RESOLVED FIXED Bug 220117
[WPE][GTK] Remove webkit_web_context_set_sandbox_enabled() from modern API 
https://bugs.webkit.org/show_bug.cgi?id=220117
Summary [WPE][GTK] Remove webkit_web_context_set_sandbox_enabled() from modern API
Michael Catanzaro
Reported 2020-12-23 05:36:25 PST
webkit_web_context_set_sandbox_enabled() should not exist in the GTK 4 API. The sandbox should always be enabled, with no API function to disable it.
Attachments
Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2021-10-27 18:48:36 PDT
One more thing: we should crash if the application tries to allowlist / or /home or $HOME. We cannot prevent apps from allowlisting whatever they wish, but if they want to be stupid they should have to try somewhat harder than that.
Michael Catanzaro
Comment 2 2022-04-08 07:26:40 PDT
Let's provide an environment variable as an out: disabling the sandbox is very useful for debugging purposes. But it should be much scarier than the current WEBKIT_FORCE_SANDBOX=0. I would name it WEBKIT_ALLOW_HACKING_ME=1 or something like that.
Michael Catanzaro
Comment 3 2022-10-30 09:17:40 PDT
Pull request: https://github.com/WebKit/WebKit/pull/5944
EWS
Comment 4 2023-01-18 08:10:50 PST
Committed 259028@main (0f14b00d81e3): <https://commits.webkit.org/259028@main> Reviewed commits have been landed. Closing PR #5944 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.