portalHelper: Enable WebKit sandbox if available
The portal helper is rather sensitive because potentially-hostile Wi-Fi networks can decide to launch it whenever they want (by blocking the user's connection to the nmcheck domain) and load whatever web content they want into it. So having this unsandboxed is really extraordinarily risky. Previously it was a risk we had to accept, because WebKit did not have a web process sandbox, but now it does. So let's bubblewrap all the things! https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/983
This commit is contained in:
parent
ded4586781
commit
35063c9e7c
@ -118,6 +118,10 @@ class PortalWindow extends Gtk.ApplicationWindow {
|
|||||||
this._webContext = WebKit.WebContext.new_ephemeral();
|
this._webContext = WebKit.WebContext.new_ephemeral();
|
||||||
this._webContext.set_cache_model(WebKit.CacheModel.DOCUMENT_VIEWER);
|
this._webContext.set_cache_model(WebKit.CacheModel.DOCUMENT_VIEWER);
|
||||||
this._webContext.set_network_proxy_settings(WebKit.NetworkProxyMode.NO_PROXY, null);
|
this._webContext.set_network_proxy_settings(WebKit.NetworkProxyMode.NO_PROXY, null);
|
||||||
|
if (this._webContext.set_sandbox_enabled) {
|
||||||
|
// We have WebKitGTK 2.26 or newer.
|
||||||
|
this._webContext.set_sandbox_enabled(true);
|
||||||
|
}
|
||||||
|
|
||||||
this._webView = WebKit.WebView.new_with_context(this._webContext);
|
this._webView = WebKit.WebView.new_with_context(this._webContext);
|
||||||
this._webView.connect('decide-policy', this._onDecidePolicy.bind(this));
|
this._webView.connect('decide-policy', this._onDecidePolicy.bind(this));
|
||||||
|
Loading…
Reference in New Issue
Block a user