From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38190) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ej5CA-0007DX-Nh for guix-patches@gnu.org; Tue, 06 Feb 2018 10:30:11 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ej5C7-0000AY-HE for guix-patches@gnu.org; Tue, 06 Feb 2018 10:30:06 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:52561) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ej5C7-00009u-Cf for guix-patches@gnu.org; Tue, 06 Feb 2018 10:30:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ej5C7-0000lb-3E for guix-patches@gnu.org; Tue, 06 Feb 2018 10:30:03 -0500 Subject: [bug#30329] [PATCH] gnu: emacs: Build with xwidgets support. Resent-Message-ID: From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <87vaff12sj.fsf@gmail.com> <20180205215839.GA17317@jasmine.lan> Date: Tue, 06 Feb 2018 16:28:59 +0100 In-Reply-To: <20180205215839.GA17317@jasmine.lan> (Leo Famulari's message of "Mon, 5 Feb 2018 16:58:39 -0500") Message-ID: <87fu6e5e84.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Leo Famulari Cc: 30329@debbugs.gnu.org, Alex Vong Hello, Leo Famulari skribis: > On Sat, Feb 03, 2018 at 05:48:12AM +0800, Alex Vong wrote: >> Hi, >>=20 >> This patch adds xwidgets support to Emcas. So Emacs can now display GTK >> widgets. In particular, it can display webpages using webkitgtk. >>=20 >> Also, I use webkitgtk-2.4 instead of webkitgtk, because xwidgets >> requires libwebkitgtk-3.0 instead of libwebkitgtk-4.0 to >> build. > > Webkitgtk is very actively researched and exploited for security > problems. If this use of webkitgtk-2.4 would ever handle untrusted > input, it's not very safe. I don't use Emacs so I'm not sure what the > use case is for webkitgtk. > > For examples, you can check the security advisories published by the > Webkitgtk team: > > https://webkitgtk.org/news.html > > They publish an advisory after every release, and there are always > several fixed bugs allowing code execution by whoever supplies the input > (typically from a remote web server). That=E2=80=99s indeed a bit of a problem. Would be nice if it could use the latest webkitgtk series. Given that and the increase in closure size, I would prefer making it a separate =E2=80=9Cemacs-xwidgets=E2=80=9D package. WDYT? Thanks, Ludo=E2=80=99.