Enabling Sandboxing for WebKitGTK Xwidgets

all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Qiantan Hong <qhong@mit.edu>
To: "emacs-devel@gnu.org" <emacs-devel@gnu.org>
Subject: Enabling Sandboxing for WebKitGTK Xwidgets
Date: Thu, 27 Aug 2020 01:57:20 +0000	[thread overview]
Message-ID: <0960AC5E-E5DD-4821-A9A3-A1E297058189@mit.edu> (raw)


[-- Attachment #1.1: Type: text/plain, Size: 341 bytes --]

Hi,

Currently the WebKitGTK Xwidgets don’t sandbox web processes,
which is a major security risk when using it to access contents from
Internet. A reference can be found at
https://blogs.gnome.org/mcatanzaro/2020/03/31/sandboxing-webkitgtk-apps/

A patch to enable sandboxing is attached.

Best,
Qiantan

qhong@mit.edu




[-- Attachment #1.2.1: Type: text/html, Size: 769 bytes --]

[-- Attachment #1.2.2: 0001-Enable-Sandboxing-for-WebKitGTK-Xwidgets.patch --]
[-- Type: application/octet-stream, Size: 1061 bytes --]

From 4f258f00092f633e2b8cff15ef4038f0b094b2ee Mon Sep 17 00:00:00 2001
From: Qiantan Hong <qhong@mit.edu>
Date: Wed, 26 Aug 2020 21:02:54 -0400
Subject: [PATCH] Enable Sandboxing for WebKitGTK Xwidgets

Call webkit_web_context_get_default () before creation of
the first WebKitWebView instance.
---
 src/xwidget.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/xwidget.c b/src/xwidget.c
index 154b3e9c82..5cfdcf234f 100644
--- a/src/xwidget.c
+++ b/src/xwidget.c
@@ -114,6 +114,13 @@ DEFUN ("make-xwidget",
   if (EQ (xw->type, Qwebkit))
     {
       block_input ();
+
+      WebKitWebContext * webkit_context = webkit_web_context_get_default ();
+      if (!webkit_web_context_get_sandbox_enabled (webkit_context))
+        {
+          webkit_web_context_set_sandbox_enabled (webkit_context, TRUE);
+        }
+
       xw->widgetwindow_osr = gtk_offscreen_window_new ();
       gtk_window_resize (GTK_WINDOW (xw->widgetwindow_osr), xw->width,
                          xw->height);
-- 
2.20.1 (Apple Git-117)


[-- Attachment #1.2.3: Type: text/html, Size: 2495 bytes --]

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 1858 bytes --]

next             reply	other threads:[~2020-08-27  1:57 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-27  1:57 Qiantan Hong [this message]
2020-08-27 13:18 ` Enabling Sandboxing for WebKitGTK Xwidgets Paul Eggert

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:154b3e9c8 dfblob:5cfdcf234 )
 OR (
bs:"Enable Sandboxing for WebKitGTK Xwidgets" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0960AC5E-E5DD-4821-A9A3-A1E297058189@mit.edu \
    --to=qhong@mit.edu \
    --cc=emacs-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.