all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* Enabling Sandboxing for WebKitGTK Xwidgets
@ 2020-08-27  1:57 Qiantan Hong
  2020-08-27 13:18 ` Paul Eggert
  0 siblings, 1 reply; 2+ messages in thread
From: Qiantan Hong @ 2020-08-27  1:57 UTC (permalink / raw)
  To: emacs-devel@gnu.org


[-- Attachment #1.1: Type: text/plain, Size: 341 bytes --]

Hi,

Currently the WebKitGTK Xwidgets don’t sandbox web processes,
which is a major security risk when using it to access contents from
Internet. A reference can be found at
https://blogs.gnome.org/mcatanzaro/2020/03/31/sandboxing-webkitgtk-apps/

A patch to enable sandboxing is attached.

Best,
Qiantan

qhong@mit.edu




[-- Attachment #1.2.1: Type: text/html, Size: 769 bytes --]

[-- Attachment #1.2.2: 0001-Enable-Sandboxing-for-WebKitGTK-Xwidgets.patch --]
[-- Type: application/octet-stream, Size: 1061 bytes --]

From 4f258f00092f633e2b8cff15ef4038f0b094b2ee Mon Sep 17 00:00:00 2001
From: Qiantan Hong <qhong@mit.edu>
Date: Wed, 26 Aug 2020 21:02:54 -0400
Subject: [PATCH] Enable Sandboxing for WebKitGTK Xwidgets

Call webkit_web_context_get_default () before creation of
the first WebKitWebView instance.
---
 src/xwidget.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/xwidget.c b/src/xwidget.c
index 154b3e9c82..5cfdcf234f 100644
--- a/src/xwidget.c
+++ b/src/xwidget.c
@@ -114,6 +114,13 @@ DEFUN ("make-xwidget",
   if (EQ (xw->type, Qwebkit))
     {
       block_input ();
+
+      WebKitWebContext * webkit_context = webkit_web_context_get_default ();
+      if (!webkit_web_context_get_sandbox_enabled (webkit_context))
+        {
+          webkit_web_context_set_sandbox_enabled (webkit_context, TRUE);
+        }
+
       xw->widgetwindow_osr = gtk_offscreen_window_new ();
       gtk_window_resize (GTK_WINDOW (xw->widgetwindow_osr), xw->width,
                          xw->height);
-- 
2.20.1 (Apple Git-117)


[-- Attachment #1.2.3: Type: text/html, Size: 2495 bytes --]

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 1858 bytes --]

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: Enabling Sandboxing for WebKitGTK Xwidgets
  2020-08-27  1:57 Enabling Sandboxing for WebKitGTK Xwidgets Qiantan Hong
@ 2020-08-27 13:18 ` Paul Eggert
  0 siblings, 0 replies; 2+ messages in thread
From: Paul Eggert @ 2020-08-27 13:18 UTC (permalink / raw)
  To: Qiantan Hong; +Cc: Emacs Development

Thanks for the suggestion and patch. I opened an enhancement request here:

https://bugs.gnu.org/43071

and let's follow up there (this email has "Reply-To: 43071@debbugs.gnu.org" to 
help us do that).



^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-08-27 13:18 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-08-27  1:57 Enabling Sandboxing for WebKitGTK Xwidgets Qiantan Hong
2020-08-27 13:18 ` Paul Eggert

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.