), "download-started",
                                 G_CALLBACK(downloadstarted), c);
+               g_signal_connect(G_OBJECT(context), "initialize-web-extensions",
+                                G_CALLBACK(initwebextensions), c);
 
                v = g_object_new(WEBKIT_TYPE_WEB_VIEW,
                    "settings", settings,
@@ -749,6 +1068,8 @@ newview(Client *c, WebKitWebView *rv)
                         G_CALLBACK(createview), c);
        g_signal_connect(G_OBJECT(v), "decide-policy",
                         G_CALLBACK(decidepolicy), c);
+       g_signal_connect(G_OBJECT(v), "insecure-content-detected",
+                        G_CALLBACK(insecurecontent), c);
        g_signal_connect(G_OBJECT(v), "load-changed",
                         G_CALLBACK(loadchanged), c);
        g_signal_connect(G_OBJECT(v), "mouse-target-changed",
@@ -761,6 +1082,12 @@ newview(Client *c, WebKitWebView *rv)
        return v;
 }
 
+void
+initwebextensions(WebKitWebContext *wc, Client *c)
+{
+       webkit_web_context_set_web_extensions_directory(wc, WEBEXTDIR);
+}
+
 GtkWidget *
 createview(WebKitWebView *v, WebKitNavigationAction *a, Client *c)
 {
@@ -846,7 +1173,7 @@ winevent(GtkWidget *w, GdkEvent *e, Client *c)
                updatetitle(c);
                break;
        case GDK_KEY_PRESS:
-               if (!kioskmode) {
+               if (!curconfig[KioskMode].val.b) {
                        for (i = 0; i < LENGTH(keys); ++i) {
                                if (gdk_keyval_to_lower(e->key.keyval) ==
                                    keys[i].keyval &&
@@ -882,8 +1209,7 @@ showview(WebKitWebView *v, Client *c)
        GdkWindow *gwin;
 
        c->finder = webkit_web_view_get_find_controller(c->view);
-       if (enableinspector)
-               c->inspector = webkit_web_view_get_inspector(c->view);
+       c->inspector = webkit_web_view_get_inspector(c->view);
 
        c->win = createwindow(c);
 
@@ -899,19 +1225,20 @@ showview(WebKitWebView *v, Client *c)
                puts(winid);
        }
 
-       if (hidebackground)
+       if (curconfig[HideBackground].val.b)
                webkit_web_view_set_background_color(c->view, &bgcolor);
 
-       if (!kioskmode) {
+       if (!curconfig[KioskMode].val.b) {
                gdk_window_set_events(gwin, GDK_ALL_EVENTS_MASK);
                gdk_window_add_filter(gwin, processx, c);
        }
 
-       if (runinfullscreen)
+       if (curconfig[RunInFullscreen].val.b)
                togglefullscreen(c, NULL);
 
-       if (zoomlevel != 1.0)
-               webkit_web_view_set_zoom_level(c->view, zoomlevel);
+       if (curconfig[ZoomLevel].val.f != 1.0)
+               webkit_web_view_set_zoom_level(c->view,
+                                              curconfig[ZoomLevel].val.f);
 
        setatom(c, AtomFind, "");
        setatom(c, AtomUri, "about:blank");
@@ -937,7 +1264,7 @@ createwindow(Client *c)
                gtk_window_set_role(GTK_WINDOW(w), wmstr);
                g_free(wmstr);
 
-               gtk_window_set_default_size(GTK_WINDOW(w), 800, 600);
+               gtk_window_set_default_size(GTK_WINDOW(w), winsize[0], winsize[1]);
        }
 
        g_signal_connect(G_OBJECT(w), "destroy",
@@ -957,22 +1284,24 @@ createwindow(Client *c)
 void
 loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c)
 {
+       const char *title = geturi(c);
+
        switch (e) {
        case WEBKIT_LOAD_STARTED:
-               c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1;
+               curconfig = defconfig;
+               setatom(c, AtomUri, title);
+               c->title = title;
+               c->https = c->insecure = 0;
+               seturiparameters(c, geturi(c));
                break;
        case WEBKIT_LOAD_REDIRECTED:
-               setatom(c, AtomUri, geturi(c));
+               setatom(c, AtomUri, title);
+               c->title = title;
+               seturiparameters(c, geturi(c));
                break;
        case WEBKIT_LOAD_COMMITTED:
-               if (!webkit_web_view_get_tls_info(c->view, NULL,
-                   &(c->tlsflags)))
-                       c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1;
-
-               setatom(c, AtomUri, geturi(c));
-
-               if (enablestyle)
-                       setstyle(c, getstyle(geturi(c)));
+               c->https = webkit_web_view_get_tls_info(c->view, NULL,
+                                                       &c->tlserr);
                break;
        case WEBKIT_LOAD_FINISHED:
                /* Disabled until we write some WebKitWebExtension for
@@ -1027,7 +1356,7 @@ gboolean
 permissionrequested(WebKitWebView *v, WebKitPermissionRequest *r, Client *c)
 {
        if (WEBKIT_IS_GEOLOCATION_PERMISSION_REQUEST(r)) {
-               if (allowgeolocation)
+               if (curconfig[Geolocation].val.b)
                        webkit_permission_request_allow(r);
                else
                        webkit_permission_request_deny(r);
@@ -1159,6 +1488,12 @@ decideresource(WebKitPolicyDecision *d, Client *c)
        }
 }
 
