Bug 220117
| Summary: | [WPE][GTK] Remove webkit_web_context_set_sandbox_enabled() from modern API | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Michael Catanzaro <mcatanzaro> |
| Component: | WebKitGTK | Assignee: | Michael Catanzaro <mcatanzaro> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | bugs-noreply, mcatanzaro |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| See Also: |
https://bugs.webkit.org/show_bug.cgi?id=250231 https://bugs.webkit.org/show_bug.cgi?id=250232 |
||
| Bug Depends on: | 249034 | ||
| Bug Blocks: | 210100 | ||
Michael Catanzaro
webkit_web_context_set_sandbox_enabled() should not exist in the GTK 4 API. The sandbox should always be enabled, with no API function to disable it.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Michael Catanzaro
One more thing: we should crash if the application tries to allowlist / or /home or $HOME. We cannot prevent apps from allowlisting whatever they wish, but if they want to be stupid they should have to try somewhat harder than that.
Michael Catanzaro
Let's provide an environment variable as an out: disabling the sandbox is very useful for debugging purposes. But it should be much scarier than the current WEBKIT_FORCE_SANDBOX=0. I would name it WEBKIT_ALLOW_HACKING_ME=1 or something like that.
Michael Catanzaro
Pull request: https://github.com/WebKit/WebKit/pull/5944
EWS
Committed 259028@main (0f14b00d81e3): <https://commits.webkit.org/259028@main>
Reviewed commits have been landed. Closing PR #5944 and removing active labels.