It looks fine for me.

Maybe it should be added as a security patch for the 27.* branch.

On Thu, 27 Aug 2020 at 15:14, Paul Eggert <eggert@cs.ucla.edu> wrote:
Qiantan Hong suggested that Emacs should enable sandboxing in WebKit, for all
the usual security reasons. (Thanks, Qiantan!)

Attached is a proposed patch to implement that suggestion; it's a bit fancier
than what Qiantan originally proposed in
<https://lists.gnu.org/r/emacs-devel/2020-08/msg00896.html> because it checks
that WebKit 2.26 or later is in use, and it avoids a duplicate call to
webkit_web_context_get_default. I'm cc'ing this to Qiantan and to other recent
committers to xwidget.c, to get their opinions.