+void
+insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e, Client *c)
+{
+       c->insecure = 1;
+}
+
 void
 downloadstarted(WebKitWebContext *wc, WebKitDownload *d, Client *c)
 {
@@ -1236,27 +1571,49 @@ void
 zoom(Client *c, const Arg *a)
 {
        if (a->i > 0)
-               webkit_web_view_set_zoom_level(c->view, zoomlevel + 0.1);
+               webkit_web_view_set_zoom_level(c->view,
+                                              curconfig[ZoomLevel].val.f + 0.1);
        else if (a->i < 0)
-               webkit_web_view_set_zoom_level(c->view, zoomlevel - 0.1);
+               webkit_web_view_set_zoom_level(c->view,
+                                              curconfig[ZoomLevel].val.f - 0.1);
        else
                webkit_web_view_set_zoom_level(c->view, 1.0);
 
-       zoomlevel = webkit_web_view_get_zoom_level(c->view);
+       curconfig[ZoomLevel].val.f = webkit_web_view_get_zoom_level(c->view);
 }
 
 void
-scroll_v(Client *c, const Arg *a)
+scroll(Client *c, const Arg *a)
 {
-       evalscript(c, "window.scrollBy(0, %d * (window.innerHeight / 100))",
-                  a->i);
-}
+       GdkEvent *ev = gdk_event_new(GDK_KEY_PRESS);
 
-void
-scroll_h(Client *c, const Arg *a)
-{
-       evalscript(c, "window.scrollBy(%d * (window.innerWidth / 100), 0)",
-                  a->i);
+       gdk_event_set_device(ev, gdkkb);
+       ev->key.window = gtk_widget_get_window(GTK_WIDGET(c->win));
+       ev->key.state = GDK_CONTROL_MASK;
+       ev->key.time = GDK_CURRENT_TIME;
+
+       switch (a->i) {
+       case 'd':
+               ev->key.keyval = GDK_KEY_Down;
+               break;
+       case 'D':
+               ev->key.keyval = GDK_KEY_Page_Down;
+               break;
+       case 'l':
+               ev->key.keyval = GDK_KEY_Left;
+               break;
+       case 'r':
+               ev->key.keyval = GDK_KEY_Right;
+               break;
+       case 'U':
+               ev->key.keyval = GDK_KEY_Page_Up;
+               break;
+       case 'u':
+               ev->key.keyval = GDK_KEY_Up;
+               break;
+       }
+
+       gdk_event_put(ev);
 }
 
 void
@@ -1277,49 +1634,8 @@ stop(Client *c, const Arg *a)
 void
 toggle(Client *c, const Arg *a)
 {
-       WebKitSettings *s = webkit_web_view_get_settings(c->view);
-
-       switch ((unsigned int)a->i) {
-       case CaretBrowsing:
-               enablecaretbrowsing = !enablecaretbrowsing;
-               webkit_settings_set_enable_caret_browsing(s,
-                   enablecaretbrowsing);
-               updatetitle(c);
-               return; /* do not reload */
-               break;
-       case FrameFlattening:
-               enableframeflattening = !enableframeflattening;
-               webkit_settings_set_enable_frame_flattening(s,
-                   enableframeflattening);
-               break;
-       case Geolocation:
-               allowgeolocation = !allowgeolocation;
-               break;
-       case JavaScript:
-               enablescripts = !enablescripts;
-               webkit_settings_set_enable_javascript(s, enablescripts);
-               break;
-       case LoadImages:
-               loadimages = !loadimages;
-               webkit_settings_set_auto_load_images(s, loadimages);
-               break;
-       case Plugins:
-               enableplugins = !enableplugins;
-               webkit_settings_set_enable_plugins(s, enableplugins);
-               break;
-       case ScrollBars:
-               /* Disabled until we write some WebKitWebExtension for
-                * manipulating the DOM directly.
-               enablescrollbars = !enablescrollbars;
-               evalscript(c, "document.documentElement.style.overflow = '%s'",
-                   enablescrollbars ? "auto" : "hidden");
-               */
-               return; /* do not reload */
-               break;
-       default:
-               break;
-       }
-       reload(c, a);
+       curconfig[a->i].val.b ^= 1;
+       setparameter(c, 1, (ParamName)a->i, &curconfig[a->i].val);
 }
 
 void
@@ -1336,40 +1652,18 @@ void
 togglecookiepolicy(Client *c, const Arg *a)
 {
        ++cookiepolicy;
-       cookiepolicy %= strlen(cookiepolicies);
+       cookiepolicy %= strlen(curconfig[CookiePolicies].val.v);
 
