1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
https://bugs.gentoo.org/739354
From 71661b287297f328c2c5ad67e180a760f80850cb Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sat, 24 Oct 2020 15:34:12 -0700
Subject: Use WebKit sandboxing
* src/xwidget.c (Fmake_xwidget): Enable sandboxing if WebKit 2.26
or later. Do this early, as required for sandboxing (Bug#43071).
Co-authored-by: Qiantan Hong <qhong@mit.edu>
Copyright-paperwork-exempt: yes
---
src/xwidget.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/xwidget.c b/src/xwidget.c
index ea8987f..fb906d1 100644
--- a/src/xwidget.c
+++ b/src/xwidget.c
@@ -101,6 +101,13 @@
if (EQ (xw->type, Qwebkit))
{
block_input ();
+ WebKitWebContext *webkit_context = webkit_web_context_get_default ();
+
+# if WEBKIT_CHECK_VERSION (2, 26, 0)
+ if (!webkit_web_context_get_sandbox_enabled (webkit_context))
+ webkit_web_context_set_sandbox_enabled (webkit_context, TRUE);
+# endif
+
xw->widgetwindow_osr = gtk_offscreen_window_new ();
gtk_window_resize (GTK_WINDOW (xw->widgetwindow_osr), xw->width,
xw->height);
@@ -139,7 +146,7 @@
"load-changed",
G_CALLBACK (webkit_view_load_changed_cb), xw);
- g_signal_connect (G_OBJECT (webkit_web_context_get_default ()),
+ g_signal_connect (G_OBJECT (webkit_context),
"download-started",
G_CALLBACK (webkit_download_cb), xw);
|
GitWeb
