From 35063c9e7c2f145fc4328cda53c9651a2ee73cf6 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@gnome.org>
Date: Wed, 5 Feb 2020 22:18:11 +0000
Subject: [PATCH] portalHelper: Enable WebKit sandbox if available

The portal helper is rather sensitive because potentially-hostile Wi-Fi
networks can decide to launch it whenever they want (by blocking the
user's connection to the nmcheck domain) and load whatever web content
they want into it. So having this unsandboxed is really extraordinarily
risky. Previously it was a risk we had to accept, because WebKit did not
have a web process sandbox, but now it does. So let's bubblewrap all the
things!

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/983
---
 js/portalHelper/main.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/js/portalHelper/main.js b/js/portalHelper/main.js
index b0e568dac..88adc1b8d 100644
--- a/js/portalHelper/main.js
+++ b/js/portalHelper/main.js
@@ -118,6 +118,10 @@ class PortalWindow extends Gtk.ApplicationWindow {
         this._webContext = WebKit.WebContext.new_ephemeral();
         this._webContext.set_cache_model(WebKit.CacheModel.DOCUMENT_VIEWER);
         this._webContext.set_network_proxy_settings(WebKit.NetworkProxyMode.NO_PROXY, null);
+        if (this._webContext.set_sandbox_enabled) {
+            // We have WebKitGTK 2.26 or newer.
+            this._webContext.set_sandbox_enabled(true);
+        }
 
         this._webView = WebKit.WebView.new_with_context(this._webContext);
         this._webView.connect('decide-policy', this._onDecidePolicy.bind(this));