-       webkit_cookie_manager_set_accept_policy(
-           webkit_web_context_get_cookie_manager(
-           webkit_web_view_get_context(c->view)),
-           cookiepolicy_get());
-
-       updatetitle(c);
-       /* Do not reload. */
-}
-
-void
-togglestyle(Client *c, const Arg *a)
-{
-       enablestyle = !enablestyle;
-
-       if (enablestyle)
-               setstyle(c, getstyle(geturi(c)));
-       else
-               webkit_user_content_manager_remove_all_style_sheets(
-                   webkit_web_view_get_user_content_manager(c->view));
-
-       updatetitle(c);
+       setparameter(c, 0, CookiePolicies, NULL);
 }
 
 void
 toggleinspector(Client *c, const Arg *a)
 {
-       if (enableinspector) {
-               if (webkit_web_inspector_is_attached(c->inspector))
-                       webkit_web_inspector_close(c->inspector);
-               else
-                       webkit_web_inspector_show(c->inspector);
-       }
+       if (webkit_web_inspector_is_attached(c->inspector))
+               webkit_web_inspector_close(c->inspector);
+       else if (curconfig[Inspector].val.b)
+               webkit_web_inspector_show(c->inspector);
 }
 
 void
@@ -1418,10 +1712,8 @@ clickexternplayer(Client *c, const Arg *a, WebKitHitTestResult *h)
 {
        Arg arg;
 
-       if (webkit_hit_test_result_get_context(h) & OnMedia) {
-               arg = (Arg)VIDEOPLAY(webkit_hit_test_result_get_media_uri(h));
-               spawn(c, &arg);
-       }
+       arg = (Arg)VIDEOPLAY(webkit_hit_test_result_get_media_uri(h));
+       spawn(c, &arg);
 }
 
 int
@@ -1435,91 +1727,97 @@ main(int argc, char *argv[])
        /* command line args */
        ARGBEGIN {
        case 'a':
-               cookiepolicies = EARGF(usage());
+               defconfig CSETV(CookiePolicies, EARGF(usage()));
                break;
        case 'b':
-               enablescrollbars = 0;
+               defconfig CSETB(ScrollBars, 0);
                break;
        case 'B':
-               enablescrollbars = 1;
+               defconfig CSETB(ScrollBars, 1);
                break;
        case 'c':
                cookiefile = EARGF(usage());
                break;
+       case 'C':
+               stylefile = EARGF(usage());
+               break;
        case 'd':
-               enablecache = 0;
+               defconfig CSETB(DiskCache, 0);
                break;
        case 'D':
-               enablecache = 1;
+               defconfig CSETB(DiskCache, 1);
                break;
        case 'e':
                embed = strtol(EARGF(usage()), NULL, 0);
                break;
        case 'f':
-               runinfullscreen = 0;
+               defconfig CSETB(RunInFullscreen, 0);
                break;
        case 'F':
-               runinfullscreen = 1;
+               defconfig CSETB(RunInFullscreen, 1);
                break;
        case 'g':
-               allowgeolocation = 0;
+               defconfig CSETB(Geolocation, 0);
                break;
        case 'G':
-               allowgeolocation = 1;
+               defconfig CSETB(Geolocation, 1);
                break;
        case 'i':
-               loadimages = 0;
+               defconfig CSETB(LoadImages, 0);
                break;
        case 'I':
-               loadimages = 1;
+               defconfig CSETB(LoadImages, 1);
                break;
        case 'k':
-               kioskmode = 0;
+               defconfig CSETB(KioskMode, 0);
                break;
        case 'K':
-               kioskmode = 1;
+               defconfig CSETB(KioskMode, 1);
                break;
        case 'm':
-               enablestyle = 0;
+               defconfig CSETB(Style, 0);
                break;
        case 'M':
-               enablestyle = 1;
+               defconfig CSETB(Style, 1);
                break;
        case 'n':
-               enableinspector = 0;
+               defconfig CSETB(Inspector, 0);
                break;
        case 'N':
-               enableinspector = 1;
+               defconfig CSETB(Inspector, 1);
                break;
        case 'p':
-               enableplugins = 0;
+               defconfig CSETB(Plugins, 0);
                break;
        case 'P':
-               enableplugins = 1;
+               defconfig CSETB(Plugins, 1);
                break;
        case 'r':
                scriptfile = EARGF(usage());
                break;
        case 's':
-               enablescripts = 0;
+               defconfig CSETB(JavaScript, 0);
                break;
        case 'S':
-               enablescripts = 1;
+               defconfig CSETB(JavaScript, 1);
                break;
        case 't':
-               stylefile = EARGF(usage());
+               defconfig CSETB(StrictTLS, 0);
+               break;
+       case 'T':
+               defconfig CSETB(StrictTLS, 1);
                break;
        case 'u':
-               useragent = EARGF(usage());
+               fulluseragent = EARGF(usage());
                break;
        case 'v':
-               die("surf-"VERSION", ©2009-2015 surf engineers, "
+               die("surf-"VERSION", ©2009-2017 surf engineers, "
                    "see LICENSE for details\n");
        case 'x':
                showxid = 1;
                break;
        case 'z':
-               zoomlevel = strtof(EARGF(usage()), NULL);
+               defconfig CSETF(ZoomLevel, strtof(EARGF(usage()), NULL));
                break;
        default:
                usage();